How can I restrict 'Manage Aspects' to site manager role only?
Currently a site collaborator is able to remove Versionable aspect of a document that is not owned by them, and that results in all previous versions to vanish with no trace. This is a security issue in my opinion because a collaborator in one hand is not able to delete documents that are not owned by them, but on the other hand they can edit a document and remove its Versionable aspect to delete the history and leave no way to revert back.
You need to override the manage-aspect custom action and add an evaluate for group member ship.When we create site for each site few internal groups are created for each role.So evaluator.doclib.action.groupMembership OOB evaluator will not work as group for SiteManager is created dynamically for example if you have site named as account ,internally group will be created as site_account_SiteContributor.
For solution of this you need to create a custom evaluator.Take a reference of below mentioned file and you can create your own evaluator as per your requirement.