Laravel nested resource controller policies

[jameshine]

Given I have the following routes, controllers and models. How can I create two separate policies for the CompanyAddressController show method and the UserAddressController show method in order for us to authorise whether a user can;

E.g.

• View the CompanyAddressController@show and UserAddressController@show methods.
• Just view the CompanyAddressController@show method.
• Just view the UserAddressController@show method.

I believe it's correct to handle these via a Policy, but I'm unsure how this will work with nested resource controllers & a polymorphic morphOne relation, since the address policy would be full of conditionals surrounding the addressable type.

Routes

Route::resource('company', CompanyController::class);
Route::resource('company.address', CompanyAddressController::class);
Route::resource('users.address', UsersAddressController::class);

Controllers

// Company Controller
class CompanyController
{
    public function __construct() {
        $this->authorizeResource(Company::class);
    }
}

// User Controller
class UserController
{
    public function __construct() {
        $this->authorizeResource(User::class);
    }
}

// Company Address Controller
class CompanyAddressController {
    public function show(Request $request, Company $company, Address $address)
    {
        //
    }
}

// User Address Controller
class UserAddressController {

    public function show(Request $request, User $user, Address $address)
    {
        //
    }
}

Models

// Company Model
class Company extends Model
{
    public function address()
    {
        return $this->morphOne(Address::class, 'addressable');
    }
}

// User Model
class User extends Model
{
    public function address()
    {
        return $this->morphOne(Address::class, 'addressable');
    }
}

// Address Model
class Address extends Model
{
    return $this->morphTo();
}