tintin 1.0.0

  • Readme
  • Changelog
  • Installing
  • 31

TinTin #

TinTin is a declarative authorization library for Dart which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries.

TinTin is heavily inspired by Ryan Bates' CanCan and its successor CanCanCan for Ruby and Jonathan Tushman's bouncer for Python.

How-to #

Define Abilities #

Add a new class extending TinTin's Ability class. This is where all user permissions are defined.

class MyAbility extends Ability {
  MyAbility(User user): super() {
    if(user.is_admin) {

You can use a custom user model. TinTin makes no assumptions about how roles are handled in your application.

The set_can Method

The set_can method is used to define permissions and requires two arguments. The first one is the action you're setting the permission for, the second one is the type of object you're setting it on.

set_can(['READ'], [Project]);

You can pass Ability.MANAGE to represent any action and Ability.ALL to represent any object.

set_can([Ability.MANAGE], [Project]); // user can perform any action on the project
set_can(['READ'], [Ability.ALL]); // user can read any object

Currently only arrays are accepted as parameters for set_can, even when using only one argument each. You can also pass more values to match any one.

set_can(['READ', 'RATE'], [Article, Project]);

Additional Conditions

A list of conditions can be passed as optional argument to further restrict which records this permission applies to.

set_can(['READ'], [Project], conditions: [(p) => p.is_active, (p) => p.userId == user.id]);

Here the user will only have permissions to read active projects which they own.

Combining Abilities

It is possible to define multiple abilities for the same resource.

set_can(['READ'], [Project], conditions: [(p) => p.is_released]);
set_can(['READ'], [Project], conditions: [(p) => p.is_preview]);

Here the user will be able to read projects which are released OR available for preview.

The set_cannot method takes the same arguments as can and defines which actions the user is unable to perform. This is normally done after a more generic set_can call.

set_can([Ability.MANAGE], [Project]);
set_cannot(['DESTROY'], [Project]);

The order of these calls is important.

Check Abilities & Authorization #

A user's permission can be checked using the can and cannot methods on your MyAbility class for this user.

  User admin = new User(admin: true);
  Ability adminAbility = new MyAbility(admin);
  if(adminAbility.can('DELETE', resource)) {
    // do something

The ensure methods will raise an AccessDenied exception if the user is not able to perform the given action.

  adminAbility.ensure('DELETE', resource);

Examples #

A small example project is included in the tests, see tintin_test.dart.

License #

Licensed under the MIT license.

1.0.0 #

  • Add support for Dart 2
  • Remove support for Dart 1

0.1.0+2 #

  • Switch to using test instead of unittest package

0.1.0+1 #

  • Fix some typos in the docs
  • Widen version constraint on collection package

0.1.0 #

  • Initial public release

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:

  tintin: ^1.0.0

2. Install it

You can install packages from the command line:

with pub:

$ pub get

with Flutter:

$ flutter pub get

Alternatively, your editor might support pub get or flutter pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:

import 'package:tintin/tintin.dart';
Describes how popular the package is relative to other packages. [more]
Code health derived from static analysis. [more]
Reflects how tidy and up-to-date the package is. [more]
Weighted score of the above. [more]
Learn more about scoring.

We analyzed this package on Mar 31, 2020, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.7.1
  • pana: 0.13.6

Health suggestions

Fix lib/tintin.dart. (-5.36 points)

Analysis of lib/tintin.dart reported 11 hints, including:

line 1 col 1: Prefer using /// for doc comments.

line 81 col 7: DO use curly braces for all flow control structures.

line 83 col 7: DO use curly braces for all flow control structures.

line 92 col 7: DO use curly braces for all flow control structures.

line 95 col 7: DO use curly braces for all flow control structures.

Maintenance suggestions

Package is getting outdated. (-61.64 points)

The package was last published 84 weeks ago.

The package description is too short. (-15 points)

Add more detail to the description field of pubspec.yaml. Use 60 to 180 characters to describe the package, what it does, and its target use case.

Maintain an example. (-10 points)

Create a short demo in the example/ directory to show how to use this package.

Common filename patterns include main.dart, example.dart, and tintin.dart. Packages with multiple examples should provide example/README.md.

For more information see the pub package layout conventions.


Package Constraint Resolved Available
Direct dependencies
Dart SDK >=2.0.0 <3.0.0
collection ^1.14.11 1.14.12
Dev dependencies
test ^1.0.0