role, ['admin', 'manager', 'receptionist', 'therapist']); } public function view(User $user, Patient $patient): bool { if (in_array($user->role, ['admin', 'manager', 'receptionist'])) { return true; } // Therapists can only see their own patients if ($user->role === 'therapist') { return $patient->appointments()->where('user_id', $user->id)->exists(); } return false; } public function create(User $user): bool { return in_array($user->role, ['admin', 'manager', 'receptionist']); } public function update(User $user, Patient $patient): bool { return in_array($user->role, ['admin', 'manager', 'receptionist']); } public function delete(User $user, Patient $patient): bool { return in_array($user->role, ['admin', 'manager']); } }