Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Gotanda.rb#46 権限管理のつらみとPundit
Search
Hiroki Tanaka
September 29, 2020
Programming
1
6.5k
Gotanda.rb#46 権限管理のつらみとPundit
2020/09/29のGotanda.rb#46LT発表した『権限管理のつらみとPundit』です。
Hiroki Tanaka
September 29, 2020
Tweet
Share
More Decks by Hiroki Tanaka
See All by Hiroki Tanaka
機能QA会のすゝめ
hiroki_tanaka
0
130
定期リリースの導入
hiroki_tanaka
0
84
noteの品質課題に立ち上げ直後のQAチームが挑んだ軌跡
hiroki_tanaka
1
1.2k
note初のBug Bashを やってみた
hiroki_tanaka
1
1.2k
コロナ禍の1年間でAWSの資格を 3つ取得した話
hiroki_tanaka
0
280
Rubocop対応のすゝめ
hiroki_tanaka
0
33
Gotanda.rb#48 ECS on Fargateでのハマりポイント
hiroki_tanaka
1
240
Gotanda.rb#47 Mailgun3分クッキング
hiroki_tanaka
1
6.5k
Other Decks in Programming
See All in Programming
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
360
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
830
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
670
ゆるい個人開発のススメ
kuroppe1819
10
990
PHP8.3の機能を振り返る / Review of PHP 8.3 features
seike460
PRO
1
110
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
180
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
7
920
PostmanでAPIの動作確認が楽になった話
h455h1
0
170
코틀린으로 멀티플랫폼 만들기
pangmoo
0
150
エンターテイメント業界で利用されるAWS
demuyan
0
210
Changed Rules: Architectures with Lightweight Stores
manfredsteyer
PRO
0
240
Code Reviews
bkuhlmann
4
890
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Building Better People: How to give real-time feedback that sticks.
wjessup
355
18k
A Tale of Four Properties
chriscoyier
151
22k
Six Lessons from altMBA
skipperchong
21
3k
Clear Off the Table
cherdarchuk
84
310k
How to name files
jennybc
65
93k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
The Invisible Side of Design
smashingmag
294
49k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Typedesign – Prime Four
hannesfritz
36
2.1k
Building a Scalable Design System with Sketch
lauravandoore
456
32k
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
Transcript
Gotanda.rb#46 ݖݶཧͷͭΒΈͱPundit 2020/09/29 גࣜձࣾτϨλ @hiroki_tanaka
ࣗݾհ ɾాத جɿ@hiroki_tanaka ɾSIerɿϑϡʔνϟʔΞʔΩςΫτ(4ؒ) →WebܥϕϯνϟʔɿגࣜձࣾτϨλ(1ؒ) ɾRubyɿ2ɾJavaɿ2ɾSQLɿ5 ɾझຯɿεϓϥτΡʔϯɾમ౬८Γ ɾॳΊͯͷ֎෦ษڧձͰͷLTɺŪƄŝŪƄŝ…(((*´>ω<`)))…ŪƄŝŪƄŝ…
ࠓ͢͜ͱɾ͞ͳ͍͜ͱ ʲ͢͜ͱʳ - ݖݶཧͷΑ͋͘ΔͱͲ͏ཱ͔͍͔ͪͬͯ͘ - ݖݶཧͷGemͷհ (→ͪͳΈʹɺࢲ͕ͬͨ͜ͱ͕͋ΔͷCanCanͱPundit) ʲ͞ͳ͍͜ͱʳ - ཧը໘ߏஙͷGemͷ
→rails_admin/active_admin/administrateͳͲ
ݖݶͰ͜Μͳܦݧɺ ͋Γ·ͤΜ͔ʁ
͜ͷػೳॏཁͳػೳ͔ͩΒɺ ৬͕෦Ҏ্͔ͭ౦ژຊࣾͷਓʹ͔͠ ࣮ߦݖݶΛ༩͑ͳ͍Ͱཉ͍͠ɻ
ސ٬ͷݸਓใγεςϜཧऀݖݶͩ ͚Ͱͳ͘ɺݸਓใཧऀݖݶͷ͋ΔϢʔβ ͷΈͷӾཡͱͯ͠ཉ͍͠ɻ
ݖݶཧͷΑ͋͘Δ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ ͘ͳΔ
ݖݶཧͷΑ͋͘Δᶃ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ - ݖݶʹؔ͢ΔϏδωεϩδοΫΛ࣮͢ΔͨΊʹController Viewͷϝιου͕ifจcaseจͩΒ͚ʹͳΔɻ - ࣅͨΑ͏ͳೝՄϩδοΫ͕༷ʑͳॴʹίϐϖ͞Εͯɺमਖ਼͢ ΔࡍͷӨڹൣғ͕େ͖͘ͳͬͯ͠·͏ɻ
- Fat ControllerͷҰཁҼʹͳΔɻ
ݖݶཧͷΑ͋͘Δᶃ ྫ͑ɺ͜Μͳײ͡ͷίʔυɻ - Controller - View
ݖݶཧͷΑ͋͘Δᶄ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ ͘ͳΔ - αʔϏεͷ`admin`ͱ͍͏ݖݶຊདྷɺͲͷϦιʔεʹର ͯ͠ԿͰग़དྷΔ͕ɺαʔϏεͷ֦େͱڞʹத్ʹͳ Γ͕ͪɻ - ݁Ռతʹcurrent_user͕`admin`͔Ͳ͏͔ͷνΣοΫͰͳ
͘ɺΑΓηϯγςΟϒͳݖݶͰνΣοΫ͢ΔϩδοΫΛ࣋ͭ Ϧιʔε͕ੜ·ΕɺʮadminͱԿͩͬͨͷ͔…ʯͱͳͬͯ ͠·͏ɻ
ݖݶཧͷΑ͋͘Δᶄ ྫ͑ɺ͜Μͳঢ়گɻ - current_user͕`admin`ͩͬͨ߹ϦιʔεAͷॴ༗ऀͰͳ͘ ͯɺCRUDશͯՄೳɻ - current_user͕adminͩͬͨ߹ϦιʔεBࢀরͷΈՄೳͩ ͕ɺͦΕҎ֎Ϧιʔεͷॴ༗ऀͰͳ͍ͱෆՄɻ - current_user͕adminͩͬͨ߹ͰϦιʔεCݸਓใؚ͕
·ΕΔͷͰࢀরؚΊશͯෆՄɻ
ݖݶཧͷΑ͋͘Δᶃɾᶄ ᶃͱᶄͷΛ์ஔ͢ΔͱͲ͏ͳΔͷ͔ʁ - ݖݶϩδοΫαʔϏεͷ֦େͱڞʹංେԽ͍ͯͨ͘͠Ίɺ ࠷ऴతʹෳࡶͳذϩδοΫ͕ൣғʹര͢Δɻ 㱺ظతʹɺݖݶϩδοΫ͕֤Ϧιʔεʹࢄ͢Δ͜ͱͰ मਖ਼࿙Ε͕͋ͬͨ߹ɺக໋తͳόάͷԹচʹͳΔɻ - ຊདྷݟ͍͚͑ͯͳ͍ϖʔδ͕ݟ͑ͯ͠·͏ɾॲཧ͕Ͱ͖ͯ͠· ͏ɻٯʹɺຊདྷݟ͑Δͣͷϖʔδ͕ݟ͑ͳ͍ɻ
ݖݶཧͷΑ͋͘Δᶃɾᶄ ᶃͱᶄͷΛ์ஔ͢ΔͱͲ͏ͳΔͷ͔ʁ - ݖݶϩδοΫαʔϏεͷ֦େͱڞʹංେԽ͍ͯͨ͘͠Ίɺ ࠷ऴతʹෳࡶͳذϩδοΫ͕ൣғʹര͢Δɻ 㱺தظతʹɺίʔυͷՄಡੑɾอकੑ͕Լ͠ɺϝϯς φϯείετͷ૿େͱͳٕͬͯज़తͳෛͷҨ࢈ʹͳΔɻ
Ͳ͏ཱ͔ͪ͏͔ɿݪҼٻ ͦͦͷʰϢʔβͱϦιʔεͷݖݶʹؔ͢ ΔϩδοΫͷ࣮͕ࢄɾ͍ͯ͠Δʱ͜ͱɻ 㱺ਅҼʰຊདྷڞ௨Խ࣮ͯ͠͞ΕΔ͖Ϣʔβͷ ݖݶʹؔ͢ΔϩδοΫ͕֤ػೳɾ֤Ϣʔεέʔεຖʹϕ λͰ࣮͞Ε͍ͯΔɾͤ͟ΔΛಘͳ͍ঢ়گʹͳ͍ͬͯ Δʱ͜ͱɻ
͡Ό͋ɺͲ͏͠Α͏ʁ
ͦ͏ͩɺ PunditΛͬͯΈΑ͏
Punditͱ - ֤ϦιʔεͷActionʹରͯ͠ೝՄ݅Λઃఆ͢Δɻ - ֤ModelຖʹݖݶઃఆΛߦ͏PolicyΫϥεΛ࡞͠ɺ Actionʹର͢ΔೝՄ݅Λఆٛ͢Δɻ(Modelґଘ) - PolicyΫϥεී௨ͷRubyΫϥεͰ͋ΔͨΊɺRuby ͷجૅ͕ࣝ͋Ε୭Ͱѻ͑Δɻ
PunditΛಋೖͨ݁͠Ռ - PolicyΫϥε
PunditΛಋೖͨ݁͠Ռ - ControllerΫϥε ControllerଆͰauthorizeΛ࣮ߦͨ͠ࡍʹɺModel໊+Policyͷن ଇͰPolicyΫϥε͕ಛఆ͞Ε্ͨͰΠϯελϯεԽ͞Εͯɺ֘ ͢Δpolicyͷϝιου͕ݺΕͯͦͷΞΫγϣϯ͕࣮ߦՄೳ͔Ͳ ͏͔ఆ͢Δɻ
PunditͷϝϦοτᶃ - ݖݶཧͷϩδοΫ͕1Օॴʹू͞ΕΔ - ݖݶཧʮXXݖݶͳΒYYϦιʔεͷCRUDΛڐՄ͢Δʯ ͱ͍͏Α͏ʹϦιʔεϕʔεͷཁ݅Ͱ͋ΓɺModelͷͱ͠ ͯଊ͑Δ͜ͱͰݖݶϩδοΫͷ࣮Օॴ͕໌֬ʹͳΔɻ - ݖݶϩδοΫ͕PolicyΫϥεʹू͢Δ͜ͱͰɺController ͷ֤Action͕ෳࡶͳݖݶϩδοΫͰԚΕΔ͜ͱΛ͛Δɻ
PunditͷϝϦοτᶄ - PolicyΫϥεී௨ͷRubyΫϥεͷͨΊॊೈੑ͕ߴ͍ - PolicyΫϥεRubyͰग़དྷΔॲཧԿͰߦ͏ࣄ͕Ͱ͖Δͨ Ίɺࣗ༝͕ͱͯߴ͘ෳࡶͳۀϩδοΫʹॊೈʹରԠՄ ೳɻ - ϞδϡʔϧԽܧঝͱ͍ͬͨ͜ͱՄೳɻ
PunditͷσϝϦοτᶃ - ݸʑͷPolicyϑΝΠϧ͕Modelຖʹ࡞͞Ε͍ͯΔͷ Ͱݖݶશମͷݟ௨͕͠ѱ͍ɻ - ΞϓϦέʔγϣϯͷݖݶཧશମΛ֬ೝ͠Α͏ͱͨ͠߹ɺ ݸʑͷPolicyϑΝΠϧΛ1ͭͣͭݟ͍ͯ͘ඞཁ͕͋Δɻ - ΞϓϦέʔγϣϯ͕ෳࡶԽɾංେԽͨ͠߹ʹݟ௨͠ͷѱ ͞க໋తͳٕज़తෛ࠴ʹͳΓ͔Ͷͳ͍ɻ
PunditͷσϝϦοτᶄ - Modelຖʹඥͮ͘PolicyΫϥεʹControllerͷ Actionʹඥͮ͘ϝιουΛ࣮͢ΔͨΊɺ҉తʹ ModelͱPolicyͱController1:1:1ͱ͍͏੍ͱͳΔɻ - ΞϓϦέʔγϣϯ͕ෳࡶԽɾංେԽ͠ɺ1ͭͷModelΛѻ͏ Controller͕ෳଘࡏ͠ɺͦΕͧΕͰݖݶϩδοΫΛΓସ͑ ͍ͨͱ͍͏έʔε͕ੜ·Εͨ࣌ɺࠔΔɻ -
ͭ·Γɺ1ͭͷModelʹରͯ͠ɺෳͷPolicyΫϥε͕ඞཁͱ ͳͬͨ߹ʹԿΒ͔ͷΛ͢Δ͜ͱͳΔɻ (ྑ͍ϓϥΫςΟε͕͋ͬͨΒɺڭ͑ͯԼ͍͞(o*Ň_Ň)oųƅŠŕ)
·ͱΊ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ - PunditͷಋೖͰ֤ϦιʔεຖͷݖݶϩδοΫΛҰՕॴʹ·ͱΊ Δ͜ͱ͕ग़དྷΔͷͰControllerView͕݅ذίʔυͰԚΕ Δղܾग़དྷΔɻ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ͘ͳΔ -
`admin`ͱ͍͏ᐆດͳׂΛͳ͘͠ɺ֤Ϧιʔεຖʹ໌֬ͳ ׂ(role)ΛϢʔβʹׂΓͯɺPunditͰActionຖʹ࣮ߦ੍ޚ͢Δ ͜ͱͰᐆດ͞Λճආ͢Δ͜ͱՄೳɻ - ͨͩɺ`admin`ͱ͍͏ݖݶ࡞Ζ͏ͱࢥ͑࡞ΕΔͷͰɺࠜຊ తͳ੍ग़དྷͳ͍ɻ
͓ΘΓʹ - ʮLTΓ·͢ʂʯͱݴͬͯௐΔ·Ͱʮݖݶཧͷ ͱ…ʁʯͱײ͍ͯ͡·ͨ͠ɻ ͔͠͠ɺௐΔʹʹ֮͑ͷ͋ΔΞϓϦέʔγϣϯ ͷ֦େͷӨڹͰͷϩδοΫͷෳࡶԽɺόά͕ൃ ੜͨ͠߹ʹக໋ইʹͳΔՄೳੑͷߴ͔͞ΒೝࣝΛվ Ί·ͨ͠ɻ(*´Д⊂ʋŠƄŶƃūšŘ - ·ͨɺॏཁ͔ͩΒͦ͜γϯϓϧʹ୭ʹͰѻ͑ΔɾΘ͔Γ
͘͢อͭ͜ͱ͕ඞཁͱڧ͘ײ͡·ͨ͠ɻ(ͨΓલ)
͓·͚
͓·͚1ɿPunditɾCanCanCanͷൺֱ Pundit CanCanCan ಋೖ GemΛΠϯετʔϧ͠ɺBaseContollerͰPunditΛ include͢Ε༻Մೳɻ GemΛΠϯετʔϧ͠ɺAbilityΫϥεΛ࡞Ε༻Մ ೳɻControllerͰͷincludeෆཁɻ ݖݶઃఆ ֤ModelʹରԠͨ͠PolicyΫϥεΛ࡞͠ɺݖݶຖͷઃ
ఆΛهड़͢Δɻ 1ͭͷAbilityΫϥεʹϩʔϧຖͷ֤Ϟσϧʹର͢Δશͯͷ ݖݶΛهࡌ͍ͯ͘͠ɻ ControllerͰͷೝՄ authorizeϝιουΛݺͼग़͢͜ͱͰϞσϧʹରԠ͢Δ PolicyΫϥε͕ࣗಈతʹࢀর͞ΕΔɻControllerͷΞΫ γϣϯ໊ͱϚονͨ͠PolicyΫϥεͷϝιου͕ݺ Εɺ࣮ߦՄೳ͔ఆ͢Δɻ authorize!ϝιουͰݖݶͷೝՄ͕Ͱ͖ɺAbilityΫϥεʹ ఆٛͨ͠ݖݶઃఆΛࢀর͠ɺ࣮ߦՄೳ͔ఆ͢Δɻ ViewͰͷೝՄ policyϝιουΛ༻͢Δ͜ͱͰఆͰ͖Δɻ can?cannot?ϝιουͰఆͰ͖Δɻ Ϩίʔυͷ੍ scopeͱ͍͏ػೳΛ༻͍ͯɺPolicyϑΝΠϧʹΠϯφ ʔΫϥεͱͯ͠ScopeΫϥεΛఆٛ͢Δ͜ͱͰϢʔβ ͷϨίʔυͷΞΫηεΛ੍ݶͰ͖Δɻ policy_scopeϝιουͰݺͼग़͠Մೳɻ Hash of Conditionsͱ͍͏ػೳΛ༻͍ͯɺ݅Λ͢ͱऔ ಘ͢ΔϨίʔυΛ੍ݶग़དྷΔɻ accessible_byϝιουͰݺͼग़͠Մೳɻ ૯߹ ֤ϞσϧຖʹରԠͨ͠PolicyϑΝΠϧΛఆٛ͢Δɻ σʔλϞσϧ͕ଟ͍߹ͰɺPolicyϑΝΠϧγϯ ϓϧʹอͯΔ͕ɺݸʑͷPolicyϑΝΠϧʹݖݶ͕ݸผ ࣮͞Ε͍ͯΔͷͰશମͷݟ௨͕͠ѱ͍ɻ 1ͭͷAbilityΫϥεʹ֤ϩʔϧͷ֤ϞσϧͷݖݶΛఆ ٛ͢Δɻ1ϑΝΠϧʹશͯͷݖݶใ͕ू·ΔͷͰݟ௨ ͠ྑ͍͕ɺΞϓϦέʔγϣϯͷ֦େͱڞʹංେԽͷҰ ్ΛḷΔɻ
͓·͚2ɿͦͷଞͷݖݶཧGem - rolifyɿϢʔβʹϩʔϧΛ༩ͨ͠Γɺࢦఆͨ͠ϩʔϧΛ͍࣋ͬͯ ΔϢʔβΛ୳ͨ͠ΓͱϩʔϧϕʔεͰͷݖݶཧΛߦ͏ɻ →ೝূGem(deviseͳͲ)ೝՄGem(CanCanCanɾPundit)ͱ؆୯ʹ ଓग़དྷΔɻ - authorityɿORMʹґଘͤͣʹControllerͷActionຖʹ࣮ߦͰ͖Δ ݖݶΛఆٛͰ͖Δɻ2019ʹ։ൃఀࢭதɻ -
bankenɿPunditϥΠΫͳAPIΛอͪͭͭModelʹґଘͤͣʹɺ ControllerͷActionʹඥͮ͘ϝιουͷݖݶΛఆٛग़དྷΔɻ →ΞϓϦ͕֦େʹͳΓɺModelɾController͕ෳࡶʹͳͬͯҰ؏ ͍ͯ͠ଓ͚Δ͜ͱՄೳɻ
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ