rodrigopedra/Role.php

## Role.php
<?php namespace App;

use Illuminate\Database\Eloquent\Model;

class Role extends Model
{
    protected $table = 'roles';

    protected $fillable = [ 'name' ];
}

## roles.blade.php
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>Roles</title>
</head>
<body>
<h1>Roles for {{ $user->name }}</h1>

<form action="{{ route('user.update', [$user]) }}" method="POST" accept-charset="UTF-8">
    <input type="hidden" name="_token" value="{{ csrf_token() }}">

    <ul>
        @forelse($roles as $role)
            <li>
                <label>
                    <input type="checkbox" name="roles[]"
                           value="{{ $role->id }}" {{ $user->hasRole($role) ? 'checked' : '' }}>
                    {{ $role->name }}
                </label>
            </li>
        @empty
            <li>no roles</li>
        @endforelse
    </ul>

    <p>
        <button type="submit">Save</button>
    </p>
</form>
</body>
</html>

## routes.php
<?php
    /** @var Illuminate\Routing\Router $router */

    $router->get( '/user/{id}/roles', ['as' => 'user.edit', 'uses' => 'UserController@edit' ] );
    $router->post( '/user/{id}/roles', ['as' => 'user.update', 'uses' => 'UserController@update' ] );

## User.php
<?php namespace App;

use Illuminate\Auth\Authenticatable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;

class User extends Model implements AuthenticatableContract, CanResetPasswordContract
{
    use Authenticatable, CanResetPassword;

    protected $table = 'users';

    protected $fillable = [ 'name', 'email', 'password' ];

    protected $hidden = [ 'password', 'remember_token' ];

    public function roles()
    {
        return $this->belongsToMany( 'App\Role', 'role_user' );
    }

    public function hasRole( Role $role )
    {
        return $this->roles->contains( $role );
    }
}

## UserController.php
<?php namespace App\Http\Controllers;

use Illuminate\Http\Request;

use App\User;
use App\Role;

class UserController extends Controller
{
    public function edit( $id )
    {
        // TODO: use route model binding
        $user = User::with('roles')->findOrFail( $id );

        $roles = Role::all();

        return view( 'roles', compact( 'user', 'roles' ) );
    }

    public function update( $id, Request $request )
    {
        $roles = $request->get( 'roles', [] );

        $user = User::findOrFail( $id );
        $user->roles()->sync( $roles ); // this does the trick

        return redirect()->back()->with( 'info', 'success' );
    }
}
	<?php namespace App;

	use Illuminate\Database\Eloquent\Model;

	class Role extends Model
	{
	protected $table = 'roles';

	protected $fillable = [ 'name' ];
	}
	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="utf-8">
	<title>Roles</title>
	</head>
	<body>
	<h1>Roles for {{ $user->name }}</h1>

	<form action="{{ route('user.update', [$user]) }}" method="POST" accept-charset="UTF-8">
	<input type="hidden" name="_token" value="{{ csrf_token() }}">

	<ul>
	@forelse($roles as $role)
	<li>
	<label>
	<input type="checkbox" name="roles[]"
	value="{{ $role->id }}" {{ $user->hasRole($role) ? 'checked' : '' }}>
	{{ $role->name }}
	</label>
	</li>
	@empty
	<li>no roles</li>
	@endforelse
	</ul>

	<p>
	<button type="submit">Save</button>
	</p>
	</form>
	</body>
	</html>
	<?php
	/** @var Illuminate\Routing\Router $router */

	$router->get( '/user/{id}/roles', ['as' => 'user.edit', 'uses' => 'UserController@edit' ] );
	$router->post( '/user/{id}/roles', ['as' => 'user.update', 'uses' => 'UserController@update' ] );
	<?php namespace App;

	use Illuminate\Auth\Authenticatable;
	use Illuminate\Database\Eloquent\Model;
	use Illuminate\Auth\Passwords\CanResetPassword;
	use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
	use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;

	class User extends Model implements AuthenticatableContract, CanResetPasswordContract
	{
	use Authenticatable, CanResetPassword;

	protected $table = 'users';

	protected $fillable = [ 'name', 'email', 'password' ];

	protected $hidden = [ 'password', 'remember_token' ];

	public function roles()
	{
	return $this->belongsToMany( 'App\Role', 'role_user' );
	}

	public function hasRole( Role $role )
	{
	return $this->roles->contains( $role );
	}
	}
	<?php namespace App\Http\Controllers;

	use Illuminate\Http\Request;

	use App\User;
	use App\Role;

	class UserController extends Controller
	{
	public function edit( $id )
	{
	// TODO: use route model binding
	$user = User::with('roles')->findOrFail( $id );

	$roles = Role::all();

	return view( 'roles', compact( 'user', 'roles' ) );
	}

	public function update( $id, Request $request )
	{
	$roles = $request->get( 'roles', [] );

	$user = User::findOrFail( $id );
	$user->roles()->sync( $roles ); // this does the trick

	return redirect()->back()->with( 'info', 'success' );
	}
	}