route('login'); } $user = Auth::user(); foreach ($roles as $role) { if ($user->hasRole($role)) { return $next($request); } } abort(403, 'Unauthorized action.'); } }