Add repo hygiene rules and ignore secrets

server/src/Module/Permissions/Middleware/RequirePermission.php

@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Module\Permissions\Middleware;
+
+use App\Module\Permissions\Service\PermissionService;
+use App\Shared\Http\JsonResponder;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Slim\Psr7\Response;
+
+final class RequirePermission implements MiddlewareInterface
+{
+    public function __construct(
+        private PermissionService $permissions,
+        private string $permissionKey
+    ) {
+    }
+
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $user = $request->getAttribute('user');
+        if (!is_array($user) || !isset($user['id'])) {
+            return JsonResponder::withJson(new Response(), [
+                'error' => 'auth_required',
+                'message' => 'Authentifizierung erforderlich.'
+            ], 401);
+        }
+
+        if (!$this->permissions->can((int)$user['id'], $this->permissionKey)) {
+            return JsonResponder::withJson(new Response(), [
+                'error' => 'forbidden',
+                'message' => 'Keine Berechtigung für diese Aktion.',
+                'permission' => $this->permissionKey,
+            ], 403);
+        }
+
+        return $handler->handle($request);
+    }
+
+    public static function for(PermissionService $permissions, string $permissionKey): self
+    {
+        return new self($permissions, $permissionKey);
+    }
+}