oso 0.9.0
Breaking changes
This release contains breaking changes. Be sure to follow migration steps before upgrading.
Removed “extras”
The Oso library previously had some additional default supported classes:
Http and Pathmapper. These have been deprecated and removed.
To write policies over HTTP requests, either register the suitable application
class directly, or use a framework integration (e.g. flask-oso or
django-oso) which will do this for you automatically.
New features
PolarClass implemented for uuid crate
PolarClass is now implemented for
version 0.6 of the uuid crate behind the optional uuid-06 feature
flag. Version 0.6 was chosen for compatibility with
Diesel.
Thanks to John Halbert for the contribution!
Other bugs & improvements
- Fixed bug where checking if a character is in a string would fail incorrectly.
django-oso 0.5.0
Other bugs & improvements
- The Django
AnonymousUserclass is available in polar policies under the nameauth::AnonymousUser. This name is preferable to the previous fully qualified name because it matches the registered name of theUsermodel (auth::User). - The
django-osolibrary no longer prints to stdout when loading policy files. Instead, the Pythonloggingmodule is used. - Relaxed the requirements for the Python
osoanddjango-osolibraries. These now requirecffi~=1.14anddjango>=2.2, respectively.
Thanks to Mike D. for suggesting / implementing the above three improvements!
- The Django list filtering adapter now fully supports use of the
notoperator in policies. - For the Django list filtering adapter, a rule like
allow(_, _, post: Post) if _tag in post.tags;now translates into a constraint that the post must have at least 1 tag.
flask-oso 0.6.0
Bumped the minimum required version of the oso dependency.
sqlalchemy-oso 0.2.1
Breaking changes
This release contains breaking changes. Be sure to follow migration steps before upgrading.
Simplified sqlalchemy-oso session creation
sqlalchemy-oso now associates the current Oso instance, user to authorize,
and action to authorize with
sqlalchemy_oso.session.AuthorizedSession. This class manages
authorization instead of the removed
sqlalchemy_oso.hooks.make_authorized_query_cls.
- The
sqlalchemy_oso.hooksmodule has been renamed tosqlalchemy_oso.session. Update any imports tosqlalchemy_oso.session. - The
sqlalchemy_oso.hooks.make_authorized_query_clsfunction has been removed. Use the session API instead. (sqlalchemy_oso.authorized_sessionmaker()). - The
sqlalchemy_oso.authorized_sessionmakerfunction no longer accepts extra positional arguments. Use keyword arguments to pass options to the session.
New features
Improved sqlalchemy-oso support for usage with flask_sqlalchemy
The sqlalchemy-oso library now has a built-in wrapper class that makes it
easier to use with the popular
Flask-SQLAlchemy library. See
sqlalchemy_oso.flask.AuthorizedSQLAlchemy for more information.
scoped_session support for sqlalchemy-oso
The new sqlalchemy_oso.session.scoped_session() session proxy can be
used instead of SQLAlchemy’s built-in
scoped_session. This creates a session
scoped to the current Oso instance, user and action.
Initial support for built-in roles in sqlalchemy-oso
This release includes the first steps towards out-of-the-box role-based access
control (RBAC) support in the sqlalchemy-oso integration. New to the
integration is an API for easily creating roles scoped to a resource and
assigning them to users of your application. You are then able to write RBAC
rules over those managed roles.
We will be iterating heavily on this feature over the coming weeks, but we would love to hear any feedback from early testers.
Other bugs & improvements
matchesoperations on fields of partials are now handled correctly in the SQLAlchemy list filtering adapter. Previously these operations would result in an error.- The SQLAlchemy list filtering adapter now supports all comparisons.
Previously comparisons other than
==or=would cause an error. - For the SQLAlchemy list filtering adapter, a rule like
allow(_, _, post: Post) if _tag in post.tags;now translates into a constraint that the post must have at least 1 tag.
Connect with us on Slack
If you have any questions, or just want to talk something through, jump into Slack. An Oso engineer or one of the thousands of developers in the growing community will be happy to help.