diff --git a/source/java/org/alfresco/rest/api/impl/NodesImpl.java b/source/java/org/alfresco/rest/api/impl/NodesImpl.java
index ffb04e5c53..c865d46905 100644
--- a/source/java/org/alfresco/rest/api/impl/NodesImpl.java
+++ b/source/java/org/alfresco/rest/api/impl/NodesImpl.java
@@ -1978,7 +1978,7 @@ public class NodesImpl implements Nodes
     }
 
     /**
-     * Posts activites based on the activity_type.
+     * Posts activities based on the activity_type.
      * If the method is called with aSync=true then a TransactionListener is used post the activity
      * afterCommit.  Otherwise the activity posting is done synchronously.
      * @param activity_type
@@ -2009,9 +2009,19 @@ public class NodesImpl implements Nodes
         }
     }
 
+    // note: see also org.alfresco.opencmis.ActivityPosterImpl
     protected ActivityInfo getActivityInfo(NodeRef parentNodeRef, NodeRef nodeRef)
     {
-        SiteInfo siteInfo = siteService.getSite(nodeRef);
+        // runAs system, eg. user may not have permission see one or more parents (irrespective of whether in a site context of not)
+        SiteInfo siteInfo = AuthenticationUtil.runAs(new RunAsWork<SiteInfo>()
+        {
+            @Override
+            public SiteInfo doWork() throws Exception
+            {
+                return siteService.getSite(nodeRef);
+            }
+        }, AuthenticationUtil.getSystemUserName());
+
         String siteId = (siteInfo != null ? siteInfo.getShortName() : null);
         if(siteId != null && !siteId.equals(""))
         {
diff --git a/source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java b/source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java
index b8f041293f..1959bd6aef 100644
--- a/source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java
+++ b/source/test-java/org/alfresco/rest/api/tests/NodeApiTest.java
@@ -3374,7 +3374,7 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
     public void testDownloadFileContent() throws Exception
     {
         setRequestContext(user1);
-        
+
         //
         // Test plain text
         //
@@ -3399,7 +3399,7 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
         assertEquals(MimetypeMap.MIMETYPE_TEXT_PLAIN, contentInfo.getMimeType());
 
         // Download text content - by default with Content-Disposition header
-        response = getSingle(NodesEntityResource.class, contentNodeId+"/content", null, 200);
+        response = getSingle(NodesEntityResource.class, contentNodeId + "/content", null, 200);
 
         String textContent = response.getResponse();
         assertEquals("The quick brown fox jumps over the lazy dog", textContent);
@@ -3481,6 +3481,69 @@ public class NodeApiTest extends AbstractSingleNetworkSiteTest
         getSingle(getNodeContentUrl(contentNodeId), null, null, headers, 304);
     }
 
+    /**
+     * Tests download of file/content - basic read permission
+     * <p>GET:</p>
+     * {@literal <host>:<port>/alfresco/api/-default-/public/alfresco/versions/1/nodes/<nodeId>/content}
+     */
+    @Test
+    public void testDownloadFileContentReadPermission() throws Exception
+    {
+        setRequestContext(user1);
+
+        String fileName = "quick-1.txt";
+        File file = getResourceFile(fileName);
+
+        MultiPartBuilder multiPartBuilder = MultiPartBuilder.create()
+                .setFileData(new FileData(fileName, file));
+        MultiPartRequest reqBody = multiPartBuilder.build();
+
+        // Upload text content
+        HttpResponse response = post(getNodeChildrenUrl(Nodes.PATH_MY), reqBody.getBody(), null, reqBody.getContentType(), 201);
+        Document document = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), Document.class);
+        String contentNodeId = document.getId();
+
+        // Download text content
+        response = getSingle(NodesEntityResource.class, contentNodeId+"/content", null, 200);
+        String textContent = response.getResponse();
+        assertEquals("The quick brown fox jumps over the lazy dog", textContent);
+
+        // Also test versions endpoint (1.0 in this case)
+        response = getSingle(NodesEntityResource.class, contentNodeId+"/versions/1.0/content", null, 200);
+        textContent = response.getResponse();
+        assertEquals("The quick brown fox jumps over the lazy dog", textContent);
+
+        // -ve test: user2 does not have read permission
+        setRequestContext(user2);
+        getSingle(NodesEntityResource.class, contentNodeId+"/content", null, 403);
+        getSingle(NodesEntityResource.class, contentNodeId+"/versions/1.0/content", null, 403);
+
+        // add Consumer (~ Read) permission
+        setRequestContext(user1);
+
+        Document dUpdate = new Document();
+        NodePermissions nodePermissions = new NodePermissions();
+        List<NodePermissions.NodePermission> locallySetPermissions = new ArrayList<>();
+        locallySetPermissions.add(new NodePermissions.NodePermission(user2, PermissionService.CONSUMER, AccessStatus.ALLOWED.toString()));
+        nodePermissions.setLocallySet(locallySetPermissions);
+        dUpdate.setPermissions(nodePermissions);
+
+        // update node
+        response = put(URL_NODES, contentNodeId, toJsonAsStringNonNull(dUpdate), null, 200);
+
+        setRequestContext(user2);
+
+        // Download text content
+        response = getSingle(NodesEntityResource.class, contentNodeId+"/content", null, 200);
+        textContent = response.getResponse();
+        assertEquals("The quick brown fox jumps over the lazy dog", textContent);
+
+        // Also test versions endpoint (1.0 in this case)
+        response = getSingle(NodesEntityResource.class, contentNodeId+"/versions/1.0/content", null, 200);
+        textContent = response.getResponse();
+        assertEquals("The quick brown fox jumps over the lazy dog", textContent);
+    }
+
     /**
      * Tests optional lookup of Allowable Operations (eg. when getting node info, listing node children, ...)
      *