Laravel : Setting dynamic routes based on access control list

The best idea was using middleware parametercreate Middleware call CheckPermission then you have to register that middleware into your app/Http/kernel.php file thats only you need check below code

Your kernel.php file

protected $routeMiddleware = [            'checkPermission' => \App\Http\Middleware\CheckPermission::class,    ];

CheckPermission.php

    <?php    namespace App\Http\Middleware;    use Closure;    use DB;    class CheckPermission    {        /**         * Handle an incoming request.         *         * @param  \Illuminate\Http\Request  $request         * @param  \Closure  $next         * @return mixed         */        public function handle($request, Closure $next,$permission_name)        {            //first check that name in your db            $permission = DB::table('Permission')->where('name',$permission_name)->first()            if($permission){              //here you have to get logged in user role              $role_id = Auth::user()->role;              ## so now check permission              $check_permission = DB::table('Permission_role')->where('role_id',$role_id)->where('permission_id',$permission->id)->first();              if($check_permission){                 return $next($request);              }              //if Permission not assigned for this user role show what you need            }            // if Permission name not in table then do what you need             ## Ex1 : return 'Permission not in Database';            ## Ex2 : return redirect()->back();        }    }

Your Route file

 Route::group(['middleware' => 'jwt.auth'], function() {        Route::post('classResult', 'ApiController@getClassResult')->middleware('checkPermission:view-class-result');        Route::post('studentResult', 'ApiController@studentResult')->middleware('checkPermission:view-student-result');        Route::post('getStudentExamResult', 'ApiController@downloadSchoolTemplate')->middleware('checkPermission:download-student-result');   }

So what you can do is make your role name accountants a value to key in the .env file and same for each and every role name.

In case you want to change it in near future you can change it manually in the .env file or you can make changes in the .env file via php code writtern on one of your Laravel function.

While I doubt that this is the best approach to this, but in your way of thinking you could try out this "pseudo code". I hope this expresses the basic idea. What that implies is:

• A route pattern, not to include all routes explicitely in your routes file. ie. api/studentResult
• Your controller to dispatch to the proper method that implements your api call via a single action controller (Link to documentation)
• Your controller to load the correct middleware to take care on authorization

Routes

Route::group(['middleware' => 'jwt.auth'], function() {    Route::get('user', 'ApiController@getAuthUser');    Route::get('invalidate', 'ApiController@invalidate');    // Choose whatever pattern you like...    Route::post('api/{name}', ApiController::class);});

Controller

class ApiController {    public function __construct() {        $permisions = $this->loadPersionForUser();        $this->middleware('ability', [$permisions->value1, 'whatever']);    }    public function __invoke($method) {        if (method_exists($this, $method)) {            return $this->$method();        }    }}

I'm not totally sure if you can load your middleware dynamically like this. If so, this could be a valid approach for this.