tintin 1.0.0

  • README.md
  • Installing
  • Versions
  • 44


TinTin is a declarative authorization library for Dart which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across controllers, views, and database queries.

TinTin is heavily inspired by Ryan Bates' CanCan and its successor CanCanCan for Ruby and Jonathan Tushman's bouncer for Python.


Define Abilities

Add a new class extending TinTin's Ability class. This is where all user permissions are defined.

class MyAbility extends Ability {
  MyAbility(User user): super() {
    if(user.is_admin) {

You can use a custom user model. TinTin makes no assumptions about how roles are handled in your application.

The set_can Method

The set_can method is used to define permissions and requires two arguments. The first one is the action you're setting the permission for, the second one is the type of object you're setting it on.

set_can(['READ'], [Project]);

You can pass Ability.MANAGE to represent any action and Ability.ALL to represent any object.

set_can([Ability.MANAGE], [Project]); // user can perform any action on the project
set_can(['READ'], [Ability.ALL]); // user can read any object

Currently only arrays are accepted as parameters for set_can, even when using only one argument each. You can also pass more values to match any one.

set_can(['READ', 'RATE'], [Article, Project]);

Additional Conditions

A list of conditions can be passed as optional argument to further restrict which records this permission applies to.

set_can(['READ'], [Project], conditions: [(p) => p.is_active, (p) => p.userId == user.id]);

Here the user will only have permissions to read active projects which they own.

Combining Abilities

It is possible to define multiple abilities for the same resource.

set_can(['READ'], [Project], conditions: [(p) => p.is_released]);
set_can(['READ'], [Project], conditions: [(p) => p.is_preview]);

Here the user will be able to read projects which are released OR available for preview.

The set_cannot method takes the same arguments as can and defines which actions the user is unable to perform. This is normally done after a more generic set_can call.

set_can([Ability.MANAGE], [Project]);
set_cannot(['DESTROY'], [Project]);

The order of these calls is important.

Check Abilities & Authorization

A user's permission can be checked using the can and cannot methods on your MyAbility class for this user.

  User admin = new User(admin: true);
  Ability adminAbility = new MyAbility(admin);
  if(adminAbility.can('DELETE', resource)) {
    // do something

The ensure methods will raise an AccessDenied exception if the user is not able to perform the given action.

  adminAbility.ensure('DELETE', resource);


A small example project is included in the tests, see tintin_test.dart.


Licensed under the MIT license.


  • Add support for Dart 2
  • Remove support for Dart 1


  • Switch to using test instead of unittest package


  • Fix some typos in the docs
  • Widen version constraint on collection package


  • Initial public release

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:

  tintin: ^1.0.0

2. Install it

You can install packages from the command line:

with pub:

$ pub get

with Flutter:

$ flutter packages get

Alternatively, your editor might support pub get or flutter packages get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:

import 'package:tintin/tintin.dart';
Version Uploaded Documentation Archive
1.0.0 Aug 18, 2018 Go to the documentation of tintin 1.0.0 Download tintin 1.0.0 archive
0.1.0+2 Nov 20, 2015 Go to the documentation of tintin 0.1.0+2 Download tintin 0.1.0+2 archive
0.1.0+1 Nov 7, 2014 Go to the documentation of tintin 0.1.0+1 Download tintin 0.1.0+1 archive
0.1.0 Nov 6, 2014 Go to the documentation of tintin 0.1.0 Download tintin 0.1.0 archive
Describes how popular the package is relative to other packages. [more]
Code health derived from static analysis. [more]
Reflects how tidy and up-to-date the package is. [more]
Weighted score of the above. [more]
Learn more about scoring.

We analyzed this package on Nov 14, 2018, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.0.0
  • pana: 0.12.6


Detected platforms: Flutter, web, other

No platform restriction found in primary library package:tintin/tintin.dart.

Health suggestions

Fix lib/tintin.dart. (-0.50 points)

Analysis of lib/tintin.dart reported 1 hint:

line 103 col 20: The value of the field '_l' isn't used.

Maintenance suggestions

The description is too short. (-20 points)

Add more detail about the package, what it does and what is its target use case. Try to write at least 60 characters.

Maintain an example. (-10 points)

Create a short demo in the example/ directory to show how to use this package. Common file name patterns include: main.dart, example.dart or you could also use tintin.dart.


Package Constraint Resolved Available
Direct dependencies
Dart SDK >=2.0.0 <3.0.0
collection ^1.14.11 1.14.11
Dev dependencies
test ^1.0.0