user()->role == 'admin') { return $next($request); } if (auth()->user()->hasPermission($permission)) { return $next($request); } abort(403, "You need \"$permission\" permission"); } }