Skip to content

sqlalchemy-oso: handle get_checked_permissions() is None #1440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cofinalsubnets merged 8 commits into from
Dec 10, 2021
Merged

sqlalchemy-oso: handle get_checked_permissions() is None #1440

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e1bb032
sqlalchemy no checked permissions bug fix
Dec 10, 2021
1b2e264
less specific allow rule
Dec 10, 2021
84c58ac
fmt
Dec 10, 2021
14f0a03
Merge branch 'main' into gwen/sqlalch-opt-map
Dec 10, 2021
93ca13c
changelog
Dec 10, 2021
f2389cb
Merge branch 'main' into gwen/sqlalch-opt-map
Dec 10, 2021
c1d937f
update black vn
Dec 10, 2021
6dac551
Merge branch 'main' into gwen/sqlalch-opt-map
Dec 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions docs/content/any/project/changelogs/NEXT.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,13 @@ oso.query('f(x)', { bindings });
- Thanks to [`@Kn99HN`](https://github.com/Kn99HN) for adding the
`acceptExpression` query flag to the Node.js lib!

## `sqlalchemy-oso` `NEW_VERSION`

### Other bugs & improvements

- `scoped_session` now correctly handles a `get_checked_permission` callback that
returns `None`.

## `RELEASED_PACKAGE_1` NEW_VERSION

### LANGUAGE (e.g., 'Core' or 'Python' or 'Node.js')
Expand Down
4 changes: 2 additions & 2 deletions languages/python/sqlalchemy-oso/requirements-dev.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
black==21.5b0
black~=21.12b
flake8==3.9.2
mypy==0.812
sqlalchemy-stubs==0.4
tox==3.23.1
tox==3.23.1
5 changes: 3 additions & 2 deletions languages/python/sqlalchemy-oso/sqlalchemy_oso/session.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,9 @@ def scoped_session(
scopefunc = scopefunc or (lambda: None)

def _scopefunc():
checked_permissions = frozenset(get_checked_permissions().items())
return (get_oso(), checked_permissions, get_user(), scopefunc())
perms = get_checked_permissions()
perms = frozenset() if perms is None else frozenset(perms.items())
return (get_oso(), perms, get_user(), scopefunc())

factory = authorized_sessionmaker(
get_oso, get_user, get_checked_permissions, **kwargs
Expand Down
11 changes: 11 additions & 0 deletions languages/python/sqlalchemy-oso/tests/test_sqlalchemy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,17 @@ def test_authorized_session_relationship(engine, oso, fixture_data):
assert post_7.created_by is None


def test_scoped_session_with_no_checked_permissions(engine, oso, fixture_data):
# the policy denies all requests
oso.load_str("allow(_, _, _) if false;")
# but passing None skips authorization
session = scoped_session(lambda: oso, lambda: "user", lambda: None)
session.configure(bind=engine)
posts = session.query(Post)
# check that any posts are allowed
assert posts.count()


def test_scoped_session_relationship(engine, oso, fixture_data):
oso.load_str(
"""allow("user", "read", post: Post) if post.id = 1;
Expand Down