The login_redirect hook does seem to be the right hook.
Can you try this :
(Adapted from the Codex )
function redirect_users_by_role( $redirect_to, $request, $user ) {
if ( isset( $user->roles ) && is_array( $user->roles ) ) {
if ( in_array( 'staff', $user->roles ) ) {
if ($admin_url === $request){
return home_url('/resources');
} else{
return $redirect_to;
}
}
} else {
return home_url('/access-denied');
}
}
add_filter( 'login_redirect', 'redirect_users_by_role', 10, 3 );