user()->role !== UserRole::ADMIN) { abort(403, 'You are not authorized to access this page.'); } return $next($request); } }