creator_id !== auth()->id()) { return response()->json(['message' => 'Unauthorized'], 403); } $validated = $request->validated(); $step = $hunt->steps()->create($validated); return response()->json($step, 201); } }