Going directly to Bamboo's configureGlobalPermissions.action erases all permissions

Create a user and give them access to use restricted admin in Bamboo. As that user go directly to the path:

/builds/build/admin/configureGlobalPermissions.action

If you refresh the page or go to the view page, you won't have any permissions to do that because they will have been erased.
Effect: Data loss (in the form of who can do what), DoS (people can't use Bamboo), support costs (fixing it will be a PITA for our supporters).

This was first picked up in OnDemand, but I think it is a bamboo + webwork problem. Tim Moore was able to reproduce this on a bamboo 4 standalone instance.