Users without access are able perform bulk Add/Remove Assets using API

[Prajwal214]

Affected module
Does it impact the UI, backend or Ingestion Framework?
-- Backend

Describe the bug
A clear and concise description of what the bug is.
-- Users who do not have the necessary access permissions are able to perform bulk add or remove operations on assets through the API.

To Reproduce

Screenshots or steps to reproduce

curl -X PUT "http://localhost:8585/api/v1/teams/Test_Team1/assets/add" \
 -H "accept: application/json"\
 -H "authorization: Bearer Auth Token"\
 -H "content-type: application/json" \
 -d '{"assets":[{"deleted":false,"description":"","displayName":"Prajwal","fullyQualifiedName":"","href":"http://localhost:8585/api/v1/users/612b464b-99c5-4abe-b2a6-ed3987bba66b","id":"612b464b-99c5-4abe-b2a6-ed3987bba66b","inherited":false,"name":"prajwal1","type":"user"}]}' \

Expected behavior
A clear and concise description of what you expected to happen.
-- only the users with Access should be able to perform the action.

Version:

• OS: [e.g. iOS]
• Python version:
• OpenMetadata version: [e.g. 0.8] OM v1.5.6
• OpenMetadata Ingestion package version: [e.g. openmetadata-ingestion[docker]==XYZ]

Additional context
Add any other context about the problem here.