Release: Oso 0.9.0 is out with v0 Built-In Roles, sqlalchemy-oso Updates and More

Oso v0.9.0 is out! Here's what's in the release:

  • Initial Support for Built-In Roles - Roles are a common framework to reach for when setting up authorization, and 4 weeks ago we shipped a guide as the first step toward providing a "tell me how to do this" experience for roles. Today we're shipping the next step: an API for easily creating roles scoped to a resource and assigning them to users in your application. You can then write rules over those roles. The first version of this feature is available in sqlalchemy-oso, and we will be adding more features in the coming weeks. Read the docs, and find us in Slack if you want to see more out of this area.
  • Updates to SQLAlchemy Integration - We continue to add features to sqlalchemy-oso based on user feedback, including scoped session support and a built-in wrapper class that makes it easier to use with the popular Flask-SQLAlchemy library. Read the docs.
  • Updates to List filtering - List filtering lets you enforce policies over a collection of objects. We first described this in a post nearly 2 months back, and in this release we have further stabilized this feature and added more supported operators, including the not operator (in django-oso) and all comparisons (in sqlalchemy-oso). Learn more about list filtering.

And a number of other improvements and bug fixes, including:

  • matches operations on fields of Partial values are now handled correctly in the SQLAlchemy list filtering adapter. Previously these operations would result in an error.
  • For the Django and SQLAlchemy list filtering adapters, a rule like allow(_, _, post: Post) if _tag in post.tags; now translates into a constraint that the post must have at least 1 tag.
  • Fixed bug where checking if a character is in a string would fail incorrectly.

We had some of our first contributions from the Oso community this release 🎉. We love this and would love to see more PRs from the community!

Mike D. has been hammering the django-oso library and made a number of great changes, including:

  • The Django AnonymousUser class is now available in polar policies under the name auth::AnonymousUser. This name is preferable to the previously fully qualified name because it matches the registered name of the User model (auth::User).
  • The django-oso library prints to the Python logging module when loading policy files instead of stdout.
  • The Python oso and django-oso libraries now have relaxed dependency requirements – they require cffi~=1.14 and django>=2.2, respectively.

John H. got into the Rust library. Thanks to him:

For more details, read the changelog..

As always, if you have technical questions or feedback, join us on Slack or open an issue.

Want us to remind you?
We'll email you before the event with a friendly reminder.

Write your first policy