I'm designing a new software (Laravel + React + SQL) that will manage different stuff for companies.
Once the users login in the app, it will show them different results an submenus based on the role of the user. For example Admin will see also the control panel menu...
The front-end part will show the right view depending on if the user is an Admin of what company etc.
To make this I'm thinking about permissions to give to a user to make him Admin or Employee or what else.
Issue #1 I'm not sure about the best way to make a secure login, I'm thinking about Passport with only one users table, the system will provide a response depending on the role of the user.
Issue #2 This issue is related to the APIs authentication. I saw Laravel policies but I was thinking about using 2 middlewares: the first one for checking if the user token sent with the request corresponds to a user and the second one to check if the user have the permission to call that endpoint, but I haven't idea on how set properly the permission needed for call the single endpoint... can you please suggest the best practice?
If you think that my architecture is not too good, i'm totally open for suggestions.
Thanks for the help.