Integrate
Filter lists

How to Filter Lists

Beyond making simple yes/no authorization decisions, apps regularly need to authorize lists of data. Oso Cloud's list API can efficiently perform authorization checks over collections of data.

Imagine you're building a dashboard for GitCloud users. When an authenticated user accesses the page, they should see a high-level overview of the repositories they have "read" access for. A naive way to implement that would be to fetch all repositories from the database and then filter them in-memory by asking if the current user is allowed to view each repository in turn. If GitCloud has millions of repositories, that might get pretty darn slow.

Oso Cloud's list API flattens that iterative approach into a single request: "What is the set of repositories that the user is allowed to see?" The response is a list of IDs of authorized resources (repositories, in this case) that can then be loaded from the database in one fell swoop:


async function authorizedRepositories(oso: Oso, currentUser: User): Promise<Repository[]> {
const repositoryIds = await oso.list(
{type: "User", id: currentUser.id.toString()},
"view",
"Repository"
);
return getRepositoriesByIds(repositoryIds);
}

For more details, consult the API docs for the list endpoint.

What to do with the list of IDs?

Once you have fetched the list of authorized IDs from Oso Cloud, you can plug them into a SQL query in your application code to return the filtered data you ultimately want to display to your user.

End-to-end data filtering

Oso can also provide end-to-end data filtering. This allows you to filter down not just to the list of authorized IDs, but also to run the full SQL query you need in order to display the filtered down list of data to your user, based on your facts and policy in Oso and in your databases. This works via an integration directly with your application database.

Oso currently supports an integration with Postgres. This capability is currently in beta. Reach out if you're interested in learning more:

Talk to an Oso Engineer

If you'd like to learn more about using Oso Cloud in your app or have any questions about this guide, connect with us on Slack. We're happy to help.

Get started with Oso Cloud →