user()->currentAccessToken(); if ($token->can('*')) { return $next($request); } return response()->json(['message' => 'You are not allowed to perform this action.'], 403); } }