user(); if (!$user || !in_array($user->role, ['admin', 'karyawan'])) { abort(403, 'Unauthorized'); } return $next($request); } }