The official release of the Oso Go library is here!
go-oso 0.11.0 now supports the REPL, the debugger and has expanded documentation. Get started with go-oso here.
This release also includes policy coverage for data filtering. These changes make it possible to write queries in a more declarative style, and allow Oso to answer more queries using unbound variables. For example, with this build you can:
Write hierarchical authorization policies over collections of objects:
# A user can read an Expense if they can read the organization of the expense.
allow(actor, "read", expense: Expense) if
allow(actor, "read", expense.organization);
Write a much broader array of policies using negation and list filtering. A common one might look like this:
# Admins can delete expenses that are not protected or already approved.
allow(actor, "delete", expense: Expense) if
not (expense.is_protected = true or expense.is_approved = true);
Write policies that use list filtering to authorize access to a resource based on an intersection between collections.
# An actor can approve an Expense if she is a manager of the Expense's# creator AND in the list of approvers for the Expense's project.
allow(actor, "approve", expense: Expense) if
actor in expense.creator.managers and
approver in expense.project.approvers and
actor = approver;
If you use any of our Python framework integrations, these now include Oso 0.11.0 and have been updated.
For more details, read the changelog.
If you ever have questions, we're available to talk to you about how to get from one version to the next, or to discuss anything you'd like about the product, your use case, or authorization more generally – join us on Slack or open an issue.