user()?->id ?? 0); if ($userId <= 0) { return response()->json(['status' => false, 'message' => 'Unauthorized.'], 401); } $user = $request->user(); $status = strtolower(trim((string) ($user->status ?? ''))); $isVerified = filter_var($user->is_verified ?? false, FILTER_VALIDATE_BOOLEAN); $isSuspended = filter_var($user->is_suspended ?? false, FILTER_VALIDATE_BOOLEAN); if (! $isVerified || $status !== 'active' || $isSuspended) { return response()->json(['message' => 'Account unavailable.'], 403); } if (! $this->permissions->hasPermission($userId, $permission)) { if ($request->expectsJson()) { return response()->json(['status' => false, 'message' => 'Access denied.'], 403); } return response()->json(['status' => false, 'message' => 'Access denied.'], 403); } return $next($request); } }