Efficient authorization for Django list views with oso
Hi All! We're building an open source policy engine for adding access
control (permissions, roles, etc.) to apps, called oso. oso policies are
declarative, and enable users to cleanly separate authorization logic from
the rest of their application code.
In our latest release of django-oso, we added functionality to enforce
authorization policies directly on Django QuerySets. The declarative policy
is translated into filters that can be understood by the Django ORM, in a
way that is fully abstracted from the library user. In the future, we'll be
adding support for SQLAlchemy and other Python ORMs.
We wrote about it in this blog post.
Cleanly separating an authorization policy from other application code can
be challenging, especially when authorizing a collection of objects, often
necessary in list views. This feature makes it possible to enforce
authorization as a filter when querying the application data store while
still taking full advantage of the declarative policy provided by oso.
This functionality is in preview in the 0.3.0 release of django-oso
Install via pip: pip install django-oso
Let us know what you think in our Slack channel or on this thread!