Is it normal to make a separate folder in Controllers for each role and almost duplicate all controllers, slightly modifying them?

No. Even if we discard all other "buts", imagine what it will cost you to introduce a new role into the system?! This will be a complete ahtung!

It also turns out that routes are duplicated ... and views.

Especially.

There is just an idea that I duplicate a lot of code, is this normal?

No, not normal. To be honest, I don't understand how you could learn Laravel while ignoring one of the fundamental principles of DRY development .

For roles and permissions I use "laravel spatie permission".

To be honest, I don’t know what it is, but if the current module for servicing rights / privileges / roles / access control (etc.) - something does not suit you or makes (?) You violate the fundamental principles of development - you just need to find another more suitable for your specific needs.

Duplicate code is not normal. An attempt to refactor duplicate code, when ideas can change on the go, and fix in 10 files, will convince you of this. Regarding the access check in Laravel, everything has been invented for a long time. Add to this the relationships between the tables roles, perms and users (many-to-many), add roles and permissions to the table and can be used without modules. And even here, checks should be made not by roles, but by access (perms table). Roles may have overlapping access. Ready-made descriptions of how to do it exactly on the Internet are full. It's elementary there. You can also add an active boolean to user_role so that you can quickly deactivate a user role (a user can have multiple roles) with history preserved for instant recovery. This can be used when moderating users with a minimum of code and without logging (you get inactive user roles and make active true)

You need to understand the principle of using roles and permissions. Perhaps this article will help you:
Laravel 5. Hierarchical RBAC for the smallest

I have done so myself. Arranged views and controllers in different directories.
Only I actually have 2 independent applications, admin and user.
Those. not roles, but applications divided. Perhaps not your case.

It is normal if there is a significant difference between the portals. More than normal. But it's best if the separation is only on the frontend, with shared components where necessary, and on the backend - normally designed Rest, without separation into roles in urls.