fix filtered entity update bug

on update, when a user does not have update capability on some fields, the masked values were always saved which would mess the values.

lib/ACLMicroservicesBuilder.js

@@ -243,14 +243,14 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb
       } else {
 
         // also execute permission checks on the new attributes
-        self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_new', roles, context, true, function(err, filteredEntity) {
+        self.ACLMicroservicesBuilder._deepAuthorize(entityDef, args.ent, args.cmd, 'save_existing', roles, context, true, function(err, filteredEntity) {
 
           if(err) {
 
             callback(err, undefined)
 
           } else {
-
+            args.ent = filteredEntity
             merge(dbEntity, args.ent)
 
             delete args.perm$
@@ -281,6 +281,7 @@ ACLMicroservicesBuilder.prototype._executeSavePermissions = function(args, callb
       } else {
 
         delete args.perm$
+        args.ent = filteredEntity;
 
         self.prior(args, function(err, entity) {
           if(err) {
@@ -391,7 +392,6 @@ ACLMicroservicesBuilder.prototype._deepAuthorize = function(entityDef, entity, a
         } else if(!authDecision.authorize && authDecision.hard && action === 'list') {
           callback(error(self._seneca, authDecision), undefined)
         } else {
-
           // TODO: log
           callback(error(self._seneca, authDecision), undefined)
         }