Enforce record owner access for Update/Purge records

Bug Fix Issue: Currently any valid user with correct API permission can update or delete the record even though they are not part of the owner's ACL group.

Fix/Implementation: The solution is to check if the user is part of the owner's group before updating the record or purging the record.