findById((int) $userId); } public static function requireUser(): array { $user = self::user(); if ($user === null) { Response::json(['message' => 'Unauthenticated'], 401); } return $user; } public static function requireRole(array|string $roles): array { $user = self::requireUser(); $roles = (array) $roles; if (!in_array($user['role'], $roles, true)) { Response::json(['message' => 'Forbidden'], 403); } return $user; } }