Description
Declarative Swift framework for Attributed Role-based Access Control. Check out this blog post for full explanation and more details: management.https://medium.com/@mmabdelateef/access-control-management-with-swift-cc3c3d68cbc3
Koosa alternatives and similar libraries
Based on the "Authentication" category.
Alternatively, view Koosa alternatives based on common mentions on social networks and blogs.
CodeRabbit: AI Code Reviews for Developers
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of Koosa or a related project?
Popular Comparisons
README
Koosa
Declarative Swift framework for Attributed Role-based Access Control management
Check out this blog post for full explanation and more details: Access Control Management with Swift
Example
[](imgs/PolicyExample.png) Code In Action
// Anyone can browse group, if it is public
Visitor.shouldBeAbleTo(BrowseGroup.action).when {
guard let browseAction = $1 as? BrowseGroup else { return false }
return browseAction.group.isPublicGroup
}
// Member can browse his groups + public groups
GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
guard let groupMember = $0 as? GroupMember,
let browseAction = $1 as? BrowseGroup else { return false }
return groupMember.groupNumber == browseAction.group.groupNumber
}
// Member can post his groups
GroupMemberUser.shouldBeAbleTo(PostToGroup.action).when {
guard let groupMember = $0 as? GroupMember,
let postAction = $1 as? PostToGroup else { return false }
return groupMember.groupNumber == postAction.group.groupNumber
}
// Admin class extends Member + ability to delete
GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
guard let groupAdmin = $0 as? GroupAdmin,
let deleteAction = $1 as? DeleteGroup else { return false }
return groupAdmin.groupNumber == deleteAction.group.groupNumber
}
// SuperAdmin can do everything
_ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(DeleteGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(PostToGroup.action)
Usage:
Start by mapping each role in your requirements to a protocl that extends to prtocol
Role
or a protocl that extends it. Note that you can model role heirarchy using protocl inheritance.protocol GroupMember: Role { var groupNumber: Int {set get} } protocol GroupAdmin: GroupMember { }
Model your actions into classes/strcut that conforms to protocl
Action
.struct BrowseGroup: Action { let group: Group init() { // required default initializer group = Group(groupNumber: -1, isPublicGroup: false) // default froup } init(group: Group) { self.group = group } }
Use role protocls to create concrete role classes.
class GroupAdminUser: User, GroupAdmin { var groupNumber: Int init(name: String, age: Int, groupNumber: Int) { self.groupNumber = groupNumber super.init(name: name, age: age) } override required init() { self.groupNumber = -1 super.init() } }
Add the policies.
GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when { guard let groupMember = $0 as? GroupMember, let browseAction = $1 as? BrowseGroup else { return false } return groupMember.groupNumber == browseAction.group.groupNumber } GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when { guard let groupAdmin = $0 as? GroupAdminUser, let deleteAction = $1 as? DeleteGroup else { return false } return groupAdmin.groupNumber == deleteAction.group.groupNumber } _ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
Now you can validate if any user can do any action.
let member1 = GroupMemberUser(name: "member1", age: 18, groupNumber: 1) let admin2 = GroupAdminUser(name: "admin2", age: 22, groupNumber: 2) let group1 = Group(groupNumber: 1, isPublicGroup: false) let group2 = Group(groupNumber: 2, isPublicGroup: false) member1.can(BrowseGroup(group: group1) // true member1.can(BrowseGroup(group: group2) // false admin2.can(BrowseGroup(group: group1) // true: GroupAdmin inherits BrowseGroup permission from GroupMember admin2.can(DeleteGroup(group: group2) // true admin2.can(DeleteGroup(group: group1) // false
Installation
Koosa can be installed using CocoaPods
use_frameworks!
pod 'Koosa'
License
MIT
*Note that all licence references and agreements mentioned in the Koosa README section above
are relevant to that project's source code only.