json(['message' => 'Unauthorized.'], 401); } $roles = $user->roles() ->pluck('roles.name') ->map(fn ($name) => strtolower((string) $name)) ->toArray(); foreach (['teacher', 'teacher_assistant'] as $allowed) { if (in_array($allowed, $roles, true)) { return $next($request); } } return response()->json(['message' => 'Forbidden.'], 403); } }