In Laravel, middleware can be applied at different levels to control access and behavior for your routes and application. Here’s a breakdown of the various levels at which middleware can be applied:

1. Global Middleware

Description: Global middleware is applied to every HTTP request entering your application. It’s used for tasks that need to be handled for every request, such as logging, CORS, or global authentication.

How to Apply: You register global middleware in the app/Http/Kernel.php file, specifically in the $middleware array.

protected $middleware = [
    \App\Http\Middleware\TrustProxies::class,
    \App\Http\Middleware\CheckForMaintenanceMode::class,
    \Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \Illuminate\Session\Middleware\AuthenticateSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \App\Http\Middleware\EncryptCookies::class,
    \App\Http\Middleware\CustomGlobalMiddleware::class,
];

2. Route Middleware

Description: Route middleware is applied to specific routes or route groups. It is used for functionality that should be applied selectively, such as role-based access control or specific request handling.

How to Apply: Register route middleware in the $routeMiddleware array within app/Http/Kernel.php.

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'admin' => \App\Http\Middleware\CheckAdmin::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];

Usage in Routes:

Route::get('/admin', function () {
    // Only accessible to admins
})->middleware('admin');

Route::group(['middleware' => ['auth']], function () {
    Route::get('/profile', function () {
        // Accessible only to authenticated users
    });
});

3. Middleware Groups

Description: Middleware groups allow you to assign a set of middleware to a route or route group at once. This is useful for applying multiple middleware to a route or group of routes.

How to Apply: Define middleware groups in app/Http/Kernel.php within the $middlewareGroups array.

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

Usage in Routes:

When defining routes, you can apply these groups directly:

Route::middleware('web')->group(function () {
    Route::get('/dashboard', function () {
        // Uses 'web' middleware group
    });
});

Route::middleware('api')->group(function () {
    Route::get('/api/user', function () {
        // Uses 'api' middleware group
    });
});

4. Custom Middleware Application

You can apply custom middleware to routes or route groups as needed. This allows for fine-grained control over how requests are handled.

Example of Custom Middleware Usage:

Route::middleware(['auth', 'admin'])->group(function () {
    Route::get('/admin/dashboard', function () {
        // Only accessible to authenticated admins
    });
});

By using these levels of middleware application, you can effectively manage request handling and access control in your Laravel application.