One to Many relationship for single user model with various roles?

I'm designing a web application that has to have certain limitations on what the users can and can't do based on roles (student/supervisor/admin), I'm using devise and pundit and have a single user model with roles.

A student can only have 1 supervisor and a supervisor can have many students. I'm trying to implement a mailbox system (used mailboxer gem) where a student can only mail their supervisor and no other user.

How can this be achieved? I'm thinking of using the user id as a foreign key but can't get my head around doing so. Any answer is appreciated.

user.rb

class User < ActiveRecord::Base

  enum role: [:student, :supervisor, :admin]   after_initialize :set_default_role, :if => :new_record?


  def set_default_role
    self.role ||= :student   end

  def mailboxer_email(object)
    email   end

  # Include default devise modules. Others available are:   # :confirmable, :lockable, :timeoutable and :omniauthable   devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable,
         :confirmable, :lockable

  acts_as_messageable    
end

create_users.rb

class DeviseCreateUsers < ActiveRecord::Migration
  def change
    create_table(:users) do |t|
      ## Database authenticatable
      t.string   :name
      t.string   :email,              null: false, default: ""
      t.string   :encrypted_password, null: false, default: ""

      ## Recoverable
      t.string   :reset_password_token
      t.datetime :reset_password_sent_at

      ## Rememberable
      t.datetime :remember_created_at

      ## Trackable
      t.integer  :sign_in_count, default: 0, null: false
      t.datetime :current_sign_in_at
      t.datetime :last_sign_in_at
      t.string   :current_sign_in_ip
      t.string   :last_sign_in_ip

      ## Confirmable
      t.string   :confirmation_token
      t.datetime :confirmed_at
      t.datetime :confirmation_sent_at
      t.string   :unconfirmed_email # Only if using reconfirmable

      ## Lockable
      t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
      t.string   :unlock_token # Only if unlock strategy is :email or :both
      t.datetime :locked_at

      t.timestamps null: false
    end

    add_index :users, :email,                unique: true
    add_index :users, :reset_password_token, unique: true
    add_index :users, :confirmation_token,   unique: true
    add_index :users, :unlock_token,         unique: true
  end
end