Remove {id} from the middleware Call this inside your middleware: $request->id

You should be explicit with retrieving that id. $request->route('id').

The getter on Request will check all the inputs first then fallback to pulling a route parameter.

I used middleware, this isn't final but it works for now

<?php

namespace App\Http\Middleware;

use Closure;
use Auth;
use Illuminate\Http\Request;

class AccessMiddleware
{

    protected $permission;
    protected $slugged;

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next, $slugged)
    {
        $this->slugged = $slugged;
        $this->permission = $this->replaceSlugs($request);

        if(!Auth::user()->can($this->permission))
            abort(403);
        return $next($request);
    }



    function replaceSlugs(Request $request) {
        $slug = '~{([^}]*+)}~';
        $params = $request->route()->parameters();

        return preg_replace_callback( 
            $slug, 
            function ($a) use ($params) {
                return $params[$a[1]];
            },
            $this->slugged);
    }

}