diff --git a/lib/acl.js b/lib/acl.js
index 620ca33..3c5154f 100644
--- a/lib/acl.js
+++ b/lib/acl.js
@@ -635,12 +635,13 @@ Acl.prototype.clean = function(callback){
   Express Middleware
 
 */
-Acl.prototype.middleware = function(numPathComponents, userId, actions){
+Acl.prototype.middleware = function(numPathComponents, userId, actions, dynamicParams){
   contract(arguments)
     .params()
     .params('number')
     .params('number','string|number|function')
     .params('number','string|number|function', 'string|array')
+    .params('number','string|number|function', 'string|array', 'array')
     .end();
 
   var acl = this;
@@ -685,7 +686,11 @@ Acl.prototype.middleware = function(numPathComponents, userId, actions){
     if(!numPathComponents){
       resource = url;
     }else{
-      resource = url.split('/').slice(0,numPathComponents+1).join('/');
+      if(numPathComponents < 0){
+        resource = url.split('/').splice(Math.abs(numPathComponents) + 1).join('/');
+      }else{
+        resource = url.split('/').slice(0,numPathComponents+1).join('/');
+      }
     }
 
     if(!_actions){
@@ -694,6 +699,18 @@ Acl.prototype.middleware = function(numPathComponents, userId, actions){
 
     acl.logger?acl.logger.debug('Requesting '+_actions+' on '+resource+' by user '+_userId):null;
 
+    // map params
+    if(req.params && req.route && req.route.path && dynamicParams instanceof Array){
+      var path = req.route.path;
+      var params = path.split(':').join('').split('/').filter(Boolean);
+
+      dynamicParams.forEach(function(dp){
+        if(params.indexOf(dp) !== -1){
+          resource = resource.replace(req.params[dp], '').split('/').filter(Boolean).join('/');
+        }
+      });
+    }
+
     acl.isAllowed(_userId, resource, _actions, function(err, allowed){
       if (err){
         next(new Error('Error checking permissions to access resource'));