Filter Data

How to Filter Data

Oso Cloud's list API can efficiently perform authorization checks over collections of data.

Imagine you're building the landing page for an HR app. When an authenticated user accesses the page, they should see a high-level overview of the employees they manage. A naive way to implement that would be to fetch all employees from the database and then filter them in-memory by asking if the current user is allowed to view each employee record in turn. If a company has 10,000 employees, that might get pretty darn slow.

Oso Cloud's list API flattens that iterative approach into a single request: "What is the set of employees that the user is allowed to see?" The response is a list of IDs of authorized resources (employees, in this case) that can then be loaded from the database in one fell swoop:

def authorized_employees(oso: Oso, current_user: User) -> List[Employee]:
    employee_ids = oso.list(current_user, "view", "Employee")
    return get_employees_by_ids(employee_ids)

For more details, consult the API docs for the list endpoint.

Talk to an Oso Engineer

Our team is happy to help you get started with Oso. If you'd like to learn more about using Oso in your app or have any questions about this guide, schedule a 1x1 with an Oso engineer.

Get started with Oso Cloud →