json(['message' => 'Unauthorized.'], 401); } $roles = $user->roles() ->pluck('roles.name') ->map(fn ($name) => strtolower((string) $name)) ->toArray(); $allowed = [ 'administrator', 'admin', 'principal', 'vice_principal', 'vice-principal', 'teacher', 'teacher_assistant', ]; foreach ($allowed as $role) { if (in_array($role, $roles, true)) { return $next($request); } } return response()->json(['message' => 'Forbidden.'], 403); } }