check() || auth()->user()->role !== UserRole::ADMIN) { abort(403, 'Unauthorized access. Admin only.'); } return $next($request); } }