Protected acess route

@carlosoliveiras I recommend that you use a middleware.

Here is my idea-

1. Define your middleware, e.g. RoleMiddleware

public function handle($request, Closure $next, ...$roles)
{
    if (!auth()->check() || !in_array(auth()->user()->role, $roles)) {
        abort(403); // Forbidden
    }

    return $next($request);
}

2. Register your middelware in the app/Http/Kernel.php (if needed)

3. Apply middleware in the route:

Route::middleware(['auth', 'role:manager'])->group(function () {
    // Your routes.... 
});

One built-in way is to use gates.

// Define gates in a service provider:
Gate::define('manage', fn (User $user) => $user->role === 'manager'));

// Authorization with middleware:
Route::post(...)->middleware('can:manage');

// Authorization in code:
if (!$user->can('manage'))
	abort(403);