I am trying to check for permissions in a pre middleware by comparing the requested Method + Endpoint against my route permissions object.
So in a JSON object variable "route_permissions" I store the values like this:
{
"GET /contacts": "contacts.view",
"GET" /contacts/{id}": "contacts.view",
"POST /contacts": "contacts.create",
...
}
When accessing a route I am retrieving the user or keys permissions and store the names in an array. Then I compare the two to see if I should let the request go through or block it.
This works great for static routes like "/contacts" but I need to make it more dynamic so the deeper routes like "/contacts/{id}" work as well. Right now they return an error because e.g. "/contacts/7" does not match "/contacts/{id}" of course...
Is there a way to easily retrieve the endpoint itself instead of trying to filter it from "$request_uri" in our envs?
Also I am new to this whole thing and have no idea how you would normally approach that.