role === 'karyawan') { return $next($request); } abort(403, 'Unauthorized'); } }