diff --git a/app/Http/Controllers/Api/OfftakerController.php b/app/Http/Controllers/Api/OfftakerController.php
index 22b5855..fd19701 100644
--- a/app/Http/Controllers/Api/OfftakerController.php
+++ b/app/Http/Controllers/Api/OfftakerController.php
@@ -12,8 +12,9 @@ class OfftakerController extends Controller
 {
     public function index(): JsonResponse
     {
-        Gate::authorize('any',['super_admin', 'petani']);
-
+        if (!Gate::any(['super_admin', 'petani', 'fasilitator', 'admin'])) {
+            abort(403, 'Unauthorized');
+        }
         $listOfftaker = Offtaker::all();
 
         return response()->json($listOfftaker);
@@ -21,7 +22,7 @@ public function index(): JsonResponse
 
     public function store(Request $request): JsonResponse
     {
-        Gate::authorize('super_admin');
+        Gate::authorize('any',['super_admin', 'petani']);
 
         $validated = $request->validate([
             'user_email' => ['required', 'email', 'max:255'],
@@ -48,14 +49,14 @@ public function store(Request $request): JsonResponse
 
     public function show(string $id): JsonResponse
     {
-        Gate::authorize('super_admin');
+        Gate::authorize('any',['super_admin', 'petani']);
         $offtaker = Offtaker::findOrFail($id);
         return response()->json($offtaker);
     }
 
     public function update(Request $request, string $id): JsonResponse
     {
-        Gate::authorize('super_admin');
+        Gate::authorize('any',['super_admin', 'petani']);
         $offtaker = Offtaker::findOrFail($id);
 
         $validated = $request->validate([
@@ -73,8 +74,7 @@ public function update(Request $request, string $id): JsonResponse
 
     public function destroy(string $id): JsonResponse
     {
-        Gate::authorize('super_admin');
-        // Menggunakan Soft Delete (Eloquent otomatis handle karena ada trait SoftDeletes di model)
+        Gate::authorize('any',['super_admin', 'petani']);
         Offtaker::findOrFail($id)->delete();
         
         return response()->json(null, 204);
@@ -85,7 +85,7 @@ public function destroy(string $id): JsonResponse
      */
     public function batchUpsert(Request $request): JsonResponse
     {
-        Gate::authorize('super_admin');
+        Gate::authorize('any',['super_admin', 'petani']);
 
         $validated = $request->validate([
             'offtakers' => ['required', 'array'],