oso 0.21.0
oso
0.21.0
Core
Other bugs & improvements
- Unification constraints on dot properties are no longer elided when emitting
partial results for queries over multiple unbound variables. - Debug mode can now be disabled by setting
POLAR_LOG=0
orPOLAR_LOG=off
.
Thanks to@alexhafner
for the
contribution!
Python
Breaking changes
Optional types
parameter to register_class()
renamed to fields
This now mirrors the parameter's name in the other language libraries.
To migrate to the new API, change:
oso.register_class(User, types=...)
to:
oso.register_class(User, fields=...)
Other bugs & improvements
-
Data filtering API types (
Relation
,Filter
) are now importable from the
top leveloso
module:from oso import Oso, Relation, Filter
-
Fixed a bug concerning fetching errors from the core containing additional
details. [#1229]
Ruby
Other bugs & improvements
- Data filtering API types (
Relation
,Filter
) are now defined on the top
levelOso
module.
require 'oso'
Relation = Oso::Relation
- The Ruby library can now be
require
-ed as"oso"
or"oso-oso"
. Thanks to
@davidpelaez
for the contribution!
Node.js
Breaking changes
Optional types
parameter to registerClass()
renamed to fields
This now mirrors the parameter's name in the other language libraries.
To migrate to the new API, change:
oso.registerClass(User, { types: { ... } });
to:
oso.registerClass(User, { fields: { ... } });
Accessing a nonexistent property on an object now errors
To help with catching erroneous policies, accessing a property that doesn't
exist on an object or anywhere in its prototype chain will now return an error.
Policy:
allow(user, "read", "document") if user.isAdmin;
Code:
const user = {name: "notanadmin"};
await oso.isAllowed(user, "read", "document");
Before this change, this isAllowed()
call would silently fail. Oso would look
up the nonexistent isAdmin
property on the {name: "notanadmin"}
object,
which returns undefined
. Since undefined
is not equivalent to true
, the
isAllowed()
call would fail, but the developer wouldn't have any idea that
they'd written a policy that referenced a nonexistent property.
Now, this will error since isAdmin
is not a property on the user
object.
This will still work if (1) the isAdmin
property is explicitly set to
undefined
(e.g., user = {isAdmin: undefined}
) or (2) the property check is
moved into the head of the rule:
allow(user: {isAdmin: true}, "read", "document");
since specializers will not error if a property doesn't exist (but the {name: "notanadmin"}
object will fail to match the specializer and the isAllowed()
call will still correctly return false
).
Other bugs & improvements
- Data filtering API functions (
authorizedQuery
,authorizedResources
) now
correctly restrict their output to records of the user-supplied resource
type. - Runtime type checking on dot operations now works as intended, which fixes a
disparity when extracting properties from objects using specializers.
Go
New features
Go pointer methods
Go methods that are defined on pointer receivers can now be called from Polar.
Before this change, only methods defined on value receivers could be called.
type Typ struct {
x int
}
// This could be called from Polar before
func (t Typ) Method() int {
return t.x + 1
}
// This could not be called from Polar before but can now.
func (t *Typ) PtrMethod() bool {
return t.x == 1
}
Other bugs & improvements
- The CLI to the Go REPL has been updated to use the new
LoadFiles
API. This
re-enables support for loading multiple files via the CLI. - The minimum supported Go version is back to 1.12.
sqlalchemy-oso
0.21.0
Other bugs & improvements
- Type definitions are now exported in the built wheel, so type annotations
should work if you use a type checker like MyPy.