I am trying to implement an ACL system in Odoo 13 like a filesystem:

- Folder;
- Document.

Each folder have documents and/or sub-folders.

Each folder has a parent_id.  We can navigate through them just like a filesystem.

How can I implement security using record rules or access rules?

- Access rules allow me to specify permissions over an object type only, not specific objects;
- Record Rules allow me to add additional security restrictions to some combination of group, model and domain.

I cannot, however, find a way to implement a rule like "No one has access to Folders or Documents" so that I can then implement specific rules over some folders and some documents.

Has anyone done this or can anyone give me some pointers on how to best implement this?

I would like to also implement some kind of inheritance (folder permissions applied to all subfolders and documents).

Thank you