check() || !auth()->user()->is_admin) { abort(403, 'Unauthorized access. Admins only.'); } return $next($request); } }