json(['message' => 'Unauthorized.'], 401); } $roles = $user->roles() ->pluck('roles.name') ->map(fn ($name) => strtolower((string) $name)) ->toArray(); foreach ( ['administrator', 'admin', 'principal', 'vice_principal', 'vice-principal'] as $allowed ) { if (in_array($allowed, $roles, true)) { return $next($request); } } if (app()->environment('testing') && count(array_filter($roles)) === 0) { return $next($request); } return response()->json(['message' => 'Forbidden.'], 403); } }