Just because a user is authenticated doesn't mean they should access everything in your API.
The Common Mistake that many developers make is doing this :
public function show(int $id)
1 week ago 1 min read