It seems you have authentication covered, but you should also look up some tutorials on authorisation as well, which is what you are describing.

Essentially, every security-sensitive action should perform an authorisation step to determine whether it is allowed before it is actually performed. I'm not sure of the Laravel specifics, but in the case of viewing a user profile, for example, the authorisation will check that the ID of the current user, which should be obtainable from their token somehow, is the same as the ID of the profile being viewed, or possibly whether the current user is an admin or super-user, and will not allow viewing if this is not the case.

It seems you have authentication covered, but you should also look up some tutorials on authorisation as well, which is what you are describing.

Essentially, every security-sensitive action should perform an authorisation step to determine whether it is allowed before it is actually performed. I'm not sure of the Laravel specifics, but in the case of viewing a user profile, for example, the authorisation will check that the ID of the current user, which should be obtainable from their token somehow, is the same as the ID of the profile being viewed, or possibly whether the current user is an admin or super-user, and will not allow viewing if this is not the case.

Edit: It looks like Laravel has a whole authorisation framework included, so this page should help you get started with a Laravel-specific solution.