一、创建模型

创建 permission 模型

php artisan make:model Permission

创建 role 模型

php artisan make:model Role

修改 app/Permission.php

public function roles()
{
    return $this->belongsToMany(Role::class);
}

修改 app/Role.php

public function permissions()
{
    return $this->belongsToMany(Permission::class);
}

public function givePermission(Permission $permission)
{
    return $this->permissions()->save($permission);
}

修改 app/User.php

public function roles()
{
    return $this->belongsToMany(Role::class);
}

public function hasRole($role)
{
    if(is_string($role)){
        return $this->roles->contains('name', $role);
    }
    return !! $role->intersect($this->roles)->count();
}

二、创建数据表

创建 role 数据迁移

php artisan make:migration create_roles_table --create=roles

修改生成的数据迁移文件

public function up()
{
    Schema::create('roles', function (Blueprint $table) {
        $table->increments('id');
        $table->string('name');
        $table->string('label')->nullable();
        $table->timestamps();
    });
    Schema::create('permissions', function (Blueprint $table) {
        $table->increments('id');
        $table->string('name');
        $table->string('label')->nullable();
        $table->timestamps();
    });
    Schema::create('permission_role', function (Blueprint $table) {
        $table->integer('permission_id')->unsigned();
        $table->integer('role_id')->unsigned();
        $table->foreign('permission_id')
              ->references('id')
              ->on('permissions')
              ->onDelete('cascade');
        $table->foreign('role_id')
              ->references('id')
              ->on('roles')
              ->onDelete('cascade');
        $table->primary(['permission_id','role_id']);
    });
    Schema::create('role_user', function (Blueprint $table) {
        $table->integer('user_id')->unsigned();
        $table->integer('role_id')->unsigned();
        $table->foreign('user_id')
            ->references('id')
            ->on('users')
            ->onDelete('cascade');
        $table->foreign('role_id')
            ->references('id')
            ->on('roles')
            ->onDelete('cascade');
        $table->primary(['user_id','role_id']);
    });
}

执行数据迁移

php artisan migrate

三、创建数据

进入 tinker

php artisan tinker

命名空间

namespace App;

创建角色

$role = new Role;
$role->name = 'admin';
$role->label = 'Admin';
$role->save();

创建权限

$permission = new Permission;
$permission->name = 'edit_form';
$permission->label = 'Edit The Form';
$permission->save();

创建 permissions_role 数据

$role->givePermission()

查找第一个用户

$user = User::first();

给这个用户创建角色

$user->roles()->save($role);

四、测试

修改 app/Providers/AuthServiceProvider.php

protected $policies = [
    //'App\Post' => 'App\Policies\PostPolicy',
];

public function boot(GateContract $gate)
{
    $this->registerPolicies($gate);
    foreach ($this->getPermissions() as $permission){
        $gate->define($permission->name, function (User $user) use ($permission){
            return $user->hasRole($permission->roles);
        });
    }
}

protected function getPermissions()
{
    return Permission::with('roles')->get();
}

修改 app/Http/PostsController.php

public function show($id)
{
    $post = Post::findOrFail($id);
    \Auth::loginUsingId(1);
    $this->authorize('edit_form', $post);
    return $post->title;
}

打开：http://localhost:8000/posts/1，正常返回

删除权限

$user->roles()->detach($role);

打开：http://localhost:8000/posts/1

添加权限

$user->roles()->attach($role);

打开：http://localhost:8000/posts/1，发现正常返回了。