How to Filter Data
list API can efficiently perform authorization checks over
collections of data.
Imagine you're building the landing page for an HR app. When an authenticated user accesses the page, they should see a high-level overview of the employees they manage. A naive way to implement that would be to fetch all employees from the database and then filter them in-memory by asking if the current user is allowed to view each employee record in turn. If a company has 10,000 employees, that might get pretty darn slow.
list API flattens that iterative approach into a single request:
"What is the set of employees that the user is allowed to see?" The response is
a list of IDs of authorized resources (employees, in this case) that can then
be loaded from the database in one fell swoop:
def authorized_employees(oso: Oso, current_user: User) -> List[Employee]: employee_ids = oso.list(current_user, "view", "Employee") return get_employees_by_ids(employee_ids)
For more details, consult the API
Talk to an Oso Engineer
Our team is happy to help you get started with Oso. If you'd like to learn more about using Oso in your app or have any questions about this guide, schedule a 1x1 with an Oso engineer.