implemented operation based permissions

shared/lib/Module/ModuleInstanceAbstract.php

@@ -46,4 +46,28 @@ abstract class ModuleInstanceAbstract implements ModuleInstanceInterface
         // Override in specific modules if needed
     }
 
+    /**
+     * Permissions provided by this module
+     * 
+     * @return array Permission definitions with metadata
+     * 
+     * @example
+     * return [
+     *     'user_manager.users.view' => [
+     *         'label' => 'View Users',
+     *         'description' => 'View user list and details',
+     *         'group' => 'User Management'
+     *     ],
+     *     'user_manager.users.*' => [
+     *         'label' => 'Full User Management',
+     *         'description' => 'All user management permissions',
+     *         'group' => 'User Management'
+     *     ]
+     * ];
+     */
+    public function permissions(): array
+    {
+        return [];
+    }
+
 }

shared/lib/Routing/Attributes/AuthenticatedRoute.php

@@ -7,6 +7,16 @@ use Attribute;
 #[Attribute(Attribute::TARGET_METHOD | Attribute::TARGET_CLASS)]
 class AuthenticatedRoute
 {
+    /**
+     * @param string $path Route path
+     * @param string $name Route name
+     * @param array $methods HTTP methods
+     * @param array $permissions Required permissions (OR logic - user needs ANY)
+     *                          Examples: 
+     *                          - ['user.profile.edit'] - exact permission
+     *                          - ['user_manager.users.*'] - wildcard permission
+     *                          - ['user.edit.own', 'user.edit.any'] - multiple options
+     */
     public function __construct(
         public readonly string $path,
         public readonly string $name,