user(); if ($user === null) { abort(403, 'Unauthorized'); } if ($user->role !== 'ADMIN') { abort(403, 'Unauthorized'); } return $next($request); } }