oso 0.10.0 Breaking changes Anonymous rest variables now properly anonymized Previously, we were not generating unique identifiers for anonymous rest variables (*_) during the rewriting pass. This resulted in unexpected results for queries containing multiple anonymous rest variables, such as:
[*_] in [*a] and [*b] in [*_] and b = 1 The above query would return a result with a bound to  because *a and *b interacted through the pair of un-anonymized rest variables. After this change, that query now correctly returns a result with a bound to [*_1], where *_1 is the rewritten, anonymized rest variable.
New features get_allowed_actions introduced for Python Use Oso.get_allowed_actions to get a list of actions that a user is allowed to take on a resource. These actions can be used for making additional authorization decisions, especially in the frontend (e.g., hiding or showing a button based on the current user’s allowed actions).
See our guide here!
You can see it in action on our new docs site and to see how to use in the browser, see this example.
PolarClass implemented for versions 0.7 & 0.8 of the uuid crate PolarClass is now implemented for versions 0.7 & 0.8 of the uuid crate behind the optional uuid-07 feature flag.
Ruby library now supports Ruby 3.0 There are no breaking changes. Happy Rubying!
oso 0.11.0a0 New features Improved support for constraint propagation and interactions between variables in Polar VM The Polar VM now supports adding constraints during query execution on any unbound variable, including constraints over multiple unbound variables. Constraints can be used within any query, without requiring partial objects to be passed in to oso.query_rule. This allows writing queries in a more declarative style, and allows Polar to correctly answer more queries with unbound variables. The change improves support for the following queries, when run using oso.query_rule or using list filtering adapters with Django or SQLAlchemy:
Rules involving intersections between multiple collections on objects allow(actor, action, post: Post) if tag in post.tags and tag in actor.allowed_tags; Calling rules on a field of a constrained variable allow(actor, action, post: Post) if allow(actor, action, post.tag); Comparison operations between constrained partials allow(actor, action, post: Post) if post_tag in post.tags and actor_tag in actor.tags and post_tag = actor_tag; Support for more queries involving negation and constraints.
Creation of constrained variables from unbound variables during query execution
f(x) if not (x = 1) and x = 2; Since this is a substantial change, we are releasing an alpha build. This build provides an opportunity to give feedback to our engineering team as we complete this functionality. We’re available in Slack for questions and feedback.
sqlalchemy-oso 0.5.0a0 Includes support for oso 0.11.0a0.
django-oso 0.7.0a0 Includes support for oso 0.11.0a0.