UserRole resourceful nested controller to create and manage user roles - only accessible by someone with admin role

app/Http/Controllers/UserRoleController.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Models\Role;
+use App\Models\User;
+use Illuminate\Http\Request;
+
+class UserRoleController extends Controller {
+    /**
+     * Display a listing of the resource.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Http\Response
+     */
+    public function index(User $user) {
+        return $user->load('roles');
+    }
+
+    /**
+     * Show the form for creating a new resource.
+     *
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Http\Response
+     */
+    public function create(User $user) {
+        //
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Models\User  $user
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request, User $user) {
+        $data = $request->validate([
+            'role_id' => 'required|integer'
+        ]);
+        $role = Role::find($data['role_id']);
+        if (!$user->roles()->find($data['role_id'])) {
+            $user->roles()->attach($role);
+            return $user->load('roles');
+        } else {
+            return $user->load('roles');
+            // return response(['error' => 1, 'message' => 'user already has this role'], 409);
+        }
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Role  $role
+     * @return \Illuminate\Http\Response
+     */
+    public function show(User $user, Role $role) {
+    }
+
+    /**
+     * Show the form for editing the specified resource.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Role  $role
+     * @return \Illuminate\Http\Response
+     */
+    public function edit(User $user, Role $role) {
+        //
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Role  $role
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, User $user, Role $role) {
+        //
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  \App\Models\User  $user
+     * @param  \App\Models\Role  $role
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy(User $user, Role $role) {
+        //this relationship exists
+        $user->roles()->detach($role);
+        return $user->load('roles');
+        // return response(['error' => 0, 'message' => 'role has been removed from this user'], 409);
+    }
+}

database/migrations/2022_05_17_181456_create_user_roles_table.php

@@ -17,6 +17,7 @@ return new class extends Migration
             $table->id();
             $table->foreignId('user_id')->constrained()->cascadeOnDelete();
             $table->foreignId('role_id')->constrained()->cascadeOnDelete();
+            $table->unique(['user_id','role_id']);
             $table->timestamps();
         });
     }

routes/api.php

@@ -2,6 +2,7 @@
 
 use App\Http\Controllers\RoleController;
 use App\Http\Controllers\UserController;
+use App\Http\Controllers\UserRoleController;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Route;
 
@@ -25,3 +26,4 @@ Route::post('users',[UserController::class,'store']);
 Route::post('login',[UserController::class,'login']);
 
 Route::apiResource('roles',RoleController::class)->except(['create','edit'])->middleware(['auth:sanctum', 'abilities:admin,super-admin']);
+Route::apiResource('users.roles',UserRoleController::class)->except(['create','edit','show','update'])->middleware(['auth:sanctum', 'abilities:admin,super-admin']);