role !== 'student') { abort(403, "Unauthorized Action."); } return $next($request); } }