rightify
A lightweight, backend-agnostic rights engine for Flutter apps.
โจ Why this library?
Most Flutter apps handle payments via Stripe, RevenueCat, or app stores, but feature access logic is often rewritten for every app.
rightify focuses on one simple problem:
"Can this user perform this action right now?"
No enums, no business logic, no backend coupling.
๐ Features
- Generic rights engine (String-based)
- Action โ minimum required level rules
- Ordered rights hierarchy
- Local cache (SharedPreferences)
- Optional remote source (JSON)
- Simple API:
canPerform(action) - Fully testable
โ What this library does NOT do
- Payment processing
- Subscription validation
- Backend security
- Fraud prevention
Always re-check permissions on the backend.
๐ฆ Installation
dependencies:
rightify: ^0.1.0
๐ง Core concepts
Actions
Actions are strings defined by the app developer:
const exportPdf = 'export_pdf';
const createInvoice = 'create_invoice';
Rights levels
Also strings, fully controlled by the app:
const free = 'free';
const premium = 'premium';
const gold = 'gold';
Rights hierarchy
Order matters:
final hierarchy = ['free', 'premium', 'gold'];
Higher index = more permissions.
Action rules
Define the minimum level required for each action:
final rules = {
exportPdf: gold,
createInvoice: premium,
};
๐ง Initialization
await Rightify.initialize(
hierarchy: hierarchy,
rules: rules,
localSource: SharedPrefsRightsSource(),
remoteSource: RemoteRightsSource(() => api.get('/me/rights')),
);
โ Checking permissions
if (Rightify.canPerform(exportPdf)) {
exportPdf();
} else {
showPaywall();
}
๐ Updating user level
await Rightify.setLevel(gold);
๐ Remote JSON format example
{
"right_level": "gold"
}
๐งช Testing
- Fully testable rights engine
- Fake sources for local/remote
- No Flutter UI dependencies
Check the test/ folder for examples.
๐ฃ Roadmap
- Expiring rights
- Free trials
- Scoped actions
- Analytics hooks
- RevenueCat / Stripe adapters
๐ License
MIT