diff --git a/app/Http/Middleware/Permission.php b/app/Http/Middleware/Permission.php
new file mode 100644
index 0000000..9fae988
--- /dev/null
+++ b/app/Http/Middleware/Permission.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Slowlyo\OwlAdmin\Admin;
+use Symfony\Component\HttpFoundation\Response;
+
+class Permission
+{
+    /**
+     * @param Request $request
+     * @param Closure $next
+     * @param mixed ...$args
+     * @return Response
+     */
+    public function handle(Request $request, Closure $next, ...$args): Response
+    {
+        $user = Admin::user();
+        if (!$user) {
+            return Admin::response()->fail(__('admin.unauthorized'));
+        }
+        if (!$user->isAdministrator()) {
+            return Admin::response()->fail(__('admin.unauthorized'));
+        }
+        if (count($args) == 0) {
+            $args = [$request->route()->getName()];
+        }
+        if ($user->allPermissions()->whereIn('slug', $args)->count() == 0) {
+            return Admin::response()->fail(__('admin.unauthorized'), ['permission' => $args]);
+        }
+        return $next($request);
+    }
+}