Zooniverse uses a two-role model to control access to enclosure and animal management features. Every authenticated user is either an Admin or a Caretaker, determined by the booleanDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/raczkodavid/Zooniverse/llms.txt
Use this file to discover all available pages before exploring further.
admin column on the users table. Admins have unrestricted access to all create, edit, and delete operations; caretakers can only view the enclosures and animals they have been assigned to.
The two roles
Admin
Full CRUD access to enclosures and animals. Can assign caretakers to enclosures, view archived animals, and restore them to active enclosures. Identified by
admin = true on the user record.Caretaker
Read-only access to assigned enclosures and their animals. Can view the homepage dashboard with their feeding schedule. Cannot create, edit, or delete any records. Identified by
admin = false.admin field is cast to a boolean in the User model:
Route access by role
Routes are split into two middleware groups inroutes/web.php:
Admin-only routes (auth + admin middleware)
| Method | URI | Action |
|---|---|---|
GET | /enclosures/create | Show create enclosure form |
POST | /enclosures | Store new enclosure |
GET | /enclosures/{id}/edit | Show edit enclosure form |
PUT/PATCH | /enclosures/{id} | Update enclosure |
DELETE | /enclosures/{id} | Delete enclosure |
GET | /animals/create | Show create animal form |
POST | /animals | Store new animal |
GET | /animals/{id}/edit | Show edit animal form |
PUT/PATCH | /animals/{id} | Update animal |
DELETE | /animals/{id} | Archive (soft-delete) animal |
GET | /animals/archived | View all archived animals |
POST | /animals/{id}/restore | Restore an archived animal |
All authenticated users (auth middleware only)
| Method | URI | Action |
|---|---|---|
GET | /homepage | Dashboard with feeding schedule |
GET | /enclosures | List enclosures (filtered by assignment for caretakers) |
GET | /enclosures/{id} | View enclosure details |
GET | /profile | View / edit own profile |
PATCH | /profile | Update own profile |
DELETE | /profile | Delete own account |
The enclosure list and detail routes are accessible to both roles, but caretakers only see the enclosures they have been explicitly assigned to. The
index action checks auth()->user()->admin and scopes the query accordingly.AdminMiddleware
TheAdminMiddleWare class (app/Http/Middleware/AdminMiddleWare.php) guards every admin-only route group:
admin flag is false, the middleware calls abort(403) and the request never reaches the controller. This middleware is registered as admin and applied to the admin route group:
What admins can do
- Enclosures — create, edit (including caretaker assignments), and delete enclosures. Deletion is blocked if the enclosure still contains animals.
- Animals — create animals in any enclosure, edit animal details and reassign them between enclosures, and archive animals (soft-delete).
- Archived animals — view the full list of archived animals sorted by most recently archived, and restore any animal to a compatible, non-full enclosure.
- Caretaker assignments — on the enclosure edit form, open the caretaker modal and check or uncheck users. Assignments are synced on every save.
What caretakers can do
- Homepage — view the dashboard showing total enclosure and animal counts, and a personalised feeding schedule listing their assigned enclosures with upcoming feeding times.
- Enclosure list — browse only their assigned enclosures, paginated at 5 per page.
- Enclosure detail — view animals in an assigned enclosure, sorted by species then birthdate. No edit or archive controls are shown.
- Profile — view and update their own name, email, and password.
Caretakers do not have access to the animal create or edit forms, the archived animals list, or any enclosure edit or delete actions. The UI hides these buttons for non-admin users, and the routes are protected server-side by
AdminMiddleWare.