Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi all,
My team and I are building a REST API that is consumed by a Vue.js front-end, and have a few questions regarding it. I would be glad to get some insights or recommendations; thank you all in advance.
We have a user model and a profile model. The user has one profile, and the profile belongs to the user. At our application, a user is able to view and edit his own profile, but is also able to view the profile of some other user. However, if a user has an admin role (which is a boolean in the database for that user), the user is able to view and edit all profiles, as well as its own profile.
We are wondering how we would approach the creation of the controllers and routes for this.
Should we create a UserProfileController that has a method for viewing a profile of another user, so the route would be /user/{user}/profile, then create a controller for admins called AdminProfileController that has default CRUD for indexing, storing, showing, updating and deleting posts (route would be /admin/profiles/{profile}, and finally create a MeProfileController that only has the methods for performing CRUD for the profile of the currently authenticated user (route would be /me/profile)?
How would you guys do this? We thought of separating the controller logic since we have multiple roles. Is our way of thinking right here or is there a better way to do this?
I would create the following Route::get('/profiles/{profile}', 'ProfileController@show');, if there is nothing exposed through the UI that has to be separated. Then I would allow access to those pages via policies only to the user whose profile it is and admin.
@bugsysha I see, thanks for your reply. How would you do this for getting your own profile as an authenticated user?
@LarsWolters let me do something better. Here is a video that changed how I do routing. I think I almost follow everything from that video (maybe everything). Watch it, I promise it is worth your time. Then if you have more questions feel free to ping me and we can discuss them. But this will bring us to the same page so the discussion can be productive.
@larswolters As mentioned when you asked this on Discord a few days ago, it depends if a user is expecting to know their own identifier as to whether you would create a “resourceful” route (i.e. PUT /profiles/{profile}) or whether you would have the resourceful route but also a “convenience” route for a user to update their own profile (i.e. PUT /me/profile).
It’s a decision you need to make I’m afraid. There’s no “best practice” or canonical answer. It’s down to your project’s needs and what knowledge you expect your use base to have.
Please or to participate in this conversation.