I'm still learning Laravel & best practices.
I have a user system, so that you can create & update users through the UserController. Only admins should be able to access users & manipulate them. So I've created the following route:
Route::resource('user', 'UserController')->before('role:admin');
All looks good and works fine. I've got a filter that checks that the logged in user is an admin before they can access anything to do with users.
Here's where I'm getting confused. A user who logs in and is not an admin should still be able to edit their own information (email, password, username). I've setup a new form using the same form partial I have setup for editing users as all the fields are the same, and I thought i'd be able to process the form using the same form method so as not to duplicate the processing, which is identical:
{{Form::model($user, ['method'=>'PATCH', 'route'=>['user.update', $user->id]])}}
Except, because my user isn't an admin, they're getting pushed back to a 403 message instead of it processing the script.
How do I make an exception for a user to edit their own info, without loosing the admin restrictions on the UsersController?
