implemented operation based permissions

core/lib/Http/Middleware/RouterMiddleware.php

@@ -7,6 +7,7 @@ use KTXC\Http\Response\Response;
 use KTXC\Routing\Router;
 use KTXC\Routing\Route;
 use KTXC\SessionIdentity;
+use KTXC\Security\Authorization\PermissionChecker;
 
 /**
  * Router middleware
@@ -16,7 +17,8 @@ class RouterMiddleware implements MiddlewareInterface
 {
     public function __construct(
         private readonly Router $router,
-        private readonly SessionIdentity $sessionIdentity
+        private readonly SessionIdentity $sessionIdentity,
+        private readonly PermissionChecker $permissionChecker
     ) {}
 
     public function process(Request $request, RequestHandlerInterface $handler): Response
@@ -37,6 +39,16 @@ class RouterMiddleware implements MiddlewareInterface
             );
         }
         
+        // Check permissions (if any specified)
+        if ($match->authenticated && !empty($match->permissions)) {
+            if (!$this->permissionChecker->canAny($match->permissions)) {
+                return new Response(
+                    Response::$statusTexts[Response::HTTP_FORBIDDEN], 
+                    Response::HTTP_FORBIDDEN
+                );
+            }
+        }
+        
         // Dispatch to the controller
         $response = $this->router->dispatch($match, $request);