sqlalchemy-oso-preview 0.0.2

Python

Breaking changes

Deprecated set_get_session method

set_get_session is no longer available, as this method was used for the previous version of roles support.

New features

SQLAlchemyOso object provides a unified interface for Oso and OsoRoles

The SQLAlchemyOso object is now available to simplify the initialization of Oso for SQLAlchemy.

Now, instead of the following:

from oso import Oso
from sqlalchemy_oso import register_models
from sqlalchemy_oso.roles2 import OsoRoles
from sqlalchemy.ext.declarative import declarative_base

Base = declarative_base()
oso = Oso()
register_models(oso, Base)
oso_roles = OsoRoles(oso, Base, User, sessionmaker)

both Oso and OsoRoles are wrapped by SQLAlchemyOso:

from sqlalchemy_oso import SQLAlchemyOso
from sqlalchemy.ext.declarative import declarative_base

Base = declarative_base()
oso = SQLAlchemyOso(Base)
oso.enable_roles(User, sessionmaker)

After calling SQLAlchemyOso.enable_roles(), the role management methods defined on OsoRoles are available on SQLAlchemyOso.

Roles.user_in_role available from Polar policies

Oso-managed user-to-role assignments created through the role-management API can now be accessed within Polar policies using Roles.user_in_role(user, role, resource).

assignments_for_user returns all direct role assignments for a single user

OsoRoles.assignments_for_user(user=my_user_object) will return a list of the roles that my_user_object is directly assigned to.

assignments_for_user can be called on an instance of OsoRoles or an instance of SQLAlchemyOso after calling SQLAlchemyOso.enable_roles().