Hi,
Unauthorized actions throw exceptions to the application, the application then rethrows the exception to the middleware. The middleware (the authorization middleware) has some builtin handlers to catch that exception. We can configure what handle used during the authorization-middleware setup. Check this here.
The MapResolver just maps what policy class to use for a resource(s) in a direct way. So, when you call the authorize method you pass as parameters the resource and the policy method to apply right? To do the authorization, the AuthorizationService will need a policy class to apply the policy in that resource. But what class use for that? To find that policy class, the service will use the policy resolver that was configured in the service initialization generally in your src/Application.php. Once found the policy class, the service executes the policy method that you passed in the authorized parameters.
That, you can solve in many ways. One is: use MapResolver to map all desired resources to one specific policy class.