diff --git a/app/Containers/AppSection/Authorization/Actions/AttachPermissionsToUserAction.php b/app/Containers/AppSection/Authorization/Actions/AttachPermissionsToUserAction.php
new file mode 100644
index 000000000..aace13b92
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/Actions/AttachPermissionsToUserAction.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\Actions;
+
+use App\Containers\AppSection\Authorization\Tasks\AttachPermissionsToUserTask;
+use App\Containers\AppSection\Authorization\Tasks\FindPermissionTask;
+use App\Containers\AppSection\User\Models\User;
+use App\Containers\AppSection\Authorization\UI\API\Requests\AttachPermissionsToUserRequest;
+use App\Containers\AppSection\User\Tasks\FindUserByIdTask;
+use App\Ship\Parents\Actions\Action as ParentAction;
+
+class AttachPermissionsToUserAction extends ParentAction
+{
+    /**
+     * @param AttachPermissionsToUserRequest $request
+     * @return User
+     */
+    public function run(AttachPermissionsToUserRequest $request): User
+    {
+        $user = app(FindUserByIdTask::class)->run($request->id);
+
+        $permissionIds = (array)$request->permissions_ids;
+
+        $permissions = array_map(static function ($permissionId) {
+            return app(FindPermissionTask::class)->run($permissionId);
+        }, $permissionIds);
+
+        return app(AttachPermissionsToUserTask::class)->run($user, $permissions);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/Actions/DetachPermissionsFromUserAction.php b/app/Containers/AppSection/Authorization/Actions/DetachPermissionsFromUserAction.php
new file mode 100644
index 000000000..3ab634549
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/Actions/DetachPermissionsFromUserAction.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\Actions;
+
+use App\Containers\AppSection\Authorization\Tasks\DetachPermissionsFromRoleTask;
+use App\Containers\AppSection\Authorization\Tasks\DetachPermissionsFromUserTask;
+use App\Containers\AppSection\Authorization\Tasks\FindPermissionTask;
+use App\Containers\AppSection\Authorization\UI\API\Requests\DetachPermissionsFromUserRequest;
+use App\Containers\AppSection\User\Tasks\FindUserByIdTask;
+use App\Ship\Parents\Actions\Action as ParentAction;
+
+class DetachPermissionsFromUserAction extends ParentAction
+{
+    /**
+     * @param DetachPermissionsFromUserRequest $request
+     * @return \App\Containers\AppSection\User\Models\User
+     */
+    public function run(DetachPermissionsFromUserRequest $request)
+    {
+        $role = app(FindUserByIdTask::class)->run($request->id);
+
+        $permissions = array_map(static function ($permissionId) {
+            return app(FindPermissionTask::class)->run($permissionId);
+        }, $request->permissions_ids);
+
+        return app(DetachPermissionsFromUserTask::class)->run($role, $permissions);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/Actions/GetRolePermissionsAction.php b/app/Containers/AppSection/Authorization/Actions/GetRolePermissionsAction.php
new file mode 100644
index 000000000..ba4019597
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/Actions/GetRolePermissionsAction.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\Actions;
+
+use Apiato\Core\Exceptions\CoreInternalErrorException;
+use App\Containers\AppSection\Authorization\Tasks\FindRoleTask;
+use App\Containers\AppSection\Authorization\Tasks\GetAllRolesTask;
+use App\Containers\AppSection\Authorization\Tasks\GetRolePermissionsTask;
+use App\Containers\AppSection\Authorization\UI\API\Requests\GetAllRolesRequest;
+use App\Containers\AppSection\Authorization\UI\API\Requests\GetRolePermissionsRequest;
+use App\Ship\Parents\Actions\Action as ParentAction;
+use Prettus\Repository\Exceptions\RepositoryException;
+
+class GetRolePermissionsAction extends ParentAction
+{
+    /**
+     * @param GetRolePermissionsRequest $request
+     * @return mixed
+     */
+
+    public function run(GetRolePermissionsRequest $request): mixed
+    {
+        $role = app(FindRoleTask::class)->run($request->id);
+        return $role->permissions;
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/Actions/GetUserPermissionsAction.php b/app/Containers/AppSection/Authorization/Actions/GetUserPermissionsAction.php
new file mode 100644
index 000000000..35f6c914a
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/Actions/GetUserPermissionsAction.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\Actions;
+
+use Apiato\Core\Exceptions\CoreInternalErrorException;
+use App\Containers\AppSection\Authorization\UI\API\Requests\GetUserPermissionsRequest;
+use App\Containers\AppSection\User\Tasks\FindUserByIdTask;
+use App\Ship\Parents\Actions\Action as ParentAction;
+use Prettus\Repository\Exceptions\RepositoryException;
+
+class GetUserPermissionsAction extends ParentAction
+{
+    /**
+     * @param GetUserPermissionsRequest $request
+     * @return mixed
+     */
+    public function run(GetUserPermissionsRequest $request): mixed
+    {
+        $user = app(FindUserByIdTask::class)->run($request->id);
+        return $user->permissions;
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/Actions/GetUserRolesAction.php b/app/Containers/AppSection/Authorization/Actions/GetUserRolesAction.php
new file mode 100644
index 000000000..1027f3add
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/Actions/GetUserRolesAction.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\Actions;
+
+use Apiato\Core\Exceptions\CoreInternalErrorException;
+use App\Containers\AppSection\Authorization\UI\API\Requests\GetUserRolesRequest;
+use App\Containers\AppSection\User\Tasks\FindUserByIdTask;
+use App\Ship\Parents\Actions\Action as ParentAction;
+use Prettus\Repository\Exceptions\RepositoryException;
+
+class GetUserRolesAction extends ParentAction
+{
+    /**
+     * @throws CoreInternalErrorException
+     * @throws RepositoryException
+     */
+    public function run(GetUserRolesRequest $request): mixed
+    {
+        $user = app(FindUserByIdTask::class)->run($request->id);
+        return $user->roles;
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/Data/Seeders/AuthorizationPermissionsSeeder_1.php b/app/Containers/AppSection/Authorization/Data/Seeders/AuthorizationPermissionsSeeder_1.php
index f91672a5b..ec0d164bd 100644
--- a/app/Containers/AppSection/Authorization/Data/Seeders/AuthorizationPermissionsSeeder_1.php
+++ b/app/Containers/AppSection/Authorization/Data/Seeders/AuthorizationPermissionsSeeder_1.php
@@ -17,6 +17,7 @@ public function run(): void
         $createPermissionTask = app(CreatePermissionTask::class);
         foreach (array_keys(config('auth.guards')) as $guardName) {
             $createPermissionTask->run('manage-roles', 'Create, Update, Delete, Get All, Attach/detach permissions to Roles and Get All Permissions.', guardName: $guardName);
+            $createPermissionTask->run('manage-permissions', 'Create, Update, Delete, Get All, Attach/detach permissions to User.', guardName: $guardName);
             $createPermissionTask->run('create-admins', 'Create new Users (Admins) from the dashboard.', guardName: $guardName);
             $createPermissionTask->run('manage-admins-access', 'Assign users to Roles.', guardName: $guardName);
             $createPermissionTask->run('access-dashboard', 'Access the admins dashboard.', guardName: $guardName);
diff --git a/app/Containers/AppSection/Authorization/Tasks/AttachPermissionsToUserTask.php b/app/Containers/AppSection/Authorization/Tasks/AttachPermissionsToUserTask.php
new file mode 100644
index 000000000..20cbb96f5
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/Tasks/AttachPermissionsToUserTask.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\Tasks;
+
+use App\Containers\AppSection\Authorization\Models\Permission;
+use App\Containers\AppSection\User\Models\User;
+use App\Ship\Parents\Tasks\Task as ParentTask;
+use Illuminate\Contracts\Auth\Authenticatable;
+
+class AttachPermissionsToUserTask extends ParentTask
+{
+    /**
+     * @param User $user
+     * @param array|int|string|Permission $permissions
+     * @return Authenticatable
+     */
+    public function run(User $user, Permission|array|int|string $permissions): Authenticatable
+    {
+        return $user->givePermissionTo($permissions);;
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/Tasks/DetachPermissionsFromUserTask.php b/app/Containers/AppSection/Authorization/Tasks/DetachPermissionsFromUserTask.php
new file mode 100644
index 000000000..7f9fb01bd
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/Tasks/DetachPermissionsFromUserTask.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\Tasks;
+
+use App\Containers\AppSection\User\Models\User;
+use App\Ship\Parents\Tasks\Task as ParentTask;
+
+class DetachPermissionsFromUserTask extends ParentTask
+{
+    /**
+     * @param User $user
+     * @param array $permissions
+     * @return User
+     */
+    public function run(User $user, array $permissions): User
+    {
+        array_map(static function ($permission) use($user){
+            $user->revokePermissionTo($permission);
+        }, $permissions);
+
+        return $user;
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Controllers/AttachPermissionsToUserController.php b/app/Containers/AppSection/Authorization/UI/API/Controllers/AttachPermissionsToUserController.php
new file mode 100644
index 000000000..c6868f5d3
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Controllers/AttachPermissionsToUserController.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Controllers;
+
+use App\Containers\AppSection\Authorization\Actions\AttachPermissionsToUserAction;
+use App\Containers\AppSection\Authorization\UI\API\Requests\AttachPermissionsToUserRequest;
+use App\Containers\AppSection\User\UI\API\Transformers\UserTransformer;
+use App\Ship\Parents\Controllers\ApiController;
+
+class AttachPermissionsToUserController extends ApiController
+{
+    /**
+     * @param AttachPermissionsToUserRequest $request
+     * @return \App\Containers\AppSection\User\Models\User
+     */
+    public function attachPermissionsToUser(AttachPermissionsToUserRequest $request)
+    {
+        $user = app(AttachPermissionsToUserAction::class)->run($request);
+        return $this->transform($user, UserTransformer::class, ['permissions']);
+    }
+
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Controllers/DetachPermissionsFromUserController.php b/app/Containers/AppSection/Authorization/UI/API/Controllers/DetachPermissionsFromUserController.php
new file mode 100644
index 000000000..9240db299
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Controllers/DetachPermissionsFromUserController.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Controllers;
+
+use App\Containers\AppSection\Authorization\Actions\DetachPermissionsFromUserAction;
+use App\Containers\AppSection\Authorization\UI\API\Requests\DetachPermissionsFromUserRequest;
+use App\Containers\AppSection\User\UI\API\Transformers\UserTransformer;
+use App\Ship\Parents\Controllers\ApiController;
+
+class DetachPermissionsFromUserController extends ApiController
+{
+    /**
+     * @param DetachPermissionsFromUserRequest $request
+     * @return \App\Containers\AppSection\User\Models\User
+     */
+    public function detachPermissionFromUser(DetachPermissionsFromUserRequest $request)
+    {
+        $user = app(DetachPermissionsFromUserAction::class)->run($request);
+        return $this->transform($user, UserTransformer::class, ['permissions']);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Controllers/GetRolePermissionsController.php b/app/Containers/AppSection/Authorization/UI/API/Controllers/GetRolePermissionsController.php
new file mode 100644
index 000000000..461ca5435
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Controllers/GetRolePermissionsController.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Controllers;
+
+use App\Containers\AppSection\Authorization\Actions\GetRolePermissionsAction;
+use App\Containers\AppSection\Authorization\UI\API\Requests\GetRolePermissionsRequest;
+use App\Containers\AppSection\Authorization\UI\API\Transformers\PermissionTransformer;
+use App\Ship\Parents\Controllers\ApiController;
+
+class GetRolePermissionsController extends ApiController
+{
+    /**
+     * @param GetRolePermissionsRequest $request
+     * @return mixed
+     * @throws \Apiato\Core\Exceptions\CoreInternalErrorException
+     * @throws \Prettus\Repository\Exceptions\RepositoryException
+     */
+    public function getRolePermissions(GetRolePermissionsRequest $request)
+    {
+        $permission = app(GetRolePermissionsAction::class)->run($request);
+        return $this->transform($permission, PermissionTransformer::class);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Controllers/GetUserPermissionsController.php b/app/Containers/AppSection/Authorization/UI/API/Controllers/GetUserPermissionsController.php
new file mode 100644
index 000000000..b521634d3
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Controllers/GetUserPermissionsController.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Controllers;
+
+use App\Containers\AppSection\Authorization\Actions\GetUserPermissionsAction;
+use App\Containers\AppSection\Authorization\UI\API\Requests\GetUserPermissionsRequest;
+use App\Containers\AppSection\Authorization\UI\API\Transformers\PermissionTransformer;
+use App\Ship\Parents\Controllers\ApiController;
+
+class GetUserPermissionsController extends ApiController
+{
+    /**
+     * @param GetUserPermissionsRequest $request
+     * @return mixed
+     * @throws \Apiato\Core\Exceptions\CoreInternalErrorException
+     * @throws \Prettus\Repository\Exceptions\RepositoryException
+     */
+    public function getUserPermissions(GetUserPermissionsRequest $request)
+    {
+        $permission = app(GetUserPermissionsAction::class)->run($request);
+        return $this->transform($permission, PermissionTransformer::class);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Controllers/GetUserRolesController.php b/app/Containers/AppSection/Authorization/UI/API/Controllers/GetUserRolesController.php
new file mode 100644
index 000000000..a503cce6e
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Controllers/GetUserRolesController.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Controllers;
+
+use App\Containers\AppSection\Authorization\Actions\GetUserRolesAction;
+use App\Containers\AppSection\Authorization\UI\API\Requests\GetUserRolesRequest;
+use App\Containers\AppSection\Authorization\UI\API\Transformers\RoleTransformer;
+use App\Ship\Parents\Controllers\ApiController;
+
+class GetUserRolesController extends ApiController
+{
+    public function getUserRoles(GetUserRolesRequest $request)
+    {
+        $roles = app(GetUserRolesAction::class)->run($request);
+        return $this->transform($roles, RoleTransformer::class);
+    }
+
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Requests/AttachPermissionsToUserRequest.php b/app/Containers/AppSection/Authorization/UI/API/Requests/AttachPermissionsToUserRequest.php
new file mode 100644
index 000000000..a62822a81
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Requests/AttachPermissionsToUserRequest.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Requests;
+
+use App\Ship\Parents\Requests\Request as ParentRequest;
+
+class AttachPermissionsToUserRequest extends ParentRequest
+{
+    /**
+     * Define which Roles and/or Permissions has access to this request.
+     */
+    protected array $access = [
+        'permissions' => 'manage-permissions',
+        'roles' => '',
+    ];
+
+    /**
+     * Id's that needs decoding before applying the validation rules.
+     */
+    protected array $decode = [
+        'id',
+    ];
+
+    /**
+     * Defining the URL parameters (e.g, `/user/{id}`) allows applying
+     * validation rules on them and allows accessing them like request data.
+     */
+    protected array $urlParameters = [
+        'id',
+    ];
+
+    /**
+     * Get the validation rules that apply to the request.
+     */
+    public function rules(): array
+    {
+        return [
+            'permissions_ids' => 'required'
+        ];
+    }
+
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return $this->check([
+            'hasAccess',
+        ]);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Requests/DetachPermissionsFromUserRequest.php b/app/Containers/AppSection/Authorization/UI/API/Requests/DetachPermissionsFromUserRequest.php
new file mode 100644
index 000000000..adc6dd9c3
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Requests/DetachPermissionsFromUserRequest.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Requests;
+
+use App\Ship\Parents\Requests\Request as ParentRequest;
+
+class DetachPermissionsFromUserRequest extends ParentRequest
+{
+    /**
+     * Define which Roles and/or Permissions has access to this request.
+     */
+    protected array $access = [
+        'permissions' => 'manage-permissions',
+        'roles' => '',
+    ];
+
+    /**
+     * Id's that needs decoding before applying the validation rules.
+     */
+    protected array $decode = [
+        'id',
+    ];
+
+    /**
+     * Defining the URL parameters (e.g, `/user/{id}`) allows applying
+     * validation rules on them and allows accessing them like request data.
+     */
+    protected array $urlParameters = [
+        'id',
+    ];
+
+    /**
+     * Get the validation rules that apply to the request.
+     */
+    public function rules(): array
+    {
+        return [
+            'permissions_ids' => 'required',
+        ];
+    }
+
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return $this->check([
+            'hasAccess',
+        ]);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Requests/GetRolePermissionsRequest.php b/app/Containers/AppSection/Authorization/UI/API/Requests/GetRolePermissionsRequest.php
new file mode 100644
index 000000000..c0bd78d9f
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Requests/GetRolePermissionsRequest.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Requests;
+
+use App\Ship\Parents\Requests\Request as ParentRequest;
+
+class GetRolePermissionsRequest extends ParentRequest
+{
+    /**
+     * Define which Roles and/or Permissions has access to this request.
+     */
+    protected array $access = [
+        'permissions' => '',
+        'roles' => '',
+    ];
+
+    /**
+     * Id's that needs decoding before applying the validation rules.
+     */
+    protected array $decode = [
+        'id',
+    ];
+
+    /**
+     * Defining the URL parameters (e.g, `/user/{id}`) allows applying
+     * validation rules on them and allows accessing them like request data.
+     */
+    protected array $urlParameters = [
+        'id',
+    ];
+
+    /**
+     * Get the validation rules that apply to the request.
+     */
+    public function rules(): array
+    {
+        return [
+            'id' => 'required',
+        ];
+    }
+
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return $this->check([
+            'hasAccess',
+        ]);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Requests/GetUserPermissionsRequest.php b/app/Containers/AppSection/Authorization/UI/API/Requests/GetUserPermissionsRequest.php
new file mode 100644
index 000000000..66336915b
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Requests/GetUserPermissionsRequest.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Requests;
+
+use App\Ship\Parents\Requests\Request as ParentRequest;
+
+class GetUserPermissionsRequest extends ParentRequest
+{
+    /**
+     * Define which Roles and/or Permissions has access to this request.
+     */
+    protected array $access = [
+        'permissions' => '',
+        'roles' => '',
+    ];
+
+    /**
+     * Id's that needs decoding before applying the validation rules.
+     */
+    protected array $decode = [
+        'id',
+    ];
+
+    /**
+     * Defining the URL parameters (e.g, `/user/{id}`) allows applying
+     * validation rules on them and allows accessing them like request data.
+     */
+    protected array $urlParameters = [
+        'id',
+    ];
+
+    /**
+     * Get the validation rules that apply to the request.
+     */
+    public function rules(): array
+    {
+        return [
+            'id' => 'required',
+        ];
+    }
+
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return $this->check([
+            'hasAccess',
+        ]);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Requests/GetUserRolesRequest.php b/app/Containers/AppSection/Authorization/UI/API/Requests/GetUserRolesRequest.php
new file mode 100644
index 000000000..77dc94a62
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Requests/GetUserRolesRequest.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Requests;
+
+use App\Ship\Parents\Requests\Request as ParentRequest;
+
+class GetUserRolesRequest extends ParentRequest
+{
+    /**
+     * Define which Roles and/or Permissions has access to this request.
+     */
+    protected array $access = [
+        'permissions' => '',
+        'roles' => '',
+    ];
+
+    /**
+     * Id's that needs decoding before applying the validation rules.
+     */
+    protected array $decode = [
+        'id',
+    ];
+
+    /**
+     * Defining the URL parameters (e.g, `/user/{id}`) allows applying
+     * validation rules on them and allows accessing them like request data.
+     */
+    protected array $urlParameters = [
+        'id',
+    ];
+
+    /**
+     * Get the validation rules that apply to the request.
+     */
+    public function rules(): array
+    {
+        return [
+            // 'id' => 'required',
+        ];
+    }
+
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return $this->check([
+            'hasAccess',
+        ]);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Routes/AttachPermissionsToUser.v1.private.php b/app/Containers/AppSection/Authorization/UI/API/Routes/AttachPermissionsToUser.v1.private.php
new file mode 100644
index 000000000..4215a396d
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Routes/AttachPermissionsToUser.v1.private.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * @apiGroup           UserPermission
+ * @apiName            AssignPermissionsToUser
+ *
+ * @api                {GET} /v1/users/:id/permissions/attach Attach Permissions To User
+ * @apiDescription     Attach direct permissions to user
+ *
+ * @apiVersion         1.0.0
+ * @apiPermission      Authenticated ['permissions' => 'manage-permissions', 'roles' => '']
+ *
+ * @apiHeader          {String} accept=application/json
+ * @apiHeader          {String} authorization=Bearer
+ *
+ * @apiBody           {String} id user's id
+ * @apiBody           {Array} permission_ids Permission ID or Array of Permissions ID's
+ *
+ * @apiUse            UserSuccessSingleResponse
+ */
+
+use App\Containers\AppSection\Authorization\UI\API\Controllers\AttachPermissionsToUserController;
+use Illuminate\Support\Facades\Route;
+
+Route::post('users/{id}/permissions/attach', [AttachPermissionsToUserController::class, 'attachPermissionsToUser'])
+    ->middleware(['auth:api']);
+
diff --git a/app/Containers/AppSection/Authorization/UI/API/Routes/DetachPermissionsFromUser.v1.private.php b/app/Containers/AppSection/Authorization/UI/API/Routes/DetachPermissionsFromUser.v1.private.php
new file mode 100644
index 000000000..6ecdd9167
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Routes/DetachPermissionsFromUser.v1.private.php
@@ -0,0 +1,27 @@
+<?php
+
+/**
+ * @apiGroup           UserPermission
+ * @apiName            DetachPermissionFromUser
+ *
+ * @api                {POST} /v1/users/:id/permissions/detach Detach Permission From User
+ * @apiDescription     Detach direct permissions assigned to user.
+ *
+ * @apiVersion         1.0.0
+ * @apiPermission      Authenticated ['permissions' => 'manage-permissions', 'roles' => '']
+ *
+ * @apiHeader          {String} accept=application/json
+ * @apiHeader          {String} authorization=Bearer
+ *
+ * @apiBody           {String} id user's id
+ * @apiBody           {String-Array} permissions_ids Permission ID or Array of Permissions ID's
+ *
+ * @apiUse            UserSuccessSingleResponse
+ */
+
+use App\Containers\AppSection\Authorization\UI\API\Controllers\DetachPermissionsFromUserController;
+use Illuminate\Support\Facades\Route;
+
+Route::post('users/{id}/permissions/detach', [DetachPermissionsFromUserController::class, 'detachPermissionFromUser'])
+    ->middleware(['auth:api']);
+
diff --git a/app/Containers/AppSection/Authorization/UI/API/Routes/GetRolePermissions.v1.private.php b/app/Containers/AppSection/Authorization/UI/API/Routes/GetRolePermissions.v1.private.php
new file mode 100644
index 000000000..b8c9b1554
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Routes/GetRolePermissions.v1.private.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @apiGroup           RolePermission
+ * @apiName            GetRolePermissions
+ *
+ * @api                {GET} /v1/roles/:id/permissions Get Role Permissions
+ *
+ * @apiVersion         1.0.0
+ * @apiPermission      Authenticated ['permissions' => '', 'roles' => '']
+ *
+ * @apiHeader          {String} accept=application/json
+ * @apiHeader          {String} authorization=Bearer
+ *
+ * @apiParam           {String} id id of role
+ *
+ *  @apiUse            GeneralSuccessMultipleResponse
+ */
+
+use App\Containers\AppSection\Authorization\UI\API\Controllers\GetRolePermissionsController;
+use Illuminate\Support\Facades\Route;
+
+Route::get('roles/{id}/permissions', [GetRolePermissionsController::class, 'getRolePermissions'])
+    ->middleware(['auth:api']);
+
diff --git a/app/Containers/AppSection/Authorization/UI/API/Routes/GetUserPermissions.v1.private.php b/app/Containers/AppSection/Authorization/UI/API/Routes/GetUserPermissions.v1.private.php
new file mode 100644
index 000000000..e710c8171
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Routes/GetUserPermissions.v1.private.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @apiGroup           UserPermission
+ * @apiName            GetUserPermissions
+ *
+ * @api                {GET} /v1/users/:id/permissions Get User Permissions
+ *
+ * @apiVersion         1.0.0
+ * @apiPermission      Authenticated ['permissions' => '', 'roles' => '']
+ *
+ * @apiHeader          {String} accept=application/json
+ * @apiHeader          {String} authorization=Bearer
+ *
+ * @apiParam           {String} id id of user
+ *
+ * @apiUse             GeneralSuccessMultipleResponse
+ */
+
+use App\Containers\AppSection\Authorization\UI\API\Controllers\GetUserPermissionsController;
+use Illuminate\Support\Facades\Route;
+
+Route::get('users/{id}/permissions', [GetUserPermissionsController::class, 'getUserPermissions'])
+    ->middleware(['auth:api']);
+
diff --git a/app/Containers/AppSection/Authorization/UI/API/Routes/GetUserRoles.v1.private.php b/app/Containers/AppSection/Authorization/UI/API/Routes/GetUserRoles.v1.private.php
new file mode 100644
index 000000000..c0216fa6d
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Routes/GetUserRoles.v1.private.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @apiGroup           UserPermission
+ * @apiName            GetUserRoles
+ *
+ * @api                {GET} /v1/users/:id/roles Get User Roles
+ *
+ * @apiVersion         1.0.0
+ * @apiPermission      Authenticated ['permissions' => '', 'roles' => '']
+ *
+ * @apiHeader          {String} accept=application/json
+ * @apiHeader          {String} authorization=Bearer
+ *
+ * @apiParam           {String} id user id
+ *
+ * @apiUse             GeneralSuccessMultipleResponse
+ */
+
+use App\Containers\AppSection\Authorization\UI\API\Controllers\GetUserRolesController;
+use Illuminate\Support\Facades\Route;
+
+Route::get('users/{id}/roles', [GetUserRolesController::class, 'getUserRoles'])
+    ->middleware(['auth:api']);
+
diff --git a/app/Containers/AppSection/Authorization/UI/API/Routes/_userPermissions.v1.public.php b/app/Containers/AppSection/Authorization/UI/API/Routes/_userPermissions.v1.public.php
new file mode 100644
index 000000000..ad7811790
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Routes/_userPermissions.v1.public.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * @apiDefine UserPermissionsSuccessSingleResponse
+ * @apiSuccessExample {json} Success-Response:
+ * HTTP/1.1 200 OK
+ * {
+ *  "data":{
+ *      "object":"User",
+ *      "id":"eqwja3vw94kzmxr0",
+ *      "name":"Ali Kazmi",
+ *      "email":"ali@kazmi.me",
+ *      "email_verified_at": null,
+ *      "gender": "male",
+ *      "birth": "2022-02-02T00:00:00.000000Z",
+ *      "verification_date": null,
+ *      "created_at": "2022-06-14T06:19:18.000000Z",
+ *      "updated_at": "2022-06-14T06:25:00.000000Z",
+ *      "permissions":{
+ *          "data":[
+ *              {
+ *                  "object":"Permission",
+ *                  "id":"n9kq6345javb05je",
+ *                  "name":"est-sit-voluptatem",
+ *                  "description":null,
+ *                  "display_name":null
+ *              },
+ *              {
+ *                  "object":"Permission",
+ *                  "id":"999q6345javb05je",
+ *                  "name":"something-else",
+ *                  "description":null,
+ *                  "display_name":null
+ *              }
+ *          ]
+ *      }
+ *  },
+ *  "meta":{
+ *      "include":[
+ *
+ *      ],
+ *     "custom":[
+ *
+ *      ]
+ *  }
+ * }
+ */
+
diff --git a/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/AttachPermissionToUserTest.php b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/AttachPermissionToUserTest.php
new file mode 100644
index 000000000..30ac779c9
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/AttachPermissionToUserTest.php
@@ -0,0 +1,105 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Tests\Functional;
+
+use App\Containers\AppSection\Authorization\Models\Permission;
+use App\Containers\AppSection\Authorization\UI\API\Tests\ApiTestCase;
+use App\Containers\AppSection\User\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use phpDocumentor\Reflection\Types\Void_;
+
+/**
+ * Class AttachPermissionToUserTest.
+ *
+ * @group authorization
+ * @group api
+ */
+class AttachPermissionToUserTest extends ApiTestCase
+{
+    // the endpoint to be called within this test (e.g., get@v1/users)
+    protected string $endpoint = 'post@v1/users/{id}/permissions/attach';
+
+    // fake some access rights
+    protected array $access = [
+        'permissions' => 'manage-permissions',
+        'roles' => '',
+    ];
+
+    public function testAttachSinglePermissionToUser(): void
+    {
+        $user = User::factory()->create();
+
+        $permission = Permission::factory()->create();
+        $data = [
+            'permissions_ids' => $permission->id
+        ];
+
+        // send the HTTP request
+        $response = $this->injectId($user->id)->makeCall($data);
+
+        // assert the response status
+        $response->assertStatus(200);
+        $response->assertJson(
+            fn(AssertableJson $json) => $json->has('data')
+                ->where('data.object', 'User')
+                ->where('data.id', $user->getHashedKey())
+                ->has('data.permissions.data',1)
+                ->where('data.permissions.data.0.object', 'Permission')
+                ->where('data.permissions.data.0.id', $permission->getHashedKey())
+                ->etc()
+        );
+    }
+
+    public function testAttachMultiplePermissionsToUser(): void
+    {
+        $user = User::factory()->create();
+        $permissionA = Permission::factory()->create();
+        $permissionB = Permission::factory()->create();
+        $data = [
+            'permissions_ids' => [$permissionA->id, $permissionB->id]
+        ];
+
+        $response = $this->injectId($user->id)->makeCall($data);
+
+        $response->assertStatus(200);
+        $response->assertJson(
+            fn(AssertableJson $json) => $json->has('data')
+                ->where('data.object', 'User')
+                ->where('data.id', $user->getHashedKey())
+                ->has('data.permissions.data', 2)
+                ->where('data.permissions.data.0.object', 'Permission')
+                ->where('data.permissions.data.0.id', $permissionA->getHashedKey())
+                ->where('data.permissions.data.1.id', $permissionB->getHashedKey())
+                ->etc()
+        );
+    }
+
+    public function testAttachNonExistingPermissionToUser(): void
+    {
+        $user = User::factory()->create();
+        $invalidId = 3333;
+        $data = [
+            'permissions_ids' => $invalidId
+        ];
+
+        $response = $this->injectId($user->id)->makeCall($data);
+
+        $response->assertStatus(404);
+    }
+
+    public function testAttachPermissionToNonExistingUser(): void
+    {
+        $permission = Permission::factory()->create();
+        $invalidId = 7777;
+        $data = [
+            'permissions_ids' => $permission->id
+        ];
+
+        $response = $this->injectId($invalidId)->makeCall($data);
+
+        $response->assertStatus(404);
+    }
+}
+
+
+
diff --git a/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/DetachPermissionFromUserTest.php b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/DetachPermissionFromUserTest.php
new file mode 100644
index 000000000..b283f56eb
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/DetachPermissionFromUserTest.php
@@ -0,0 +1,109 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Tests\Functional;
+
+use App\Containers\AppSection\Authorization\Models\Permission;
+use App\Containers\AppSection\Authorization\UI\API\Tests\ApiTestCase;
+use App\Containers\AppSection\User\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Vinkla\Hashids\Facades\Hashids;
+
+/**
+ * Class DetachPermissionFromUserTest.
+ *
+ * @group authorization
+ * @group api
+ */
+class DetachPermissionFromUserTest extends ApiTestCase
+{
+    // the endpoint to be called within this test (e.g., get@v1/users)
+    protected string $endpoint = 'post@v1/users/{id}/permissions/detach';
+
+    // fake some access rights
+    protected array $access = [
+        'permissions' => 'manage-permissions',
+        'roles' => '',
+    ];
+
+
+    public function testDetachSinglePermissionFromUser(): void
+    {
+        $user = User::factory()->create();
+        $permissionA = Permission::factory()->create();
+        $permissionB = Permission::factory()->create();
+        $user->givePermissionTo([$permissionA, $permissionB]);
+
+        $data = [
+            'permissions_ids' => [$permissionA->id]
+        ];
+
+        // send the HTTP request
+        $response = $this->injectId($user->id)->makeCall($data);
+        // assert the response status
+        $response->assertStatus(200);
+        $response->assertJson(
+            fn(AssertableJson $json) => $json->has('data')
+                ->where('data.object', 'User')
+                ->where('data.id', $user->getHashedKey())
+                ->has('data.permissions.data',1)
+                ->where('data.permissions.data.0.object', 'Permission')
+                ->where('data.permissions.data.0.id', $permissionB->getHashedKey())
+                ->etc()
+        );
+    }
+
+    public function testDetachMultiplePermissionFromUser(): void
+    {
+        $user = User::factory()->create();
+        $permissionA = Permission::factory()->create();
+        $permissionB = Permission::factory()->create();
+        $permissionC = Permission::factory()->create();
+
+        $user->givePermissionTo([$permissionA, $permissionB, $permissionC]);
+
+        $data = [
+            'permissions_ids' => [$permissionA->id, $permissionB->id]
+        ];
+
+        // send the HTTP request
+        $response = $this->injectId($user->id)->makeCall($data);
+
+        // assert the response status
+        $response->assertStatus(200);
+        $response->assertJson(
+            fn(AssertableJson $json) => $json->has('data')
+                ->where('data.object', 'User')
+                ->where('data.id', $user->getHashedKey())
+                ->count('data.permissions.data', 1)
+                ->where('data.permissions.data.0.id', $permissionC->getHashedKey())
+                ->etc()
+        );
+    }
+
+    public function testDetachNonExistingPermissionFromUser()
+    {
+        $invalidId = 3333;
+        $user = User::factory()->create();
+        $data = [
+            'permissions_ids' => [Hashids::encode($invalidId)]
+        ];
+
+        $response = $this->injectId($user->id)->makeCall($data);
+
+        $response->assertStatus(404);
+    }
+
+    public function testDetachPermissionFromNonExistingUser()
+    {
+        $invalidId = 3333;
+        $permission = Permission::factory()->create();
+        $data = [
+            //'user_id' => Hashids::encode($invalidId),
+            'permissions_ids' => [$permission->getHashedKey()]
+        ];
+
+        $response = $this->injectId($invalidId)->makeCall($data);
+
+        $response->assertStatus(404);
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetRolePermissionsTest.php b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetRolePermissionsTest.php
new file mode 100644
index 000000000..07c6290e9
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetRolePermissionsTest.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Tests\Functional;
+
+use App\Containers\AppSection\Authorization\Models\Permission;
+use App\Containers\AppSection\Authorization\Models\Role;
+use App\Containers\AppSection\Authorization\UI\API\Tests\ApiTestCase;
+
+/**
+ * Class GetRolePermissionsTest.
+ *
+ * @group authorization
+ * @group api
+ */
+class GetRolePermissionsTest extends ApiTestCase
+{
+    // the endpoint to be called within this test (e.g., get@v1/users)
+    protected string $endpoint = 'get@v1/roles/{id}/permissions';
+
+    // fake some access rights
+    protected array $access = [
+        'permissions' => '',
+        'roles' => '',
+    ];
+
+    public function testGetRolePermissions(): void
+    {
+        $role = Role::factory()->create();
+        $permission = Permission::factory()->create();
+        $role->givePermissionTo([$permission]);
+        // send the HTTP request
+        $response = $this->injectId($role->id)->makeCall();
+        // assert the response status
+        $response->assertStatus(200);
+        $responseContent = $this->getResponseContentObject();
+        $this->assertEquals($permission->name, $responseContent->data[0]->name);
+
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetUserPermissionsTest.php b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetUserPermissionsTest.php
new file mode 100644
index 000000000..af9733832
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetUserPermissionsTest.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Tests\Functional;
+
+use App\Containers\AppSection\Authorization\Models\Permission;
+use App\Containers\AppSection\Authorization\UI\API\Tests\ApiTestCase;
+use App\Containers\AppSection\User\Models\User;
+
+/**
+ * Class GetUserPermissionsTest.
+ *
+ * @group authorization
+ * @group api
+ */
+class GetUserPermissionsTest extends ApiTestCase
+{
+    // the endpoint to be called within this test (e.g., get@v1/users)
+    protected string $endpoint = 'get@v1/users/{id}/permissions';
+
+    // fake some access rights
+    protected array $access = [
+        'permissions' => '',
+        'roles' => '',
+    ];
+
+    public function testGetUserPermissions(): void
+    {
+        $user = User::factory()->create();
+        $permission = Permission::factory()->create();
+        $user->givePermissionTo([$permission]);
+        // send the HTTP request
+        $response = $this->injectId($user->id)->makeCall();
+
+        // assert the response status
+        $response->assertStatus(200);
+        $responseContent = $this->getResponseContentObject();
+        $this->assertEquals($permission->name, $responseContent->data[0]->name);
+
+    }
+}
diff --git a/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetUserRolesTest.php b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetUserRolesTest.php
new file mode 100644
index 000000000..f112e61bf
--- /dev/null
+++ b/app/Containers/AppSection/Authorization/UI/API/Tests/Functional/GetUserRolesTest.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Containers\AppSection\Authorization\UI\API\Tests\Functional;
+
+use App\Containers\AppSection\Authorization\Models\Role;
+use App\Containers\AppSection\Authorization\UI\API\Tests\ApiTestCase;
+use App\Containers\AppSection\User\Models\User;
+
+/**
+ * Class GetUserRolesTest.
+ *
+ * @group authorization
+ * @group api
+ */
+class GetUserRolesTest extends ApiTestCase
+{
+    // the endpoint to be called within this test (e.g., get@v1/users)
+    protected string $endpoint = 'get@v1/users/{id}/roles';
+
+    // fake some access rights
+    protected array $access = [
+        'permissions' => '',
+        'roles' => '',
+    ];
+
+    public function testGetUserRoles(): void
+    {
+        $user = User::factory()->create();
+        $role = Role::factory()->create();
+        $user->assignRole($role);
+        // send the HTTP request
+        $response = $this->injectId($user->id)->makeCall();
+
+        // assert the response status
+        $response->assertStatus(200);
+        $responseContent = $this->getResponseContentObject();
+        $this->assertEquals($role->name, $responseContent->data[0]->name);
+
+    }
+}
diff --git a/app/Containers/AppSection/User/UI/API/Transformers/UserTransformer.php b/app/Containers/AppSection/User/UI/API/Transformers/UserTransformer.php
index 5b7cee1d2..980cf432b 100644
--- a/app/Containers/AppSection/User/UI/API/Transformers/UserTransformer.php
+++ b/app/Containers/AppSection/User/UI/API/Transformers/UserTransformer.php
@@ -2,6 +2,7 @@
 
 namespace App\Containers\AppSection\User\UI\API\Transformers;
 
+use App\Containers\AppSection\Authorization\UI\API\Transformers\PermissionTransformer;
 use App\Containers\AppSection\Authorization\UI\API\Transformers\RoleTransformer;
 use App\Containers\AppSection\User\Models\User;
 use App\Ship\Parents\Transformers\Transformer as ParentTransformer;
@@ -11,6 +12,7 @@ class UserTransformer extends ParentTransformer
 {
     protected array $availableIncludes = [
         'roles',
+        'permissions'
     ];
 
     protected array $defaultIncludes = [
@@ -42,4 +44,9 @@ public function includeRoles(User $user): Collection
     {
         return $this->collection($user->roles, new RoleTransformer());
     }
+
+    public function includePermissions(User $user): Collection
+    {
+        return $this->collection($user->permissions, new PermissionTransformer());
+    }
 }