Isomorphic authorization library for iOS, macOS, watchOS, and tvOS
CASL (pronounced "castle") is a Swift port of the popular CASL JavaScript library, providing declarative authorization and permission management for Apple platforms.
- ✅ Declarative permissions - Define what users can do with clean, readable rules
- ✅ Attribute-based access control (ABAC) - Conditional permissions based on resource properties
- ✅ Field-level permissions - Control access to specific fields of resources
- ✅ Type-safe - Leverages Swift's type system for compile-time safety
- ✅ Thread-safe - Built with Swift actors for concurrent permission checking
- ✅ Zero dependencies - Pure Swift with no third-party dependencies
- ✅ Serializable - JSON-compatible rules for isomorphic authorization
- ✅ Performant - Sub-millisecond permission checks
- Swift 5.10+
- iOS 13.0+ / macOS 10.15+ / watchOS 6.0+ / tvOS 13.0+
Add CASL to your Package.swift:
dependencies: [
.package(url: "https://github.com/michaelsiddi/casl-swift.git", from: "1.0.0")
]Or in Xcode:
- File → Add Packages...
- Enter:
https://github.com/michaelsiddi/casl-swift.git
import CASL
// Define permissions
let ability = AbilityBuilder()
.can("read", "BlogPost")
.can("update", "BlogPost", conditions: ["authorId": userId])
.cannot("delete", "BlogPost", conditions: ["published": true])
.build()
// Check permissions
if ability.can("read", post) {
// Allow access
}
if ability.cannot("delete", post) {
// Deny access
}func defineAbility(for role: UserRole) -> Ability {
let builder = AbilityBuilder()
switch role {
case .guest:
builder.can("read", "BlogPost")
case .user:
builder
.can("read", "BlogPost")
.can(["create", "update"], "BlogPost", conditions: ["authorId": userId])
case .admin:
builder.can("manage", "BlogPost") // All actions
}
return builder.build()
}let ability = AbilityBuilder()
// Users can update their own posts
.can("update", "BlogPost", conditions: ["authorId": currentUserId])
// Users can delete posts created within last hour
.can("delete", "Comment", conditions: [
"createdAt": ["$gt": Date().addingTimeInterval(-3600)]
])
// Moderators can update specific fields
.can("update", "BlogPost", fields: ["status", "tags"])
.build()// Check field-level access
if ability.can("update", post, field: "status") {
// Can update status field
}
if ability.cannot("update", post, field: "content") {
// Cannot update content field
}// Export rules to JSON
let encoder = JSONEncoder()
let jsonData = try encoder.encode(ability.exportRules())
// Import rules from JSON (e.g., from server)
let decoder = JSONDecoder()
let rules = try decoder.decode([RawRule].self, from: jsonData)
let ability = Ability(rules: rules)swift testCASL Swift is designed for high performance:
- Permission checks: <1ms for 100 rules
- Serialization: <10ms for 100 rules
- Concurrent checks: 1000+ simultaneous operations
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
MIT License - see LICENSE file for details.
CASL Swift is a port of CASL JavaScript by Sergii Stotskyi.
- CASL JavaScript - Original JavaScript implementation
- @casl/ability - Core JavaScript package
- CASL Examples - JavaScript examples
Made with ❤️ for the Swift community