feat: Implement user permission checks and manual payment functionalities

- Added CheckUserPermissionQuery and CheckUserPermissionQueryHandler for permission validation.
- Introduced GetUserRolesQuery and GetUserRolesQueryHandler to retrieve user roles.
- Created IPermissionService interface and its implementation in PermissionService.
- Defined permission and role constants in PermissionDefinitions.
- Developed SetDefaultVatPercentageCommand and its handler for VAT configuration.
- Implemented GetCurrentVatPercentageQuery and handler to fetch current VAT settings.
- Added manual payment commands: CreateManualPayment, ApproveManualPayment, and RejectManualPayment with respective handlers and validators.
- Created GetManualPaymentsQuery and handler for retrieving manual payment records.
- Integrated gRPC services for manual payments with appropriate permission checks.
- Established Protobuf definitions for manual payment operations and metadata.

src/BackOffice.BFF.Application/Common/Models/PermissionDefinitions.cs

@@ -0,0 +1,133 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace BackOffice.BFF.Application.Common.Models;
+
+public static class RoleNames
+{
+    public const string SuperAdmin = "SuperAdmin";
+    public const string Admin = "Admin";
+    public const string Inspector = "Inspector";
+}
+
+public static class PermissionNames
+{
+    // Dashboard
+    public const string DashboardView = "dashboard.view";
+
+    // Orders
+    public const string OrdersView = "orders.view";
+    public const string OrdersCreate = "orders.create";
+    public const string OrdersUpdate = "orders.update";
+    public const string OrdersDelete = "orders.delete";
+    public const string OrdersCancel = "orders.cancel";
+    public const string OrdersApprove = "orders.approve";
+
+    // Products
+    public const string ProductsView = "products.view";
+    public const string ProductsCreate = "products.create";
+    public const string ProductsUpdate = "products.update";
+    public const string ProductsDelete = "products.delete";
+
+    // Users
+    public const string UsersView = "users.view";
+    public const string UsersUpdate = "users.update";
+    public const string UsersDelete = "users.delete";
+
+    // Commission / Withdrawal
+    public const string CommissionView = "commission.view";
+    public const string CommissionApproveWithdrawal = "commission.approve_withdrawal";
+
+    // Public Messages
+    public const string PublicMessagesView = "publicmessages.view";
+    public const string PublicMessagesCreate = "publicmessages.create";
+    public const string PublicMessagesUpdate = "publicmessages.update";
+    public const string PublicMessagesPublish = "publicmessages.publish";
+
+    // Manual Payments
+    public const string ManualPaymentsView = "manualpayments.view";
+    public const string ManualPaymentsCreate = "manualpayments.create";
+    public const string ManualPaymentsApprove = "manualpayments.approve";
+
+    // Settings / Configuration / VAT
+    public const string SettingsView = "settings.view";
+    public const string SettingsManageConfiguration = "settings.manage_configuration";
+    public const string SettingsManageVat = "settings.manage_vat";
+
+    // Reports
+    public const string ReportsView = "reports.view";
+}
+
+public static class RolePermissionConfig
+{
+    private static readonly IReadOnlyDictionary<string, string[]> RolePermissions =
+        new Dictionary<string, string[]>(StringComparer.OrdinalIgnoreCase)
+        {
+            // SuperAdmin: full access (wildcard)
+            [RoleNames.SuperAdmin] = new[] { "*" },
+
+            // Admin: مدیریت سفارش‌ها، محصولات، بخشی از کمیسیون و پیام‌ها
+            [RoleNames.Admin] = new[]
+            {
+                PermissionNames.DashboardView,
+
+                PermissionNames.OrdersView,
+                PermissionNames.OrdersCreate,
+                PermissionNames.OrdersUpdate,
+                PermissionNames.OrdersCancel,
+
+                PermissionNames.ProductsView,
+                PermissionNames.ProductsCreate,
+                PermissionNames.ProductsUpdate,
+                PermissionNames.ProductsDelete,
+
+                PermissionNames.UsersView,
+                PermissionNames.UsersUpdate,
+
+                PermissionNames.CommissionView,
+                PermissionNames.CommissionApproveWithdrawal,
+
+                PermissionNames.PublicMessagesView,
+                PermissionNames.PublicMessagesCreate,
+                PermissionNames.PublicMessagesUpdate,
+                PermissionNames.PublicMessagesPublish,
+
+                PermissionNames.ManualPaymentsView,
+                PermissionNames.ManualPaymentsCreate,
+
+                PermissionNames.ReportsView
+            },
+
+            // Inspector: فقط مشاهده
+            [RoleNames.Inspector] = new[]
+            {
+                PermissionNames.DashboardView,
+                PermissionNames.OrdersView,
+                PermissionNames.UsersView,
+                PermissionNames.CommissionView,
+                PermissionNames.PublicMessagesView,
+                PermissionNames.ReportsView
+            }
+        };
+
+    public static bool HasPermission(string role, string permission)
+    {
+        if (string.IsNullOrWhiteSpace(role) || string.IsNullOrWhiteSpace(permission))
+        {
+            return false;
+        }
+
+        if (!RolePermissions.TryGetValue(role, out var permissions))
+        {
+            return false;
+        }
+
+        if (permissions.Contains("*", StringComparer.OrdinalIgnoreCase))
+        {
+            return true;
+        }
+
+        return permissions.Contains(permission, StringComparer.OrdinalIgnoreCase);
+    }
+}