Best Practices for Laravel Routing with User Permissions

Hey everyone! I'm in the process of refactoring a large ERP system, and I want to ensure I'm adhering to best practices for REST API design, particularly concerning the editing permissions between users and admins.

Here's the setup:
- **Backend:** Laravel stateful REST API
- **Frontend:** Separate server on the same domain (using React)

Here's the situation:
- Regular users can edit **their own contact info** through a POST/PUT request to `/users/contact-information`.
- Admins should be able to edit **any user's** contact info, preferably using the same endpoint.

I'm facing a dilemma on how to structure this:
1. Should I add an optional `user_id` parameter to the route `/users/contact-information/{user_id?}` and manage it from there?
2. Create a separate route specifically for admins (like `/admin/users/{id}/contact-information`)?
3. Stick with the same endpoint and determine the action based on the presence of a `user_id` in the request? I'd handle it like this: `$user = $request->query('user_id') ? User::findOrFail($user_id) : $request->user();`

I'd love to hear your thoughts on the cleanest and most scalable solution to this, especially from a RESTful framework and Laravel policy standpoint. Thanks!