The problem is that we pass the current session's principal to run the action which will just skip the deletion of the document on which the current user does not have READ permission granted.
A given user has the REMOVE permission on document A but has permission blocked on descendant document B. If the user deletes doc A, the doc B will remain in DB as an orphan (i.e. ancestors does not exist anymore)
We must run the DeletionAction as SYSTEM_USER