feat(auth): add class-level permission support (#1405)

Author: Bapawe

packages/auth/src/Allow.php

@@ -7,7 +7,7 @@
 use Attribute;
 use UnitEnum;
 
-#[Attribute(Attribute::TARGET_METHOD)]
+#[Attribute(Attribute::TARGET_CLASS | Attribute::TARGET_METHOD)]
 final readonly class Allow
 {
     public function __construct(

packages/auth/src/AuthorizerMiddleware.php

@@ -24,10 +24,11 @@ public function __construct(
 
     public function __invoke(Request $request, HttpMiddlewareCallable $next): Response
     {
-        $attribute = $this->matchedRoute
+        $handler = $this->matchedRoute
             ->route
-            ->handler
-            ->getAttribute(Allow::class);
+            ->handler;
+
+        $attribute = $handler->getAttribute(Allow::class) ?? $handler->getDeclaringClass()->getAttribute(Allow::class);
 
         if ($attribute === null) {
             return $next($request);

tests/Fixtures/Controllers/AdminController.php

@@ -11,9 +11,9 @@
 use Tests\Tempest\Integration\Auth\Fixtures\CustomAuthorizer;
 use Tests\Tempest\Integration\Auth\Fixtures\UserPermissionUnitEnum;
 
+#[Allow(UserPermissionUnitEnum::ADMIN)]
 final readonly class AdminController
 {
-    #[Allow(UserPermissionUnitEnum::ADMIN)]
     #[Get('/admin')]
     public function admin(): Response
     {