I would override the controllers respective method or add new custom route and method to manage that. The way you’re changing the user’s permission, you’re allowing any user that has authenticated, read, write or even delete other users.
I would override the controllers respective method or add new custom route and method to manage that. The way you’re changing the user’s permission, you’re allowing any user that has authenticated, read, write or even delete other users.