> ## Documentation Index
> Fetch the complete documentation index at: https://www.osohq.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Post list query
> Fetches a filter that can be applied to a database query to return just the resources on which an actor can perform an action.
## OpenAPI
````yaml /reference/openapi.json post /list_query
openapi: 3.1.0
info:
title: Oso Cloud HTTP API
version: 0.1.0
description: >-
Oso Cloud exposes an HTTP API that you can use to make queries directly,
without using one of the clients.
For endpoints that require
authentication, pass your API key as an HTTP Bearer Auth payload.
For
example, using curl: curl -H "Authorization: Bearer
$OSO_AUTH" https://cloud.osohq.com/api/
servers:
- url: https://api.osohq.com/api/
security: []
paths:
/list_query:
post:
tags:
- Local Check API
description: >-
Fetches a filter that can be applied to a database query to return just
the resources on which an actor can perform an action.
operationId: post_list_query
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LocalListQuery'
required: true
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/LocalListResult'
default:
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/ApiError'
security:
- ApiKey: []
x-codeSamples:
- lang: javascript
label: Node.js
source: >
import { Oso } from 'oso-cloud';
const apiKey = process.env.OSO_CLOUD_API_KEY;
const oso = new Oso("https://cloud.osohq.com", apiKey);
// Generate SQL condition for authorized resources
const alice = { type: "User", id: "alice" };
const sqlCondition = await oso.listLocal(alice, "read", "Issue",
"id");
// Use with database query (example with Kysely)
const authorized_issues = await db
.selectFrom("issues")
.where(sql.raw(sqlCondition))
.selectAll()
.execute();
console.log("Authorized issues:", authorized_issues.length);
- lang: python
label: Python
source: |
from oso_cloud import Oso, Value
import os
from sqlalchemy import select, text
from oso_cloud import Oso, Value
oso = Oso(api_key=os.environ.get('OSO_CLOUD_API_KEY', None))
# Generate SQL condition for authorized resources
alice = Value("User", "alice")
sql_condition = oso.list_local(alice, "read", "Issue", "id")
# Use with SQLAlchemy
authorized_issues = session.scalars(
select(Issues).filter(text(sql_condition))
).all()
print(f"Found {len(authorized_issues)} authorized issues")
- lang: go
label: Go
source: >
package main
import (
"log"
"os"
oso "github.com/osohq/go-oso-cloud/v2"
)
func main() {
apiKey := os.Getenv("OSO_CLOUD_API_KEY")
osoClient := oso.NewClient("https://cloud.osohq.com", apiKey)
// Generate SQL condition for authorized resources
user := oso.NewValue("User", "alice")
sqlCondition, err := osoClient.ListLocal(user, "read", "Issue",
"id")
if err != nil {
log.Fatal(err)
}
// Use with GORM
var issues []Issue
db.Find(&issues, sqlCondition)
fmt.Printf("Found %d authorized issues\n", len(issues))
}
- lang: java
label: Java
source: |
package com.mycompany;
import java.io.IOException;
import java.util.List;
import com.osohq.oso_cloud.Oso;
import com.osohq.oso_cloud.api.ApiException;
import com.osohq.oso_cloud.api.Value;
public class App {
public static void main(String[] args) {
String apiKey = System.getenv("OSO_CLOUD_API_KEY");
Oso oso = new Oso(apiKey);
try {
// Generate SQL condition for authorized resources
Value alice = new Value("User", "alice");
String sqlCondition = oso.listLocal(alice, "read", "Issue", "id");
// Use with JPA/Hibernate
List authorizedIssues = entityManager.createQuery(
"SELECT i FROM Issue i WHERE " + sqlCondition, Issue.class)
.getResultList();
System.out.println("Found " + authorizedIssues.size() + " authorized issues");
} catch (IOException | ApiException e) {
System.err.println("Error: " + e.getMessage());
}
}
}
- lang: ruby
label: Ruby
source: >
require 'oso-cloud'
api_key = ENV.fetch('OSO_CLOUD_API_KEY', nil)
oso = OsoCloud::Oso.new(url: "https://cloud.osohq.com", api_key:
api_key)
# Generate SQL condition for authorized resources
alice = OsoCloud::Value.new(type: "User", id: "alice")
sql_condition = oso.list_local(alice, "read", "Issue", "id")
# Use with ActiveRecord
authorized_issues = Issue.where(sql_condition)
puts "Found #{authorized_issues.count} authorized issues"
- lang: csharp
label: C#
source: >
using OsoCloud;
using Microsoft.EntityFrameworkCore;
string? apiKey =
Environment.GetEnvironmentVariable("OSO_CLOUD_API_KEY");
var oso = new Oso("https://api.osohq.com", apiKey);
// Generate SQL condition for authorized resources
var alice = new Value("User", "alice");
string sqlCondition = await oso.ListLocal(alice, "read", "Issue",
"id");
// Use with Entity Framework
var authorizedIssues = await context.Issues
.FromSqlRaw($"SELECT * FROM Issues WHERE {sqlCondition}")
.ToListAsync();
Console.WriteLine($"Found {authorizedIssues.Count} authorized
issues");
components:
schemas:
LocalListQuery:
type: object
required:
- column
- data_bindings
- query
properties:
query:
$ref: '#/components/schemas/ListQuery'
column:
type: string
data_bindings:
type: string
LocalListResult:
type: object
required:
- sql
properties:
sql:
type: string
ApiError:
type: object
required:
- message
properties:
message:
type: string
ListQuery:
type: object
required:
- action
- actor_id
- actor_type
- resource_type
- page_size
properties:
actor_type:
type: string
actor_id:
type: string
action:
type: string
resource_type:
type: string
context_facts:
default: []
type: array
items:
$ref: '#/components/schemas/Fact'
page_size:
description: >-
Required. Page size for pagination. Must be at least 10,000. Results
will be paginated and a `next_page_token` will be included in the
response if more results are available. Ignored when `page_token` is
provided, since the page size is determined by the original request.
default: 10000
type: integer
format: uint
minimum: 10000
page_token:
description: >-
Page token for fetching subsequent pages of results. Use the
`next_page_token` from a previous response. When provided,
`page_size` is ignored.
default: null
type: string
nullable: true
Fact:
description: 'A pattern object for matching authorization-relevant data, ie: facts.'
type: object
required:
- args
- predicate
properties:
predicate:
type: string
args:
type: array
items:
$ref: '#/components/schemas/Value'
Value:
type: object
properties:
type:
type: string
nullable: true
id:
type: string
nullable: true
securitySchemes:
ApiKey:
description: Requires an API key to access.
type: http
scheme: bearer
bearerFormat: Bearer e_0123_123_token0123
````