cookie('sessionKey'); $appSession = AppSession::where('session_key', $sessionKey)->where('is_active', true)->first(); $authenticated = $sessionKey && $appSession && $appSession->pro; if (!$authenticated) { abort(403); } $patient = \request()->route('patient'); if(!!$patient) { if(!$appSession->pro->canAccess($patient->uid)) { abort(403); } } return $next($request); } }