Enforce record owner access for Update/Purge records
Bug Fix Issue: Currently any valid user with correct API permission can update or delete the record even though they are not part of the owner's ACL group.
Fix/Implementation: The solution is to check if the user is part of the owner's group before updating the record or purging the record.