Add Gate integration for roles and permissions

Introduces a Gate::before handler to support role and permission checks using Laravel's authorization system. Updates the README with usage examples and adds a test to verify that roles and permissions are respected by the new Gate integration.

Author: KroderDev

README.md

@@ -251,6 +251,26 @@ You no longer need to stack `jwt.auth` + `load.access` manually—just use `micr
 
 ---
 
+### Authorization
+
+This package hooks into Laravel's Gate so Blade directives work with your roles and permissions. Any ability is treated as a permission by default; prefix an ability with `role:` or `permission:` to be explicit.
+
+```blade
+@can('posts.create')
+    <!-- user can create posts -->
+@endcan
+
+@cannot('permission:posts.delete')
+    <!-- no delete rights -->
+@endcannot
+
+@canany(['role:admin', 'permission:posts.update'])
+    <!-- admin or user with update permission -->
+@endcanany
+```
+
+---
+
 ## Endpoints
 
 ### Health Check Endpoint

src/Providers/MicroserviceServiceProvider.php

@@ -4,8 +4,10 @@
 
 use Illuminate\Foundation\Http\Kernel;
 use Illuminate\Routing\Router;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Http;
 use Illuminate\Support\ServiceProvider;
+use Kroderdev\LaravelMicroserviceCore\Contracts\AccessUserInterface;
 use Kroderdev\LaravelMicroserviceCore\Contracts\ApiGatewayClientInterface;
 use Kroderdev\LaravelMicroserviceCore\Http\HealthCheckController;
 use Kroderdev\LaravelMicroserviceCore\Http\Middleware\LoadAccess;
@@ -47,6 +49,24 @@ public function boot(Router $router): void
 
         $aliases = config('microservice.middleware_aliases', []);
 
+        // Authorization gates
+        Gate::before(function ($user, string $ability) {
+            if (! $user instanceof AccessUserInterface) {
+                return null;
+            }
+
+            if (str_starts_with($ability, 'role:')) {
+                $role = substr($ability, 5);
+                return $user->hasRole($role);
+            }
+
+            if (str_starts_with($ability, 'permission:')) {
+                $ability = substr($ability, 11);
+            }
+
+            return $user->hasPermissionTo($ability);
+        });
+
         // JWT Middleware alias
         if (!empty($aliases['jwt_auth'])) {
             $router->aliasMiddleware($aliases['jwt_auth'], ValidateJwt::class);

tests/Auth/GateIntegrationTest.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace Tests\Auth;
+
+use Illuminate\Support\Facades\Gate;
+use Orchestra\Testbench\TestCase;
+use Kroderdev\LaravelMicroserviceCore\Providers\MicroserviceServiceProvider;
+use Kroderdev\LaravelMicroserviceCore\Auth\ExternalUser;
+
+class GateIntegrationTest extends TestCase
+{
+    protected function getPackageProviders($app)
+    {
+        return [MicroserviceServiceProvider::class];
+    }
+
+    /** @test */
+    public function gates_respect_roles_and_permissions()
+    {
+        $user = new ExternalUser(['id' => '1']);
+        $user->loadAccess(['admin'], ['posts.view']);
+        $this->be($user);
+
+        $this->assertTrue(Gate::allows('posts.view'));
+        $this->assertTrue(Gate::allows('permission:posts.view'));
+        $this->assertTrue(Gate::allows('role:admin'));
+        $this->assertFalse(Gate::allows('role:guest'));
+        $this->assertFalse(Gate::allows('posts.edit'));
+    }
+}