oso 0.23.0
Core
Breaking changes
This release contains breaking changes. Be sure to follow migration steps before upgrading.
Data filtering now treats accessing an undeclared field as an error. All fields
used in data filtering queries must now be registered ahead of time by including
them in the fields parameter of the register_class Oso API function, which
previously was only necessary for data relations. For example, to use data filtering
with the rule
allow(user, _, foo: Foo) if foo.user_name = user.name;
user_name must be included in the register_class call for Foo:
# an example in Python
oso.register_class(Foo, fields={'user_name': str})
This change only affects data filtering. Other Oso APIs require no new configuration.
Other bugs & improvements
- Fixed a bug where a negated constraint on a dot lookup could cause Polar to crash when the underlying variable became bound.
- Removed syntax for parenthesized specializers like f(_: (x));, which don’t currently achieve anything.
Python
Other bugs & improvements
- Thanks to Clara McCreery for a correction to our Python data filtering docs!
Platform support
We now publish wheels for musl-based Linux distributions (through the musllinux
tag) and for ARM-based MacOS systems (through the macosx_11_0_arm64 tag).
We now publish wheels for Python 3.10 for all supported platforms.
On those systems, you should now be able to use pip install oso to get the
latest Oso package.
Node.js
New features
Custom type checks for plain objects
- It is now possible to customize the way that types are determined. By passing
a custom isaCheckparameter tooso.registerClass, you can tell Oso how to determine whether a particular value is an instance of that class. This is useful for certain frameworks, like Prisma, which don’t use prototype-style classes for objects of different types. In the example below, any object withtype === "user"will be considered aUserby the Oso runtime:
oso.registerClass(Object, {
  name: "User",
  isaCheck: instance => instance.type === "user"
});
Other bugs & improvements
- The Classtype for representing abstract resources for data filtering is now a top-level export.
Rust
Other bugs & improvements
- Oso’s Rust REPL no longer swallows its output.
sqlalchemy-oso 0.23.0
Support for authorization of eager loaded data
sqlalchemy-oso will now detect entities that are loaded due to
relationship loading options declared on the model or query. For example:
a = query(A).options(joinedload(A.bs)).all()
bs = a[0].bs
bs will now contain only authorized data according to the policy.
In previous versions of sqlalchemy-oso, bs would not be authorized with the
joinedload option.
django-oso 0.23.0
Bumped the minimum required version of the oso dependency.
flask-oso 0.23.0
Bumped the minimum required version of the oso dependency.
Connect with us on Slack
If you have any questions, or just want to talk something through, jump into Slack. An Oso engineer or one of the thousands of developers in the growing community will be happy to help.