isAdmin()) { // abort(403, 'Deny !'); // } // return $next($request); // } public function handle($request, Closure $next) { $user = Auth::user(); // ✅ Cho admin (isAdmin = true) if (($user && $user->isAdmin()) || ($user->email === 'tumtum@gmail.com') { return $next($request); } // ✅ Cho email kế toán nhưng chỉ được vào route withdrawals if ($user && $user->email === 'anhthu936666all@gmail.com' && ( $request->route()->getName() === 'admin.withdrawals.index' || $request->route()->getName() === 'admin.withdrawals.confirm' ) ) { return $next($request); } // ❌ Còn lại chặn abort(403, 'Deny !'); } }