attributes->get('actor_user'); $roles = $request->attributes->get('actor_roles', []); if ($user === null) { return ApiResponse::error('UNAUTHORIZED', 'Authentication is required.', [], 401); } $portalStatus = strtoupper((string) ($user->portal_status ?? 'ACTIVE')); if (in_array($portalStatus, ['SUSPENDED', 'DISABLED'], true)) { return ApiResponse::error('PORTAL_ACCESS_DISABLED', 'This portal account is not active.', [], 403); } $userType = strtoupper((string) ($user->user_type ?? 'EXTERNAL')); $portal = strtolower($portal); if ($portal === 'admin') { if ($userType === 'ADMIN' || in_array('SUPER_ADMIN', $roles, true)) { return $next($request); } return ApiResponse::error('ADMIN_PORTAL_REQUIRED', 'An admin portal account is required.', [], 403); } if ($portal === 'client') { if ($userType === 'CLIENT' && $portalStatus === 'ACTIVE') { return $next($request); } return ApiResponse::error('CLIENT_PORTAL_REQUIRED', 'An active client portal account is required.', [], 403); } return ApiResponse::error('PORTAL_NOT_SUPPORTED', 'The requested portal is not supported.', [], 500); } }