security: secure role, notification, system setting, and documentation pages with spatie permissions

app/Http/Controllers/NotificationController.php

@@ -12,6 +12,8 @@ class NotificationController extends Controller
 {
     public function index(Request $request)
     {
+        abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
+
         $logs = NotificationLog::with(['targetUser', 'sender'])
             ->latest()
             ->paginate(10);
@@ -37,6 +39,8 @@ class NotificationController extends Controller
 
     public function store(Request $request)
     {
+        abort_if(!auth()->user()->can('role.manage'), 403, 'Unauthorized. Role management permission required.');
+
         $validated = $request->validate([
             'title' => 'required|string|max:255',
             'body' => 'required|string',