oso v0.8.0 is out! In this release, we added:
- A Guide to Roles - Roles are a common framework to reach for when setting up authorization, and while not the solution to all problems they can be quite handy, especially when starting out. We often hear that folks would like a "tell me how to do this" experience for roles. This guide is the first step along that path. Read the guide.
- Support for Null Values - We continue to add more arrows to your quiver to make writing policies more intuitive. In this release, we added a constant named nil, which translates to "null" in whatever language you're using. nil can be useful when you want to check what the application is returning. nil support is a language-specific feature. See an example in Python.
And a number of bug fixes and other improvements, including:
- oso now requires that you use the in operator in order to iterate over values of an application instance. This makes it easier to use methods on the iterable instance itself.
- List filtering now properly supports queries using the not operator.
- More invalid expressions are captured at parse time.
- And more.
We continue to expand support for list filtering, i.e., enforcing policies over a collection of objects – which we first described in a post where we showed how this works using oso and Django. We're building support for SQLAlchemy, which similarly will let you enforce policies on a SQLAlchemy model by adding filters to ORM Queries before they are executed. This enforcement method is more efficient for authorizing collections of objects, often used in list endpoints. If you're planning on using oso with SQLAlchemy, our engineers would love to speak with you. Join us on Slack.
For more details, read the changelog.