Latest 1.0.1
Homepage https://github.com/mmabdelateef/Koosa
License MIT
Platforms ios 8.0
Authors

Koosa   Build Status Coverage Status

A simple Attributed Role-based Access Control For Swift

Check out this blog post for full explanation and more details: Access Control Management with Swift

Example

Koosa

Code In Action
Koosa
    // Anyone can browse group, if it is public
    Visitor.shouldBeAbleTo(BrowseGroup.action).when {
        guard let browseAction = $1 as? BrowseGroup else { return false }
        return browseAction.group.isPublicGroup
    }

    // Member can browse his groups + public groups
    GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
        guard let groupMember = $0 as? GroupMember,
            let browseAction = $1 as? BrowseGroup else { return false }
        return groupMember.groupNumber == browseAction.group.groupNumber
    }

    // Member can post his groups 
    GroupMemberUser.shouldBeAbleTo(PostToGroup.action).when {
        guard let groupMember = $0 as? GroupMember,
            let postAction = $1 as? PostToGroup else { return false }
        return groupMember.groupNumber == postAction.group.groupNumber
    }

    // Admin class extends Member + ability to delete
    GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
        guard let groupAdmin = $0 as? GroupAdmin,
            let deleteAction = $1 as? DeleteGroup else { return false }
        return groupAdmin.groupNumber == deleteAction.group.groupNumber
    }

    // SuperAdmin can do everything
    _ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
    _ = SuperAdminUser.shouldBeAbleTo(DeleteGroup.action)
    _ = SuperAdminUser.shouldBeAbleTo(PostToGroup.action)

Usage:

  1. Start by mapping each role in your requirements to a protocl that extends to prtocol Role or a protocl that extends it. Note that you can model role heirarchy using protocl inheritance.

    protocol GroupMember: Role {
    var groupNumber: Int {set get}
    }
    protocol GroupAdmin: GroupMember { }
  2. Model your actions into classes/strcut that conforms to protocl Action.

    struct BrowseGroup: Action {
    let group: Group
    
    init() {  // required default initializer
        group = Group(groupNumber: -1, isPublicGroup: false) // default froup
    }
    
    init(group: Group) {
        self.group = group
    }
    }
  3. Use role protocls to create concrete role classes.

    class GroupAdminUser: User, GroupAdmin {
    var groupNumber: Int
    init(name: String, age: Int, groupNumber: Int) {
        self.groupNumber = groupNumber
        super.init(name: name, age: age)
    }
    
    override required init() {
        self.groupNumber = -1
        super.init()
    }
    }
  4. Add the policies.
    GroupMemberUser.shouldBeAbleTo(BrowseGroup.action).when {
    guard let groupMember = $0 as? GroupMember,
        let browseAction = $1 as? BrowseGroup else { return false }
    return groupMember.groupNumber == browseAction.group.groupNumber
    }
    GroupAdminUser.shouldBeAbleTo(DeleteGroup.action).when {
    guard let groupAdmin = $0 as? GroupAdminUser,
        let deleteAction = $1 as? DeleteGroup else {
            return false
    }
    return groupAdmin.groupNumber == deleteAction.group.groupNumber
    }
    _ = SuperAdminUser.shouldBeAbleTo(BrowseGroup.action)
  5. Now you can validate if any user can do any action.
    let member1 = GroupMemberUser(name: "member1", age: 18, groupNumber: 1)
    let admin2 = GroupAdminUser(name: "admin2", age: 22, groupNumber: 2)
    let group1 = Group(groupNumber: 1, isPublicGroup: false)
    let group2 = Group(groupNumber: 2, isPublicGroup: false)
    member1.can(BrowseGroup(group: group1) // true
    member1.can(BrowseGroup(group: group2) // false
    admin2.can(BrowseGroup(group: group1) // true: GroupAdmin inherits BrowseGroup permission from GroupMember
    admin2.can(DeleteGroup(group: group2) // true
    admin2.can(DeleteGroup(group: group1) // false

Installation

Koosa can be installed using CocoaPods

use_frameworks!
pod 'Koosa'

License

MIT

Latest podspec

{
    "name": "Koosa",
    "version": "1.0.1",
    "summary": "Attributed Role-based Access Control For Swift",
    "description": "A simple Attributed Role-based Access Control For Swift",
    "homepage": "https://github.com/mmabdelateef/Koosa",
    "license": "MIT",
    "authors": {
        "mabdellateef": "[email protected]"
    },
    "social_media_url": "https://twitter.com/mmabdellateef",
    "platforms": {
        "ios": "8.0"
    },
    "source": {
        "git": "https://github.com/mmabdelateef/Koosa.git",
        "tag": "1.0.1"
    },
    "source_files": [
        "Koosa",
        "Koosa/**/*.{h,m,swift}"
    ],
    "swift_version": "4.1"
}

Pin It on Pinterest

Share This