feat: implement authorization gateway and global permission policy for action checks

Author: aspirantzhang

contexts/Authorization/Domain/Gateway/AuthorizationGateway.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Contexts\Authorization\Domain\Gateway;
+
+interface AuthorizationGateway
+{
+    public function canPerformAction(string $action): bool;
+}

contexts/Authorization/Domain/Policies/GlobalPermissionPolicy.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Contexts\Authorization\Domain\Policies;
+
+use App\Exceptions\BizException;
+use Contexts\Authorization\Domain\Gateway\AuthorizationGateway;
+use Contexts\Shared\Contracts\BaseAuthorizationPolicy;
+
+class GlobalPermissionPolicy implements BaseAuthorizationPolicy
+{
+    public function __construct(private string $action) {}
+
+    public static function canPerform(string $action)
+    {
+        return new self($action);
+    }
+
+    public function check(): void
+    {
+        $authorizationGateway = app(AuthorizationGateway::class);
+
+        if (! $authorizationGateway->canPerformAction($this->action)) {
+            throw BizException::make('You are not authorized to perform this action')->code(403);
+        }
+    }
+}

contexts/Authorization/Infrastructure/Adapters/AuthorizationAdapter.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Contexts\Authorization\Infrastructure\Adapters;
+
+use Contexts\Authorization\Contracts\V1\Services\GlobalPermissionService;
+use Contexts\Authorization\Domain\Gateway\AuthorizationGateway;
+
+class AuthorizationAdapter implements AuthorizationGateway
+{
+    public function __construct(
+        private GlobalPermissionService $globalPermissionService,
+    ) {}
+
+    public function canPerformAction(string $action): bool
+    {
+        return $this->globalPermissionService->checkPermission('authorization', $action);
+    }
+}

contexts/Authorization/Infrastructure/Configs/authorization.php

@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+use Contexts\Authorization\Domain\Policies\RolePolicy;
+
+return [
+    'context_default' => [
+        'handler' => RolePolicy::class,
+        'rules' => [
+            'roles' => ['admin'],
+        ],
+    ],
+
+    'actions' => [
+        'publish' => [
+            'handler' => RolePolicy::class,
+            'rules' => [
+                'roles' => ['admin'],
+            ],
+        ],
+    ],
+];

contexts/Authorization/Infrastructure/ServiceProvider.php

@@ -8,8 +8,10 @@
 use Contexts\Authorization\Application\Coordinators\GlobalPermissionServiceCoordinator;
 use Contexts\Authorization\Contracts\V1\Services\CurrentUserService;
 use Contexts\Authorization\Contracts\V1\Services\GlobalPermissionService;
+use Contexts\Authorization\Domain\Gateway\AuthorizationGateway;
 use Contexts\Authorization\Domain\Repositories\RoleRepository;
 use Contexts\Authorization\Domain\Repositories\UserRepository;
+use Contexts\Authorization\Infrastructure\Adapters\AuthorizationAdapter;
 use Contexts\Authorization\Infrastructure\Persistence\RolePersistence;
 use Contexts\Authorization\Infrastructure\Persistence\UserPersistence;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider;
@@ -48,6 +50,7 @@ public function map(): void
         $this->app->bind(UserRepository::class, UserPersistence::class);
         $this->app->bind(CurrentUserService::class, CurrentUserServiceCoordinator::class);
         $this->app->bind(GlobalPermissionService::class, GlobalPermissionServiceCoordinator::class);
+        $this->app->bind(AuthorizationGateway::class, AuthorizationAdapter::class);
     }
 
     public function provides(): array