Hey, I’m looking for opnions on which is the best approach for this.
I have RESTful API and the application has users and admins.
For example, there’s a resource controller called users with a PUT/PATCH method, if the user is an admin, he can update any user, if he is an user he can only update himself.
Should i make a different controller for admin operations (have many duplicated controllers) and protect it with a middleware or add a condition (
if (auth.user.id !== Number(params.id) && auth.user.role !== 'admin') ) in every method that has this behaviour
What are your preferences when it comes to this?