'Should I create separate routes for a typical user and an admin that have access to the same resource?

I'm making a design decision and I was thinking of the best practice to implement the required functionality. The scenario is as follows: a typical user makes requests that need to be approved by an admin. So, I have a REST API for user requests. On one hand, The admin should have access to all the requests made by users, approve them. On the other hand, the typical user should be able to list all the requests he/she made. Should I have separate routes for the admin and the user or do the logic based on the authenticated user's role? Should I create separate controllers for the user and the admin? I'll appreciate your advice on the best practice in this situation.

laravelmodel-view-controller


Solution 1:[1]

I know the question is old, but...

What you could do is create two routes:

  1. GET /users/{id}/requests (Only admins and the respective user can access)
  2. GET /requests (Only admins can access)

In this way you can fine tune the authorization.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Felipe Cavichiolli Silvestre

Related Questions