role === 'superadmin') { return $next($request); } abort(403, 'Unauthorized action.'); } }