user()->currentAccessToken(); if ($token->can('*')) { return $next($request); } if ($token->can('read-only')) { return response()->json(['message' => 'You are not allowed to perform this action.'], 403); } return $next($request); } }