How can I set a restricted shell for a user, while allowing cd to user-owned directories?

I've setup restricted shell(s) on an Arch-based system by creating /usr/local/bin/rzsh and /usr/local/bin/rbash: these scripts cd into /home/$USER and then invoke zsh -r and bash -r respectively, but I would like users in the restricted shells to be able to cd into directories the user(s) explicitly own (such as sub-directories of their home) but not necessarily everything they have read access to. - The context is a user that runs https://code.visualstudio.com/docs/remote/vscode-server - clients have terminal access and must be able to move between repositories, and execute some scripts that act upon repositories - However, I *do not* want users to have access to cd into or read files in system directories Is this possible with a restricted shell, and if not, can you recommend an approach to achieve a similar level of restriction?