sqlalchemy-oso-preview 0.0.2

Python

Breaking changes

Deprecated set_get_session method

set_get_session is no longer available, as this method was used for the previous version of roles support.

New features

SQLAlchemyOso object provides a unified interface for Oso and OsoRoles

The SQLAlchemyOso object is now available to simplify the initialization of Oso for SQLAlchemy.

Now, instead of the following:

from oso import Oso
from sqlalchemy_oso import register_models
from sqlalchemy_oso.roles2 import OsoRoles
from sqlalchemy.ext.declarative import declarative_base

Base = declarative_base()
oso = Oso()
register_models(oso, Base)
oso_roles = OsoRoles(oso, Base, User, sessionmaker)

both Oso and OsoRoles are wrapped by SQLAlchemyOso:

from sqlalchemy_oso import SQLAlchemyOso
from sqlalchemy.ext.declarative import declarative_base

Base = declarative_base()
oso = SQLAlchemyOso(Base)
oso.enable_roles(User, sessionmaker)

After calling SQLAlchemyOso.enable_roles(), the role management methods defined on OsoRoles are available on SQLAlchemyOso.

Roles.user_in_role available from Polar policies

Oso-managed user-to-role assignments created through the role-management API can now be accessed within Polar policies using Roles.user_in_role(user, role, resource).

assignments_for_user returns all direct role assignments for a single user

OsoRoles.assignments_for_user(user=my_user_object) will return a list of the roles that my_user_object is directly assigned to.

assignments_for_user can be called on an instance of OsoRoles or an instance of SQLAlchemyOso after calling SQLAlchemyOso.enable_roles().

Set up a 1x1 with an Oso Engineer

Our team is happy to help you get started with Oso. If you'd like to learn more about using Oso in your app or have any questions about this guide, schedule a 1x1 with an Oso engineer.