建表：php artisan make:migration create_tasks_table --create=tasks 建模型：php artisan make:model Task 一個User實例對應多個Task實例，而一個Task實例從屬于某個User： /** * Get all of the tasks for the user. */ public function tasks() { return $this->hasMany(Task::class); } public function user() { return $this->belongsTo(User::class); } 路由： Route::group(['middleware' => ['web']], function () { Route::get('/', function () { return view('welcome'); })->middleware('guest'); Route::get('/tasks', 'TaskController@index'); Route::post('/task', 'TaskController@store'); Route::delete('/task/{task}', 'TaskController@destroy'); Route::auth(); }); 設置中間件： class TaskController extends Controller{ /** * Create a new controller instance. * * @return void */ public function __construct() { $this->middleware('auth'); } } 依賴注入： 我們創建一個app/Repositories目錄并在其中創建一個TaskRepository類。記住，Laravel項目的app文件夾下的所有目錄都使用 PSR-4 自動加載標準被自動加載，所以你可以在其中隨心所欲地創建需要的目錄： ~~~ <?php namespace App\Repositories; use App\User; use App\Task; class TaskRepository{ /** * Get all of the tasks for a given user. * * @param User $user * @return Collection */ public function forUser(User $user) { return Task::where('user_id', $user->id) ->orderBy('created_at', 'asc') ->get(); } } public function __construct(TaskRepository $tasks) { $this->middleware('auth'); $this->tasks = $tasks; } 授權： php artisan make:policy TaskPolicy class TaskPolicy{ use HandlesAuthorization; /** * Determine if the given user can delete the given task. * * @param User $user * @param Task $task * @return bool */ public function destroy(User $user, Task $task) { return $user->id === $task->user_id; } } 最后，我們需要關聯Task模型和TaskPolicy，這可以通過在app/Providers/AuthServiceProvider.php文件的policies屬性中添加注冊來實現，注冊后會告知Laravel無論何時我們嘗試授權動作到Task實例時該使用哪個策略類進行判斷： /** * The policy mappings for the application. * * @var array */ protected $policies = [ 'App\Task' => 'App\Policies\TaskPolicy', ]; ~~~