[Description]:
If an user does have any permission on "Folder A", no permissions on "FolderB" and e.g. Editor permissions on "Folder C" containing a MS Office document,
he/she can trigger the Edit Online action - everything seems to work just fine:

• The document opens up in MS Office, he/she can make changes and save it without any error.
• MS Office says it has uploaded content on the server.
• Closing MS Office unlocks the document.
  Nothing is really saved on the Alfresco server. The modifier, modified date, minor version and content are unchanged.

>> Edit Online breaks if the user does not have at least Consumer permissions on all folders pointing to the document in question.

[Steps to reproduce]:
1.) Create folders in repository as below and upload test docx file.
Repository -> FolderA -> FolderB -> FolderC -> test.docx
2.) Give a user (abeecher) Consumer permission on FolderA and Editor permission on FolderC.
3.) Try "Edit Online" with test.docx ===> It works fine
4.) Break Permission inheritance on FolderB
5.) As abeecher can't see FolderB and C anymore in repository, access to docx file via URL and try "Edit Online" with test.docx
===> It looks working fine but document is not updated after save and close.

[Expected Behaviour]:
Abeecher should be able to edit online and save it to repository OR Abeecher should receive Warning that she doesn't have permission to edit online.

[Observed Behaviour]:
Abeecher was able to access edit online, save and close but document didn't get updated. There was no warning either.

[Analysis to date]:
1.) Issue reproduced on Alfresco v5.0.2
2.) Test document attached
3.) Fiddler trace showing the HTTP 200 for the PUT call attached
4.) Log snippet for Put call:

[http-apr-8080-exec-3] Entering AuthenticationFilter.
[http-apr-8080-exec-3] There is no user in the session.
[http-apr-8080-exec-3] Basic authentication details present in the header.
[http-apr-8080-exec-3] event:net.sf.acegisecurity.providers.dao.event.AuthenticationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken@f77aa09: Username: abeecher; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities]
[http-apr-8080-exec-3] Create the User environment for: abeecher
[http-apr-8080-exec-3] ------------------------------< WebDAV: LOCK >------------------------------
[http-apr-8080-exec-3] In Retrying transaction: LOCK 1457523701811
[http-apr-8080-exec-3] Finished WebDAV: LOCK
[http-apr-8080-exec-4] Entering AuthenticationFilter.
[http-apr-8080-exec-4] Found a session user: abeecher
[http-apr-8080-exec-4] ------------------------------< WebDAV: PUT >------------------------------
[http-apr-8080-exec-4] In Retrying transaction: PUT 1457523701870
[http-apr-8080-exec-4] Created system temporary directory: /opt/alfresco-5.0.2/tomcat/temp
[http-apr-8080-exec-4] Creating tmp file: /opt/alfresco-5.0.2/tomcat/temp/Alfresco/aos_request_2458779777013926322.bin
[http-apr-8080-exec-4] Finished WebDAV: PUT

5.) Screenshots demonstrating that the changes haven't been saved attached