v0.0.52 — Dashboard editor RBAC fix

Released: 2026-05-05.

v0.0.51 fixed the debounce-flush race, but a deeper bug remained: shared editors and org admins could enter edit mode, drag cards, click Done Editing — and the PATCH /layout never fired because the frontend save channel gated on is_owner, while the rest of the UI let owners and access_level === 'edit' callers enter edit mode.

The frontend gate is now aligned with the backend contract (_require_editor accepts owners + admin-override + edit-share):

const canSaveLayout = is_owner || access_level === 'edit'

Four integration tests pin the contract for both owner and non-owner-org-admin paths.