user(); if (!$user || !$user->is_admin) { return response()->json(['message' => 'Unauthorized'], 403); } return $next($request); } }