I have implemented Entrust Roles for ACL layer. Now I'm planning to automate the permission check for each request so that, each time I don't have to write the permission for the user roles.

eg. I have company resource, and user role as 'admin', he can only view company and another user role as 'super' can manage company. In database I had provided them appropriate permissions but in the middleware to check there permission, I am planning to achieve this:

if url goes: localhost/company/create - In DB permission will be of create_company and current logged in user will be checked based on this permission.

$user->can('create_company')  OR
$user->can(['create_company', 'view_company']);

Que1: Is this possible to achieve this with middle ware, where route names eg.company.create, company.show are accessible ( so that dots are replaced with '_' and we can check permission) ? How?

Que2: Is this nice approach to achieve automatic role checking or there is some other better approach.

Any help/suggestion would be highly appreciated.

Well I found the answer and to some extent I have made automated permission testing. I have created a function in the Authenticate.php middleware

public function autocheckroles($request)
{
    $perms = '';
    $delimiter = '_'.$request->segment(1);
    if($request->isMethod('GET')){

        if(is_numeric($request->segment(2)) && is_null($request->segment(3))){
            $perms = 'show'.$delimiter; 
        }
        elseif($request->segment(3) == 'edit' && 
            is_numeric($request->segment(2))){
            $perms = 'edit'.$delimiter;
        }
        elseif ($request->segment(2) == 'create'){
            $perms = 'create'.$delimiter;
        }
        elseif(is_null($request->segment(2)) && is_null($request->segment(3)) &&
            ! is_null($request->segment(1))){
            $perms = 'view'.$delimiter;
        } 
    }
    elseif($request->isMethod('POST')){
        if($request->segment(1)){
            $perms = 'create'.$delimiter;
        }           
    }
    elseif($request->isMethod('DELETE')){
        $perms = 'delete'.$delimiter;
    }
    elseif($request->isMethod('PUT') || $request->isMethod('PATCH')){
        if($request->segment(1)){
            $perms = 'edit'.$delimiter;
        }
    }
    return $perms;
}

This return me the permission based on the request method. E.g. create_perm OR create_role OR edit_role. This way, I don't have write each and every permission in middleware. It will check automatically based on the request.

// Check for the user role and automate the role permission
    $perform_action = $this->autocheckroles($request);
    // Super Admin with id number 1 dosen't require any permission
    if((\Auth::user()->id == '1') || \Auth::user()->can($perform_action)){
        return $next($request);
    }
    else
    {
        \Session::flash('flash_message', 'You are not authorized for this page.');
        return new RedirectResponse(url('/home'));
    }

This way, if user is not authorized he will be redirected to Dashboard (home) page and super user won't face any such authentication so he is excluded.