user(); if ( ! $user || ($user->role !== \App\Enums\UserRole::ADMIN) ) { abort(403, 'Unauthorized action.'); } return $next($request); } }