In my laravel v5.8.38 want to protect some routes based on user roles. A user can have multiple roles like this:

  {
    "role": "hospitaladmin",
    "user": {
        "id": 1630,
        "fname": "eFiche",
        "lname": "SUPPORT",
        "phone": "0788561509"
        "roles": [
            {
                "id": 2,
                "name": "hospitaladmin",
                "display_name": "Facility Manager",
                "description": "Hospital Admins Role",
                "created_at": "2021-05-10 07:58:46",
                "updated_at": "2021-05-10 07:58:46",
                "pivot": {
                    "user_id": 1630,
                    "role_id": 2
                }
            },
            {
                "id": 3,
                "name": "doctor",
                "display_name": "Doctor",
                "description": "Doctors Role",
                "created_at": "2021-05-10 07:58:46",
                "updated_at": "2021-05-10 07:58:46",
                "pivot": {
                    "user_id": 1630,
                    "role_id": 3
                }
            },
    }

if, for example, they don’t have the receptionist role, they shouldn’t be able to access the /receptionist page. They should be redirected to login instead.

my current CheckRole middleware

class CheckRole{

    public function handle($request, Closure $next){

        {
            $user = Auth::user();

            if (!$user) {
                return redirect('login');  // If user is not authenticated, redirect to login
            }

            // Debug user roles
            dd($user->roles->pluck('name'));  // Check if roles are being retrieved correctly

            if ($user->hasAnyRoles(['receptionist', 'nurse'])) {
                return $next($request);
            }

            return redirect('login');
        }
    }
}

my web.php file

 Auth::routes();
Route::get('login', 'AuthLoginController@index')->name('login');

Route::get("receptionist", "apiAdminController@receptionist")
->middleware(["auth","check-role"])
->name('receptionist');

User model
class User extends Authenticatable implements JWTSubject
{
use LaratrustUserTrait; // add this trait to your user model
use Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
“fname”,
“lname”,
“email”,
“picture”,
“phone”,
“password”,
“status”,
“facility_id”,
“dob”,
“gender”,
“nationality”,
“department_id”,
“primary_role_id”
];
use SoftDeletes;
protected $date = [“deleted_at”];

/**
 * The attributes that should be hidden for arrays.
 *
 * @var array
 */
protected $hidden = ["password", "remember_token"];

public static function rules($user_id = 0)
{
    $rules = [
        "fname" => "unique:users,fname," . $user_id,
        "lname" => "unique:users,fname," . $user_id,
        "password" => "required|min:4|confirmed",
        "password_confirmation" => "required|min:4",
        "phone" => "required",
        "status" => "required",
    ];
    if ($user_id) {
        $rules["password"] = "min:6|confirmed";
        $rules["password_confirmation"] = "min:6";
    }
    return $rules;
}



public function roles()
{
    return $this->belongsToMany(Role::class);
}

public function hasAnyRoles($roles)
{
    return null !== $this->roles()->whereIn('name', $roles)->first();
}

}

Role model

class Role extends LaratrustRole
{
    public function users()
    {
        return $this->belongsToMany(User::class, "role_user");
    }
}

The prolem is that I can’t route to /receptionist even when I the logged-in account has the receptionist role. Seems like the auth middleware is redirecting to login. I’d appreaciate your help