json(['message' => 'Unauthorized.'], 401); } $roles = $user->roles() ->pluck('roles.name') ->map(fn ($name) => strtolower((string) $name)) ->toArray(); if (in_array('parent', $roles, true)) { return $next($request); } return response()->json(['message' => 'Forbidden.'], 403); } }