# Middlewares

## Definition

A middleware provide a convenient mechanism for filtering HTTP requests entering your application.

{% hint style="info" %}
You can have more information about middleware in the [Laravel official documentation](https://laravel.com/docs/5.7/middleware).
{% endhint %}

## CheckPermissions

This middleware checks if the user has the permission to access a route. It checks :

* If the visiting module is active on the current domain
* If the user has at least one role that gives him access to the module
* If the user has the requested capacity or if he's admin

Use `uccello.permissions:capbilityName` to call this middleware.

```php
Route::get($domainAndModuleParams.'/list', 'Core\ListController@process')
    ->middleware('uccello.permissions:retrieve');

Route::get($domainAndModuleParams.'/edit', 'Core\EditController@process')
    ->middlewre('uccello.permissions:retrieve');
```

### Default capabilities

| Name         | Description                                                                                                                         |
| ------------ | ----------------------------------------------------------------------------------------------------------------------------------- |
| **retrieve** | Allows to access to the List View and the Detail View.                                                                              |
| **create**   | Allows to access to the Edit View for creating a new record.                                                                        |
| **update**   | Allows to access to the Edit View for updating an existing record.                                                                  |
| **delete**   | Allows to delete a record.                                                                                                          |
| **admin**    | Allows to manage a module. If the user has can edit profiles, the admin capability allows him to give access to the related module. |

### API capabilities

{% hint style="info" %}
These capabilities are part of the [uccello/uccello-api](https://github.com/uccellolabs/uccello-api) package but are managed natively by Uccello.
{% endhint %}

| Name             | Description                                                         |
| ---------------- | ------------------------------------------------------------------- |
| **api-retrieve** | Allows to list records and the the detail of a record with the API. |
| **api-create**   | Allows to create a new record with the API.                         |
| **api-update**   | Allows to update an existing record with the API.                   |
| **api-delete**   | Allows to delete a record with the API.                             |

## CheckSettingsPanel

This middleware checks if the user can access to the Settings Panel.\
An user can access to it if at least one of these conditions is true:

* The user is admin: `$user->is_admin === true`
* The user can admin at least one [admin module](https://uccello.gitbook.io/doc/module#admin-module).

Use `uccello.settings` to call this middleware.

```php
Route::get($domainParam.'/settings/menu/manager', 'Settings\MenuManagerController@process')
    ->defaults('module', 'settings')
    ->middleware('uccello.settings');
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://uccello.gitbook.io/doc/the-basics/middlewares.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.