simplified schema and relations:
> definition folder {
> relation parent: folder
> relation reader : user | group#member
> permission read= reader + parent->read
> }
> definition group{
> relation user: user
> relation group: group#member
> permission member = user + group->user
> }
>
> folder:bottom#parent@folder:one_up
> folder:one_up#parent@folder:top
> group:1#member@user:1337
> folder:top#reader@group:1#member