Popularity
1.2
Stable
Activity
0.0
Stable
36
4
7

Description

Declarative Swift framework for Attributed Role-based Access Control. Check out this blog post for full explanation and more details: management.https://medium.com/@mmabdelateef/access-control-management-with-swift-cc3c3d68cbc3

Programming language: Swift
License: MIT License
Latest version: v1.0.1

Koosa    alternatives and similar libraries

Based on the "Authentication" category.
Alternatively, view Koosa    alternatives based on common mentions on social networks and blogs.

Do you think we are missing an alternative of Koosa    or a related project?

Add another 'Authentication' Library

README

Koosa   Build Status Coverage Status

Declarative Swift framework for Attributed Role-based Access Control management

Check out this blog post for full explanation and more details: Access Control Management with Swift

Example

[](imgs/PolicyExample.png) Code In Action

// Anyone can browse group, if it is public
Visitor.shouldBeAbleTo(BrowseGroup.action).when {
    guard let browseAction = $1 as? BrowseGroup else { return false }
    return browseAction.group.isPublicGroup
}

// Member can browse his groups + public groups
GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let browseAction = $1 as? BrowseGroup else { return false }
    return groupMember.groupNumber == browseAction.group.groupNumber
}

// Member can post his groups 
GroupMemberUser.shouldBeAbleTo(PostToGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let postAction = $1 as? PostToGroup else { return false }
    return groupMember.groupNumber == postAction.group.groupNumber
}

// Admin class extends Member + ability to delete
GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
    guard let groupAdmin = $0 as? GroupAdmin,
        let deleteAction = $1 as? DeleteGroup else { return false }
    return groupAdmin.groupNumber == deleteAction.group.groupNumber
}

// SuperAdmin can do everything
_ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(DeleteGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(PostToGroup.action)

Usage:

  1. Start by mapping each role in your requirements to a protocl that extends to prtocol Role or a protocl that extends it. Note that you can model role heirarchy using protocl inheritance.

    protocol GroupMember: Role {
    var groupNumber: Int {set get}
    }
    protocol GroupAdmin: GroupMember { }
    
  2. Model your actions into classes/strcut that conforms to protocl Action.

    struct BrowseGroup: Action {
    let group: Group
    
    init() {  // required default initializer
        group = Group(groupNumber: -1, isPublicGroup: false) // default froup
    }
    
    init(group: Group) {
        self.group = group
    }
    }
    
  3. Use role protocls to create concrete role classes.

    class GroupAdminUser: User, GroupAdmin {
    var groupNumber: Int
    init(name: String, age: Int, groupNumber: Int) {
        self.groupNumber = groupNumber
        super.init(name: name, age: age)
    }
    
    override required init() {
        self.groupNumber = -1
        super.init()
    }
    }
    
  4. Add the policies.

    GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let browseAction = $1 as? BrowseGroup else { return false }
    return groupMember.groupNumber == browseAction.group.groupNumber
    }
    GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
    guard let groupAdmin = $0 as? GroupAdminUser,
        let deleteAction = $1 as? DeleteGroup else {
            return false
    }
    return groupAdmin.groupNumber == deleteAction.group.groupNumber
    }
    _ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
    
  5. Now you can validate if any user can do any action.

    let member1 = GroupMemberUser(name: "member1", age: 18, groupNumber: 1)
    let admin2 = GroupAdminUser(name: "admin2", age: 22, groupNumber: 2)
    let group1 = Group(groupNumber: 1, isPublicGroup: false)
    let group2 = Group(groupNumber: 2, isPublicGroup: false)
    member1.can(BrowseGroup(group: group1) // true
    member1.can(BrowseGroup(group: group2) // false
    admin2.can(BrowseGroup(group: group1) // true: GroupAdmin inherits BrowseGroup permission from GroupMember
    admin2.can(DeleteGroup(group: group2) // true
    admin2.can(DeleteGroup(group: group1) // false
    

Installation

Koosa can be installed using CocoaPods

use_frameworks!
pod 'Koosa'

License

MIT


*Note that all licence references and agreements mentioned in the Koosa    README section above are relevant to that project's source code only.