sqlalchemy-oso-preview 0.0.2

Python

Breaking changes

Warning

This release contains breaking changes. Be sure to follow migration steps before upgrading.

Deprecated set_get_session method

set_get_session is no longer available, as this method was used for the previous version of roles support.

New features

SQLAlchemyOso object provides a unified interface for Oso and OsoRoles

The SQLAlchemyOso object is now available to simplify the initialization of Oso for SQLAlchemy.

Now, instead of the following:

from oso import Oso
from sqlalchemy_oso import register_models
from sqlalchemy_oso.roles2 import OsoRoles
from sqlalchemy.ext.declarative import declarative_base

Base = declarative_base()
oso = Oso()
register_models(oso, Base)
oso_roles = OsoRoles(oso, Base, User, sessionmaker)

both Oso and OsoRoles are wrapped by SQLAlchemyOso:

from sqlalchemy_oso import SQLAlchemyOso
from sqlalchemy.ext.declarative import declarative_base

Base = declarative_base()
oso = SQLAlchemyOso(Base)
oso.enable_roles(User, sessionmaker)

After calling SQLAlchemyOso.enable_roles(), the role management methods defined on OsoRoles are available on SQLAlchemyOso.

Roles.user_in_role available from Polar policies

Oso-managed user-to-role assignments created through the role-management API can now be accessed within Polar policies using Roles.user_in_role(user, role, resource).

assignments_for_user returns all direct role assignments for a single user

OsoRoles.assignments_for_user(user=my_user_object) will return a list of the roles that my_user_object is directly assigned to.

assignments_for_user can be called on an instance of OsoRoles or an instance of SQLAlchemyOso after calling SQLAlchemyOso.enable_roles().

Connect with us on Slack

If you have any questions, or just want to talk something through, jump into Slack. An Oso engineer or one of the thousands of developers in the growing community will be happy to help.