+Authorize AppConfig fragment writes against the allow-list `permission` (`ro`/`rw`) policy so a user can manage their own user-scope fragment while public/domain layers stay superadmin-only; fragment write endpoints move from superadmin-only to authenticated with per-write ownership checks (BEP-1052). |
0 commit comments