0👍
I recommend calling an initial endpoint when Vue.JS first starts/loads. This endpoint should include a list of permissions that user has. Those permissions should define what user can see on the FE.
Regarding permissions for things such as update, one of the permissions can be called task.update if it’s present within the initial endpoint then Vue.JS will know that logged in user can update a task.
Also, if user does call an endpoint for whatever reason, your Laravel App, thanks to Policy you created, should respond with 403 code.
Example permissions management plugin: Spatie Permission or you can create your own one… it depends on difficulty of your software
UPDATE
If you are listing all tasks from list endpoint, event the ones that dont belong to logged in user, than you can always add an extra attribute to the Task model that will indicate if logged in user can update the task. This attribute can be called editable and will be a boolean. If editable is false then Vue.JS knows not to display edit button and so onwrads.