Skip to content
/ Koosa Public

Declarative Swift framework for Attributed Role-based Access Control management

License

MIT license
36 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mmabdelateef/Koosa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
Example
Example
 
 
Koosa.xcodeproj
Koosa.xcodeproj
 
 
Koosa
Koosa
 
 
KoosaTests
KoosaTests
 
 
fastlane
fastlane
 
 
imgs
imgs
 
 
.travis.yml
.travis.yml
 
 
Gemfile
Gemfile
 
 
Koosa.podspec
Koosa.podspec
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Koosa   Build Status Coverage Status

Declarative Swift framework for Attributed Role-based Access Control management

Check out this blog post for full explanation and more details: Access Control Management with Swift

Example

Code In Action 
// Anyone can browse group, if it is public
Visitor.shouldBeAbleTo(BrowseGroup.action).when {
    guard let browseAction = $1 as? BrowseGroup else { return false }
    return browseAction.group.isPublicGroup
}

// Member can browse his groups + public groups
GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let browseAction = $1 as? BrowseGroup else { return false }
    return groupMember.groupNumber == browseAction.group.groupNumber
}

// Member can post his groups 
GroupMemberUser.shouldBeAbleTo(PostToGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let postAction = $1 as? PostToGroup else { return false }
    return groupMember.groupNumber == postAction.group.groupNumber
}

// Admin class extends Member + ability to delete
GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
    guard let groupAdmin = $0 as? GroupAdmin,
        let deleteAction = $1 as? DeleteGroup else { return false }
    return groupAdmin.groupNumber == deleteAction.group.groupNumber
}

// SuperAdmin can do everything
_ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(DeleteGroup.action)
_ = SuperAdminUser.shouldBeAbleTo(PostToGroup.action)

Usage:

  1. Start by mapping each role in your requirements to a protocl that extends to prtocol Role or a protocl that extends it. Note that you can model role heirarchy using protocl inheritance.
protocol GroupMember: Role {
    var groupNumber: Int {set get}
}
protocol GroupAdmin: GroupMember { }
  1. Model your actions into classes/strcut that conforms to protocl Action.
struct BrowseGroup: Action {
    let group: Group
    
    init() {  // required default initializer
        group = Group(groupNumber: -1, isPublicGroup: false) // default froup
    }
    
    init(group: Group) {
        self.group = group
    }
}
  1. Use role protocls to create concrete role classes.
class GroupAdminUser: User, GroupAdmin {
    var groupNumber: Int
    init(name: String, age: Int, groupNumber: Int) {
        self.groupNumber = groupNumber
        super.init(name: name, age: age)
    }
    
    override required init() {
        self.groupNumber = -1
        super.init()
    }
}
  1. Add the policies.
GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let browseAction = $1 as? BrowseGroup else { return false }
    return groupMember.groupNumber == browseAction.group.groupNumber
}
GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
    guard let groupAdmin = $0 as? GroupAdminUser,
        let deleteAction = $1 as? DeleteGroup else {
            return false
    }
    return groupAdmin.groupNumber == deleteAction.group.groupNumber
}
_ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
  1. Now you can validate if any user can do any action.
let member1 = GroupMemberUser(name: "member1", age: 18, groupNumber: 1)
let admin2 = GroupAdminUser(name: "admin2", age: 22, groupNumber: 2)
let group1 = Group(groupNumber: 1, isPublicGroup: false)
let group2 = Group(groupNumber: 2, isPublicGroup: false)
member1.can(BrowseGroup(group: group1) // true
member1.can(BrowseGroup(group: group2) // false
admin2.can(BrowseGroup(group: group1) // true: GroupAdmin inherits BrowseGroup permission from GroupMember
admin2.can(DeleteGroup(group: group2) // true
admin2.can(DeleteGroup(group: group1) // false

Installation

Koosa can be installed using CocoaPods

use_frameworks!
pod 'Koosa'

License

MIT

About

Declarative Swift framework for Attributed Role-based Access Control management

Topics

swift ios permissions ios-app ios-swift access-control mobile-development ios-development swift-development declerative

Resources

Readme

License

MIT license
Activity

Stars

36 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy