License.php

<?php

class License extends Model {
  
    public static function generate (User $user) {
      $i = new static;
      $i->made_by = $user->id;
      $i->serial = \Str::random(64); // you can also use a separate factory class that injects a random generator
      $i->save();
    }
    
    public function assignTo (User $user) {
      $this->assigned = true;
      $this->assigned_to = $user->id;
      $this->save();
    }
  
}

LicenseGranter.php

<?php

class LicenseGranter {
  public function generate(User $user, $asignTo = null) {
    $license = License::generate($user);
    
    if ($assignTo) {
      $this->assign($license, $user, $assignTo);
    }
    
    return $license;
  }
  
  
  public function assign(License $license, User $assigner, User $target) {
    // this sort of awkward authorization checks typically go to their own class
    if ($assigner->getRole() == 'superuser') {
      if ($target->getRole() == 'admin') return $license->assignTo($target);
    }
    if ($assigner->getRole() == 'admin') {
      if ($target->getRole() == 'consultant' && $assigner->getTeamMembers()->has($target)) return $license->assignTo($target);
    }
    
    throw new LicenseAssignmentNotAllowedException($assigner, $target);
  }
  
}

In regards to Line 16 I could put a canAssign() & canGenerate() method in the users model which does the necessary checks and returns true if they pass.

class User extends Model {

public function canAssign (User $user) {
$this->role == 'consultant' || 'admin';
return true;
}
}

public function canGenerate (User $user) {
$this->role == 'admin';
return true;
}
}