Privileged `createMembership()` access
A forum posting revealed a problem with platform's createMembership() call (AccessControlService):
https://forum.dmx.systems/t/issue-with-creating-membership-through-admin-user-in-dmx-5-2/139
This is a bug.
createMembership() misses the 2-layered access mechanism (analogue to e.g. assignToWorkspace(), createUserAccount()):
- HTTP access -- all access checks performed.
- Privileged Java access -- no access checks performed. The caller is responsible for securing the request.