user(); $tenant = app(TenantManager::class)->current(); if (! $user || ! $tenant) { throw new AccessDeniedHttpException('Tenant context required.'); } if ($user->company_id !== $tenant->id) { throw new AccessDeniedHttpException('Token does not belong to this tenant.'); } return $next($request); } }