Skill: Add Module Entitlement

Wire a module into the entitlement/permission system.

Steps

1. Define Permissions

In the module’s Domain layer, define the permissions this module requires:

enum {Module}Permission: string
{
    case VIEW = '{module}.view';
    case CREATE = '{module}.create';
    case EDIT = '{module}.edit';
    case DELETE = '{module}.delete';
    case MANAGE = '{module}.manage';
}

2. Register with Core

Add the module’s permissions to the core permission catalog.

3. Apply in Controllers

Check permissions in every mutating endpoint:

// In controller or middleware
$this->denyAccessUnlessGranted('{module}.create');

4. Apply in Queries

Respect permissions when querying data — some members may not have VIEW permission.

5. Test

• Test that unauthorized users get 403
• Test that authorized users can perform actions
• Test tenant scoping is not bypassed by permissions