Routes with permissions

Hey, I’m looking for opnions on which is the best approach for this.

I have RESTful API and the application has users and admins.

For example, there’s a resource controller called users with a PUT/PATCH method, if the user is an admin, he can update any user, if he is an user he can only update himself.

Should i make a different controller for admin operations (have many duplicated controllers) and protect it with a middleware or add a condition ( if ( !== Number( && auth.user.role !== 'admin') ) in every method that has this behaviour

What are your preferences when it comes to this?

Hey @Wuzi! :wave:

I have built a package to help managing permissions in Adonis.

Thanks, this is perfect!

I don’t understand how can I implement with my project I read document what you written in read me file. is there any demo project what I can see