Oso v0.9.0 is out! Here's what's in the release:
- Initial Support for Built-In Roles - Roles are a common framework to reach for when setting up authorization, and 4 weeks ago we shipped a guide as the first step toward providing a "tell me how to do this" experience for roles. Today we're shipping the next step: an API for easily creating roles scoped to a resource and assigning them to users in your application. You can then write rules over those roles. The first version of this feature is available in
sqlalchemy-oso, and we will be adding more features in the coming weeks. Read the docs, and find us in Slack if you want to see more out of this area.
- Updates to SQLAlchemy Integration - We continue to add features to
sqlalchemy-osobased on user feedback, including scoped session support and a built-in wrapper class that makes it easier to use with the popular Flask-SQLAlchemy library. Read the docs.
- Updates to List filtering - List filtering lets you enforce policies over a collection of objects. We first described this in a post nearly 2 months back, and in this release we have further stabilized this feature and added more supported operators, including the
django-oso) and all comparisons (in
sqlalchemy-oso). Learn more about list filtering.
And a number of other improvements and bug fixes, including:
matchesoperations on fields of
Partialvalues are now handled correctly in the SQLAlchemy list filtering adapter. Previously these operations would result in an error.
- For the Django and SQLAlchemy list filtering adapters, a rule like
allow(_, _, post: Post) if _tag in post.tags;now translates into a constraint that the post must have at least 1 tag.
- Fixed bug where checking if a character is in a string would fail incorrectly.
We had some of our first contributions from the Oso community this release 🎉. We love this and would love to see more PRs from the community!
Mike D. has been hammering the
django-oso library and made a number of great changes, including:
- The Django
AnonymousUserclass is now available in polar policies under the name
auth::AnonymousUser. This name is preferable to the previously fully qualified name because it matches the registered name of the
django-osolibrary prints to the Python
loggingmodule when loading policy files instead of stdout.
- The Python
django-osolibraries now have relaxed dependency requirements – they require
John H. got into the Rust library. Thanks to him:
PolarClassis now implemented for version 0.6 of the uuid crate behind the optional
uuid-06feature flag. Version 0.6 was chosen for compatibility with Diesel.
For more details, read the changelog..
As always, if you have technical questions or feedback, join us on Slack or open an issue.