Allow a user to change only their own password

app/Http/Requests/User/UpdateUserRequest.php

@@ -29,7 +29,10 @@ class UpdateUserRequest extends Request
     public function rules()
     {
         $input = $this->all();
-        $rules = [];
+
+        $rules = [
+            'password' => 'nullable|string|min:6',
+        ];
 
         if (isset($input['email'])) {
             $rules['email'] = ['email:rfc,dns', 'sometimes', new UniqueUserRule($this->user, $input['email'])];

app/Repositories/UserRepository.php

@@ -18,6 +18,7 @@ use App\Models\User;
 use App\Utils\Ninja;
 use App\Utils\Traits\MakesHash;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
 
 /**
  * UserRepository.
@@ -61,6 +62,12 @@ class UserRepository extends BaseRepository
 
         $user->fill($details);
 
+        //allow users to change only their passwords - not others!
+        if(auth()->user()->id == $user->id && array_key_exists('password', $data) && isset($data['password']))
+        {
+            $user->password = Hash::make($data['password']);
+        }
+
         if (!$user->confirmation_code) {
             $user->confirmation_code = $this->createDbHash(config('database.default'));
         }