From 3d24bc74b184bd1719c843ad98ee7b6faf15e224 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Fri, 12 Feb 2016 12:57:36 +0100
Subject: [PATCH] only one token must match, see
 http://www.webdav.org/specs/rfc2518.html#rfc.section.9.4.2 [ci skip]

---
 .../cryptomator/webdav/jackrabbitservlet/WebDavServlet.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/main/frontend-webdav/src/main/java/org/cryptomator/webdav/jackrabbitservlet/WebDavServlet.java b/main/frontend-webdav/src/main/java/org/cryptomator/webdav/jackrabbitservlet/WebDavServlet.java
index 20ad8eac0..0767d5de6 100644
--- a/main/frontend-webdav/src/main/java/org/cryptomator/webdav/jackrabbitservlet/WebDavServlet.java
+++ b/main/frontend-webdav/src/main/java/org/cryptomator/webdav/jackrabbitservlet/WebDavServlet.java
@@ -120,10 +120,10 @@ public class WebDavServlet extends AbstractWebdavServlet {
 	}
 
 	private boolean hasCorrectLockTokens(DavSession session, DavResource resource) {
-		boolean access = true;
+		boolean access = false;
 		final String[] providedLockTokens = session.getLockTokens();
 		for (ActiveLock lock : resource.getLocks()) {
-			access &= ArrayUtils.contains(providedLockTokens, lock.getToken());
+			access |= ArrayUtils.contains(providedLockTokens, lock.getToken());
 		}
 		return access;
 	}