AFAIU when looking at the empty o.a.j.oak.plugins.observation.SecureValidator, security checks are not implemented for observation events yet?
Or is ACL evaluation implemented below, within the NodeStates that the ContentSession / ChangeDispatcher provide? In which case the SecureValidator can probably be removed. Cheers, Alex
