Summary

It is possible to create child pages despite read-only restrictions on the parent page.

Steps to Reproduce

1. Create a user-a and user-b
2. Create a group-a and group-b
3. Add user-a to group-a and user-b to group-b
4. Create a Test Space
5. Add both, group-a and group-b to Test Space from Space Tools > Permissions
6. Both groups got all rights except for Space Admin (last column), at the same time, remove default confluence-users group permissions (for testing)
7. Log-out as admin and log-in as user-a
8. Create two pages, on one page, go to security and change from Unrestricted to Viewing and Editing restricted
9. Add group-a to restrictions page with view and edit permissions and group-b with view.
10. Leave the second page with default permissions
11. Log-out and log-in as users-b, go to Test Space and can still create child pages under both pages, regardless of security.

Expected Results

You can create child pages on the second unrestricted page, you can't create or modify child objects on page that is restricted as view

Actual Results

There is no difference in permissions for child object creation between two pages, the restriction applies only to an actual content on the page and not page tree.

Workaround

As described in CONFSERVER-30791 you can check if the page has an edit button, and if it doesn't, hide the create button. But it would not help if you pick your parent page from Page Tree upon creation.