Catch all routes and paths using the auth filter. A route validation method is added to the Users model called hasAccess($route) and returns true if the user has that route. If the user doesn't have the route the error message will inform of what access they are missing.
I have a legacy system that uses SHA1 for passwords as opposed to bcrypt, which is used by Laravel. For now, I need people to be able to access through both systems. I use the auth.attempt event to handle password conversion.