user(); if (!$user || !$user->isRootAdmin()) { throw new AccessDeniedHttpException('This account does not have permission to access the API.'); } return $next($request); } }