This release contains breaking changes. Be sure to follow migration steps before upgrading.
set_get_session is no longer available, as this method was used for the previous version of roles support.
SQLAlchemyOso object provides a unified interface for
SQLAlchemyOso object is now available to simplify the initialization of Oso for SQLAlchemy.
Now, instead of the following:
from oso import Oso from sqlalchemy_oso import register_models from sqlalchemy_oso.roles2 import OsoRoles from sqlalchemy.ext.declarative import declarative_base Base = declarative_base() oso = Oso() register_models(oso, Base) oso_roles = OsoRoles(oso, Base, User, sessionmaker)
OsoRoles are wrapped by
from sqlalchemy_oso import SQLAlchemyOso from sqlalchemy.ext.declarative import declarative_base Base = declarative_base() oso = SQLAlchemyOso(Base) oso.enable_roles(User, sessionmaker)
SQLAlchemyOso.enable_roles(), the role management methods defined on
OsoRoles are available on
Roles.user_in_role available from Polar policies
Oso-managed user-to-role assignments created through the role-management
API can now be accessed within Polar policies using
Roles.user_in_role(user, role, resource).
assignments_for_user returns all direct role assignments for a single user
OsoRoles.assignments_for_user(user=my_user_object) will return a list of the roles that
my_user_object is directly assigned to.
assignments_for_user can be called on an instance of
OsoRoles or an instance of
SQLAlchemyOso after calling