// in terminal, php artisan to create middleware
php artisan make:middleware VerifyIsAdmin

// in VerifyIsAdmin middleware file
public function handle(Request $request, Closure $next)
{
  if (!auth()->user()->isAdmin()) {
    return redirect()->back();
  }
  return $next($request);
}

// must register in kernel.php
protected $routeMiddleware = [
  'auth' => \App\Http\Middleware\Authenticate::class,
  'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
  'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
  'can' => \Illuminate\Auth\Middleware\Authorize::class,
  'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
  'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
  'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
  'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
  'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
  'verifyCategoryCount' => VerifyCategoriesCount::class,
  'admin' => VerifyIsAdmin::class,
];

// use in Route to ensure user is authenticated and admin
Route::middleware(['auth', 'admin'])->group(function () {
    Route::get('users', [UsersController::class, 'index'])->name('users.index');
});