json(['message' => 'Unauthorized.'], 401); } $roles = $user->roles() ->pluck('roles.name') ->map(fn ($name) => strtolower((string) $name)) ->toArray(); if (in_array('parent', $roles, true)) { $request->attributes->set('primary_parent_id', (int) $user->id); return $next($request); } $userType = strtolower(trim((string) ($user->user_type ?? ''))); if (in_array($userType, ['secondary', 'tertiary'], true)) { /** @var PrimaryParentUserResolver $resolver */ $resolver = app(PrimaryParentUserResolver::class); $primaryId = $resolver->resolveFromCredentials((int) $user->id, $userType); if ($primaryId !== null && $primaryId > 0) { $request->attributes->set('primary_parent_id', $primaryId); return $next($request); } } return response()->json(['message' => 'Forbidden.'], 403); } }