Subresource Authorization Context Gap

A recurring issue where subresource route security expressions fail to receive the parent entity in the expected variable/object form, so voter-based checks cannot resolve parent context and authorization defaults or denial behaviors break.