Hi Martin,
At first glance the "path to user" is the way to go for your requirements. It makes sure that only those users have access who are associated to a specific object via the path you configured. Make sure there is an association between the users and the projects and use that to manage access.
A warning however: this pattern is called multi-tenancy and it may be complex to manage.
I would recommend against introducing an "access" entity or other customized access control in most cases, because multi-tenancy is hard enough by itself and the complexity of extra customizations on top of this may be too much to handle.
I hope this helps.