auditionadmin/app/Http/Controllers/UserController.php

<?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;

use function abort;
use function redirect;

class UserController extends Controller
{
    /**
     * Display a listing of the resource.
     */
    public function index()
    {
        //
    }

    /**
     * Show the form for creating a new resource.
     */
    public function create()
    {
        //
    }

    /**
     * Store a newly created resource in storage.
     */
    public function store(Request $request)
    {
        //
    }

    /**
     * Display the specified resource.
     */
    public function show(User $user)
    {
        //
    }

    /**
     * Show the form for editing the specified resource.
     */
    public function edit(User $user)
    {
        //
    }

    /**
     * Update the specified resource in storage.
     */
    public function update(Request $request, User $user)
    {
        if ($user->id !== Auth::user()->id) {
            return redirect()->route('dashboard')->with('error', 'You can only modify your own profile');
        }
        dd($request->all());
    }

    /**
     * Remove the specified resource from storage.
     */
    public function destroy(User $user)
    {
        //
    }

    public function set_school(Request $request, User $user)
    {
        if ($request->user()->cannot('set_school', $user)) {
            abort(403);
        }

        request()->validate([
            'school_id' => ['required', 'integer', 'exists:schools,id'],
        ]);

        $user->update([
            'school_id' => request('school_id'),
        ]);

        // TODO we probably don't want to go here if done from an admin page
        return redirect('/my_school');
    }
}