Looking for package or ideas for a fully customizable permissions system

I developed this ecommerce system for a customer a while a go, it includes an administrative panel where an user with enough privileges can do pretty much everything in the system, CRUD products, sales, users, etc, pretty much the same that you would find in woocommerce, prestashop or any other system like those. Currently there are only 2 access levels, regular users and administrator, the later obviously are those who can access the admin panel.

Now my customer wants an upgrade, and the chance to create unlimited roles, and for each role to give access to specific modules of the system.

So what would be the best way to do this? A middleware per role is not an option because, as stated, they are dynamic. I guess I still could programmatically edit the routes file but it doesn't feel right. What about an unique middleware and check the permissions required based in the url the user is trying to load? Any other idea?