Resolution: Won't Fix
Affects Version/s: 6.1.0 CE GA1, 6.2.0 CE M4
Environment:LR Tomcat Bundle 6.1.0 CE GA1
LR tomcat bundle 6.2 CE M4
Using Permission algorithm 6
1) Create a folder with DELETE permission for site-members
2) Within that folder upload a file without DELETE permission for site members
3) Sign in with another user account (site member)
4) Delete the folder and the documents within will be gone as well (although you didn't have permissions to do that)
Steps for the Error in 6.2.0 CE M4
1) Create a user (email@example.com) who is a member of the Liferay site
2) Login with firstname.lastname@example.org
3) Add the document library portlet to the page
4) Add a folder "F01" give "Delete" permission for Site member
5) Add 3 documents to this folder "F01", File01, File02 and File03
6) Remove all the permissions for the three files for Site members except the "View" permission
7) Now login as email@example.com
8) Try to delete the folder, and it shows "ERROR: You do not have required permissions"
9) Navigate inside the folder and the firstname.lastname@example.org has permission to delete all the files
10) Delete all the 3 files of the folder. It allows to delete.
11) Now go and try to delete the folder "F01" and it again shows the ERROR.
This happens for "Update" permission as well. Also this happens for not-only "Site-member" but for any Role like "Power User".