Is your feature request related to a problem? Please describe.
In data access policies, the if expression of an access_policy condition supports a different set of operators depending on the data model format:
- In JavaScript data models, the
if expression is evaluated as a JavaScript expression, so comparison operators such as ===, !==, ==, and != work.
- In YAML data models, the
{ ... } expression is evaluated as a Python expression by Cube's expression transpiler, which currently supports only logical operators (and, or, not), member access, and method calls. Comparison operators are not supported.
For example, this works in a JavaScript model:
conditions: [
{ if: securityContext.region === `EMEA` }
]But the equivalent YAML fails to compile:
conditions:
- if: "{ securityContext.region == 'EMEA' }"with an error like:
Failed to parse Python expression. Most likely this type of syntax isn't supported yet: Unsupported Python multiple children node: Comp_opContext: ==
This is the most common gap: comparing a security context value to a literal (e.g. securityContext.region == 'EMEA') is a very natural way to express a condition, and today it can only be done in JavaScript models. Users on YAML models have to work around it by pushing the comparison into a boolean user attribute or method call.
Describe the solution you'd like
Support equality and inequality operators (==, !=) in the YAML if expressions of access policy conditions, transpiling them to their JavaScript equivalents (===, !==), so that YAML and JavaScript models are at parity for these operators.
Describe alternatives you've considered
- Using a JavaScript data model instead of YAML (works, but not always desirable).
- Precomputing the comparison as a boolean user attribute in the security context (works, but pushes model logic out of the data model).
Additional context
This is tracked from the docs side: the supported operators table now documents which operators work in each format. Comparison, arithmetic, and other operators are similarly unsupported in YAML, but equality/inequality is the most impactful gap. Please 👍 or comment if you'd like this — it helps us prioritize.
Is your feature request related to a problem? Please describe.
In data access policies, the
ifexpression of anaccess_policycondition supports a different set of operators depending on the data model format:ifexpression is evaluated as a JavaScript expression, so comparison operators such as===,!==,==, and!=work.{ ... }expression is evaluated as a Python expression by Cube's expression transpiler, which currently supports only logical operators (and,or,not), member access, and method calls. Comparison operators are not supported.For example, this works in a JavaScript model:
But the equivalent YAML fails to compile:
with an error like:
This is the most common gap: comparing a security context value to a literal (e.g.
securityContext.region == 'EMEA') is a very natural way to express a condition, and today it can only be done in JavaScript models. Users on YAML models have to work around it by pushing the comparison into a boolean user attribute or method call.Describe the solution you'd like
Support equality and inequality operators (
==,!=) in the YAMLifexpressions of access policy conditions, transpiling them to their JavaScript equivalents (===,!==), so that YAML and JavaScript models are at parity for these operators.Describe alternatives you've considered
Additional context
This is tracked from the docs side: the supported operators table now documents which operators work in each format. Comparison, arithmetic, and other operators are similarly unsupported in YAML, but equality/inequality is the most impactful gap. Please 👍 or comment if you'd like this — it helps us prioritize.