route('login'); } $user = Auth::user(); // Check if user has any of the required permissions foreach ($permissions as $permission) { if ($user->hasPermission($permission)) { return $next($request); } } // If no permissions match, return 403 abort(403, 'Unauthorized action.'); } }