oso v0.9.0 is out! Here's what's in the release:
- Initial Support for Built-In Roles - Roles are a common framework to reach for when setting up authorization, and 4 weeks ago we shipped a guide as the first step toward providing a "tell me how to do this" experience for roles. Today we're shipping the next step: an API for easily creating roles scoped to a resource and assigning them to users in your application. You can then write rules over those roles. The first version of this feature is available in
sqlalchemy-oso, and we will be adding more features in the coming weeks. Read the docs, and find us in Slack if you want to see more out of this area.
- Updates to SQLAlchemy Integration - We continue to add features to
sqlalchemy-osobased on user feedback, including scoped session support and a built-in wrapper class that makes it easier to use with the popular Flask-SQLAlchemy library. Read the docs.
- Updates to List filtering - List filtering lets you enforce policies over a collection of objects. We first described this in a post nearly 2 months back, and in this release we have further stabilized this feature and added more supported operators, including the
django-oso) and all comparisons (in
sqlalchemy-oso). Learn more about list filtering.
And a number of other improvements and bug fixes, including:
matchesoperations on fields of
Partialvalues are now handled correctly in the SQLAlchemy list filtering adapter. Previously these operations would result in an error.
- For the Django and SQLAlchemy list filtering adapters, a rule like
allow(_, _, post: Post) if _tag in post.tags;now translates into a constraint that the post must have at least 1 tag.
- Fixed bug where checking if a character is in a string would fail incorrectly.
We had some of our first contributions from the oso community this release 🎉. We love this and would love to see more PRs from the community!
Mike D. has been hammering the
django-oso library and made a number of great changes, including:
- The Django
AnonymousUserclass is now available in polar policies under the name
auth::AnonymousUser. This name is preferable to the previously fully qualified name because it matches the registered name of the
django-osolibrary prints to the Python
loggingmodule when loading policy files instead of stdout.
- The Python
django-osolibraries now have relaxed dependency requirements – they require
John H. got into the Rust library. Thanks to him:
PolarClassis now implemented for version 0.6 of the uuid crate behind the optional
uuid-06feature flag. Version 0.6 was chosen for compatibility with Diesel.
For more details, read the changelog..