Hi Dan,
The nature of an unlimited hierarchy doesn't lend itself well to XPath queries (or SQL queries as they ultimately are when run against the database).
Instead, I'd recommend that you keep your hierarchy association that administrators will be able to set, and then create a second many-to-many relationship that you maintain on commit of a change, which should be used for your XPath constraint. Whenever a change in supervisor is made, you'll want to "walk up the tree" from a user and add anyone who is their supervisor in the tree to the many-to-many relationship.
I've seen this design pattern work well in the past. But be wary of infinite loops when building this out - it can be easy to accidentally make a loop in your hierarchy.