Dunno about a complete paper about that, but here are my thoughts.
- You obviously need to check at some point the whole path from the leaf to the root.
- I assume no permission rule introduction from the side (i.e. you're working on a tree, not a general graph).
- I assume lots of leafs on few "folder" nodes.
- I also assume that you have a method for including permissions (ORing on a bitmask) or excluding them (NOTANDing on a bitmask).
- Permissions are mostly granted to roles/groups, not individual users (in the latter case, you'd need to create s.th. like an "ad-hoc role/group" for that user).
- Permissions will not go up the tree, only down to the leafs.
Then I'd pre-calculate all permissions on folders from the root up and save them along with the folder nodes whenever some permissions on folders change (or a role is added, etc). When a specific file/leaf is called, you only have to check the files/leafs permissions and its folders permissions.
You could also mark some folders as "do not inherit permissions from parent", which may shorten your calculations when the root's permissions change...
This would make it cheap for the following operations:
- checking a leaf's permissions (join leaf and its parent permissions).
- changing the permissions of a folder which does not contain more folders.
Costly are these operations, but since they do not need to work on any leaf/file, they only need to touch a minor part of the whole tree:
- changing/extending the permission model (e.g. by adding a role/group, which might broaden your bitmask, depending on your implementation).
- changing the roots permissions.