diff --git a/app/Http/Controllers/RoleController.php b/app/Http/Controllers/RoleController.php
new file mode 100644
index 0000000000000000000000000000000000000000..088f67f195faa42f0cf08ef597ec8f57db58c7c4
--- /dev/null
+++ b/app/Http/Controllers/RoleController.php
@@ -0,0 +1,59 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use App\UsersRoles;
+use App\User;
+use App\Http\Requests;
+
+use Illuminate\Support\Facades\Input;
+
+class RoleController extends Controller
+{
+    protected $user_roles = [];
+
+    public function __construct()
+    {
+        //$this->middleware('auth');
+        //$this->middleware('user.admin');
+        //$this->user_roles = Auth::user()->roles()->get()->toArray();
+    }
+
+    public function has_role($role_name)
+    {
+        foreach ($this->user_roles as $role) 
+        {
+            if ($role['name'] == $role_name)
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+    
+    public function index($userId)
+    {
+        return User::find($userId)->roles()->get();
+    }
+
+    public function store($userId)
+    {
+        $data = Input::json();
+        if (UsersRoles::create(["id_user"=>$userId, "id_role"=>$data->get('id_role')]))
+            return ["status"=>"ok"];
+        else
+            return ["status"=>"err"];
+    }
+
+    public function destroy($userId, $roleId)
+    {
+        if (UsersRoles::where('id_user', $userId)->where('id_role', $roleId)->delete())
+            return ["status"=>"ok"];
+        else
+            return ["status"=>"err"];
+    }
+
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index dc48d9011c308646492125bb6c67a9fb24c75344..d0262b1abceec00989a081d41d5b000687a2628e 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -27,8 +27,7 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\EncryptCookies::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
+            \Illuminate\View\Middleware\ShareErrorsFromSession::class
         ],
 
         'api' => [
diff --git a/app/Http/routes.php b/app/Http/routes.php
index a09cb5176bc3033fa8d282991419a750143eae56..189f4ab005961ae22cf06b0356c0e70d17c54e34 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -20,4 +20,6 @@ Route::group(['middleware' => 'web'], function () {
     Route::resource('user', 'UserController');
     Route::resource('tps', 'TpsController');
     Route::resource('schedule', 'ScheduleController');
+
+    Route::resource('user.role', 'RoleController');
 });
diff --git a/app/UsersRoles.php b/app/UsersRoles.php
index 10077fe0c88cbe8cbca3a8f098b7a5160ecf483e..9a520a3083568f52a706564e1f56f6567292541a 100644
--- a/app/UsersRoles.php
+++ b/app/UsersRoles.php
@@ -6,6 +6,8 @@ use Illuminate\Database\Eloquent\Model;
 
 class UsersRoles extends Model
 {
+	protected $fillable = array('id_user', 'id_role');
+
     public function user()
     {
         return $this->hasOne('App\User', 'id', 'id_user');