Popularity
1.0
Growing
Activity
0.0
Stable
31
3
5

Description

Declarative Swift framework for Attributed Role-based Access Control. Check out this blog post for full explanation and more details: management.https://medium.com/@mmabdelateef/access-control-management-with-swift-cc3c3d68cbc3

Programming language: Swift
Latest version: v1.0.1

Koosa    alternatives and similar libraries

Based on the "Authentication" category

Do you think we are missing an alternative of Koosa    or a related project?

Add another 'Authentication' Library

README

Koosa   Build Status Coverage Status

Declarative Swift framework for Attributed Role-based Access Control management

Check out this blog post for full explanation and more details: Access Control Management with Swift

Example

[](imgs/PolicyExample.png) Code In Action

// Anyone can browse group, if it is public
Visitor.shouldBeAbleTo(BrowseGroup.action).when {
    guard let browseAction = $1 as? BrowseGroup else { return false }
    return browseAction.group.isPublicGroup
}

// Member can browse his groups + public groups
GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let browseAction = $1 as? BrowseGroup else { return false }
    return groupMember.groupNumber == browseAction.group.groupNumber
}

// Member can post his groups 
GroupMemberUser.shouldBeAbleTo(PostToGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let postAction = $1 as? PostToGroup else { return false }
    return groupMember.groupNumber == postAction.group.groupNumber
}

// Admin class extends Member + ability to delete
GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
    guard let groupAdmin = $0 as? GroupAdmin,
        let deleteAction = $1 as? DeleteGroup else { return false }
    return groupAdmin.groupNumber == deleteAction.group.groupNumber
}

// SuperAdmin can do everything
_ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(DeleteGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(PostToGroup.action)

Usage:

  1. Start by mapping each role in your requirements to a protocl that extends to prtocol Role or a protocl that extends it. Note that you can model role heirarchy using protocl inheritance.

    protocol GroupMember: Role {
    var groupNumber: Int {set get}
    }
    protocol GroupAdmin: GroupMember { }
    
  2. Model your actions into classes/strcut that conforms to protocl Action.

    struct BrowseGroup: Action {
    let group: Group
    
    init() {  // required default initializer
        group = Group(groupNumber: -1, isPublicGroup: false) // default froup
    }
    
    init(group: Group) {
        self.group = group
    }
    }
    
  3. Use role protocls to create concrete role classes.

    class GroupAdminUser: User, GroupAdmin {
    var groupNumber: Int
    init(name: String, age: Int, groupNumber: Int) {
        self.groupNumber = groupNumber
        super.init(name: name, age: age)
    }
    
    override required init() {
        self.groupNumber = -1
        super.init()
    }
    }
    
  4. Add the policies.

    GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let browseAction = $1 as? BrowseGroup else { return false }
    return groupMember.groupNumber == browseAction.group.groupNumber
    }
    GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
    guard let groupAdmin = $0 as? GroupAdminUser,
        let deleteAction = $1 as? DeleteGroup else {
            return false
    }
    return groupAdmin.groupNumber == deleteAction.group.groupNumber
    }
    _ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
    
  5. Now you can validate if any user can do any action.

    let member1 = GroupMemberUser(name: "member1", age: 18, groupNumber: 1)
    let admin2 = GroupAdminUser(name: "admin2", age: 22, groupNumber: 2)
    let group1 = Group(groupNumber: 1, isPublicGroup: false)
    let group2 = Group(groupNumber: 2, isPublicGroup: false)
    member1.can(BrowseGroup(group: group1) // true
    member1.can(BrowseGroup(group: group2) // false
    admin2.can(BrowseGroup(group: group1) // true: GroupAdmin inherits BrowseGroup permission from GroupMember
    admin2.can(DeleteGroup(group: group2) // true
    admin2.can(DeleteGroup(group: group1) // false
    

Installation

Koosa can be installed using CocoaPods

use_frameworks!
pod 'Koosa'

License

MIT


*Note that all licence references and agreements mentioned in the Koosa    README section above are relevant to that project's source code only.