Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Gotanda.rb#46 権限管理のつらみとPundit
Search
Hiroki Tanaka
September 29, 2020
Programming
7.5k
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Gotanda.rb#46 権限管理のつらみとPundit
2020/09/29のGotanda.rb#46LT発表した『権限管理のつらみとPundit』です。
Hiroki Tanaka
September 29, 2020
More Decks by Hiroki Tanaka
See All by Hiroki Tanaka
機能QA会のすゝめ
hiroki_tanaka
0
300
定期リリースの導入
hiroki_tanaka
0
230
noteの品質課題に立ち上げ直後のQAチームが挑んだ軌跡
hiroki_tanaka
1
1.6k
note初のBug Bashを やってみた
hiroki_tanaka
1
1.6k
コロナ禍の1年間でAWSの資格を 3つ取得した話
hiroki_tanaka
0
540
Rubocop対応のすゝめ
hiroki_tanaka
0
97
Gotanda.rb#48 ECS on Fargateでのハマりポイント
hiroki_tanaka
1
400
Gotanda.rb#47 Mailgun3分クッキング
hiroki_tanaka
1
7.5k
Other Decks in Programming
See All in Programming
Java × distroless で 軽量なコンテナイメージを / Java on Distroless
contour_gara
0
560
Developing with AI Agents — Codex, Claude Code & Cowork Practical Guide
x5gtrn
PRO
0
1.3k
「AIで開発し、AIを届ける」をEvalでつなぐ 〜AIネイティブに始めるプロダクト開発の実践〜 / Connecting "Develop with AI, deliver AI" with Eval
rkaga
4
5.3k
依存関係から依存物へ―Dependencyという言葉の歴史をひも解く
j_lee
0
130
AIで効率化できた業務・日常
ochtum
0
140
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
11
6.1k
Oxcを導入して開発体験が向上した話
yug1224
4
330
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
blueswen
0
170
メソッドのジェネリクスでGoの夢は広がるか? / Kyoto.go #65
utgwkk
3
900
さぁV100、メモリをお食べ・・・
nilpe
0
150
ふつうのFeature Flag実践入門
irof
8
4.1k
スマートグラスで並列バイブコーディング
hyshu
0
260
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Balancing Empowerment & Direction
lara
6
1.2k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.2k
How to Think Like a Performance Engineer
csswizardry
28
2.7k
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
540
Facilitating Awesome Meetings
lara
57
7k
Chasing Engaging Ingredients in Design
codingconduct
0
220
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
123
22k
Side Projects
sachag
455
43k
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
Transcript
Gotanda.rb#46 ݖݶཧͷͭΒΈͱPundit 2020/09/29 גࣜձࣾτϨλ @hiroki_tanaka
ࣗݾհ ɾాத جɿ@hiroki_tanaka ɾSIerɿϑϡʔνϟʔΞʔΩςΫτ(4ؒ) →WebܥϕϯνϟʔɿגࣜձࣾτϨλ(1ؒ) ɾRubyɿ2ɾJavaɿ2ɾSQLɿ5 ɾझຯɿεϓϥτΡʔϯɾમ౬८Γ ɾॳΊͯͷ֎෦ษڧձͰͷLTɺŪƄŝŪƄŝ…(((*´>ω<`)))…ŪƄŝŪƄŝ…
ࠓ͢͜ͱɾ͞ͳ͍͜ͱ ʲ͢͜ͱʳ - ݖݶཧͷΑ͋͘ΔͱͲ͏ཱ͔͍͔ͪͬͯ͘ - ݖݶཧͷGemͷհ (→ͪͳΈʹɺࢲ͕ͬͨ͜ͱ͕͋ΔͷCanCanͱPundit) ʲ͞ͳ͍͜ͱʳ - ཧը໘ߏஙͷGemͷ
→rails_admin/active_admin/administrateͳͲ
ݖݶͰ͜Μͳܦݧɺ ͋Γ·ͤΜ͔ʁ
͜ͷػೳॏཁͳػೳ͔ͩΒɺ ৬͕෦Ҏ্͔ͭ౦ژຊࣾͷਓʹ͔͠ ࣮ߦݖݶΛ༩͑ͳ͍Ͱཉ͍͠ɻ
ސ٬ͷݸਓใγεςϜཧऀݖݶͩ ͚Ͱͳ͘ɺݸਓใཧऀݖݶͷ͋ΔϢʔβ ͷΈͷӾཡͱͯ͠ཉ͍͠ɻ
ݖݶཧͷΑ͋͘Δ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ ͘ͳΔ
ݖݶཧͷΑ͋͘Δᶃ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ - ݖݶʹؔ͢ΔϏδωεϩδοΫΛ࣮͢ΔͨΊʹController Viewͷϝιου͕ifจcaseจͩΒ͚ʹͳΔɻ - ࣅͨΑ͏ͳೝՄϩδοΫ͕༷ʑͳॴʹίϐϖ͞Εͯɺमਖ਼͢ ΔࡍͷӨڹൣғ͕େ͖͘ͳͬͯ͠·͏ɻ
- Fat ControllerͷҰཁҼʹͳΔɻ
ݖݶཧͷΑ͋͘Δᶃ ྫ͑ɺ͜Μͳײ͡ͷίʔυɻ - Controller - View
ݖݶཧͷΑ͋͘Δᶄ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ ͘ͳΔ - αʔϏεͷ`admin`ͱ͍͏ݖݶຊདྷɺͲͷϦιʔεʹର ͯ͠ԿͰग़དྷΔ͕ɺαʔϏεͷ֦େͱڞʹத్ʹͳ Γ͕ͪɻ - ݁Ռతʹcurrent_user͕`admin`͔Ͳ͏͔ͷνΣοΫͰͳ
͘ɺΑΓηϯγςΟϒͳݖݶͰνΣοΫ͢ΔϩδοΫΛ࣋ͭ Ϧιʔε͕ੜ·ΕɺʮadminͱԿͩͬͨͷ͔…ʯͱͳͬͯ ͠·͏ɻ
ݖݶཧͷΑ͋͘Δᶄ ྫ͑ɺ͜Μͳঢ়گɻ - current_user͕`admin`ͩͬͨ߹ϦιʔεAͷॴ༗ऀͰͳ͘ ͯɺCRUDશͯՄೳɻ - current_user͕adminͩͬͨ߹ϦιʔεBࢀরͷΈՄೳͩ ͕ɺͦΕҎ֎Ϧιʔεͷॴ༗ऀͰͳ͍ͱෆՄɻ - current_user͕adminͩͬͨ߹ͰϦιʔεCݸਓใؚ͕
·ΕΔͷͰࢀরؚΊશͯෆՄɻ
ݖݶཧͷΑ͋͘Δᶃɾᶄ ᶃͱᶄͷΛ์ஔ͢ΔͱͲ͏ͳΔͷ͔ʁ - ݖݶϩδοΫαʔϏεͷ֦େͱڞʹංେԽ͍ͯͨ͘͠Ίɺ ࠷ऴతʹෳࡶͳذϩδοΫ͕ൣғʹര͢Δɻ 㱺ظతʹɺݖݶϩδοΫ͕֤Ϧιʔεʹࢄ͢Δ͜ͱͰ मਖ਼࿙Ε͕͋ͬͨ߹ɺக໋తͳόάͷԹচʹͳΔɻ - ຊདྷݟ͍͚͑ͯͳ͍ϖʔδ͕ݟ͑ͯ͠·͏ɾॲཧ͕Ͱ͖ͯ͠· ͏ɻٯʹɺຊདྷݟ͑Δͣͷϖʔδ͕ݟ͑ͳ͍ɻ
ݖݶཧͷΑ͋͘Δᶃɾᶄ ᶃͱᶄͷΛ์ஔ͢ΔͱͲ͏ͳΔͷ͔ʁ - ݖݶϩδοΫαʔϏεͷ֦େͱڞʹංେԽ͍ͯͨ͘͠Ίɺ ࠷ऴతʹෳࡶͳذϩδοΫ͕ൣғʹര͢Δɻ 㱺தظతʹɺίʔυͷՄಡੑɾอकੑ͕Լ͠ɺϝϯς φϯείετͷ૿େͱͳٕͬͯज़తͳෛͷҨ࢈ʹͳΔɻ
Ͳ͏ཱ͔ͪ͏͔ɿݪҼٻ ͦͦͷʰϢʔβͱϦιʔεͷݖݶʹؔ͢ ΔϩδοΫͷ࣮͕ࢄɾ͍ͯ͠Δʱ͜ͱɻ 㱺ਅҼʰຊདྷڞ௨Խ࣮ͯ͠͞ΕΔ͖Ϣʔβͷ ݖݶʹؔ͢ΔϩδοΫ͕֤ػೳɾ֤Ϣʔεέʔεຖʹϕ λͰ࣮͞Ε͍ͯΔɾͤ͟ΔΛಘͳ͍ঢ়گʹͳ͍ͬͯ Δʱ͜ͱɻ
͡Ό͋ɺͲ͏͠Α͏ʁ
ͦ͏ͩɺ PunditΛͬͯΈΑ͏
Punditͱ - ֤ϦιʔεͷActionʹରͯ͠ೝՄ݅Λઃఆ͢Δɻ - ֤ModelຖʹݖݶઃఆΛߦ͏PolicyΫϥεΛ࡞͠ɺ Actionʹର͢ΔೝՄ݅Λఆٛ͢Δɻ(Modelґଘ) - PolicyΫϥεී௨ͷRubyΫϥεͰ͋ΔͨΊɺRuby ͷجૅ͕ࣝ͋Ε୭Ͱѻ͑Δɻ
PunditΛಋೖͨ݁͠Ռ - PolicyΫϥε
PunditΛಋೖͨ݁͠Ռ - ControllerΫϥε ControllerଆͰauthorizeΛ࣮ߦͨ͠ࡍʹɺModel໊+Policyͷن ଇͰPolicyΫϥε͕ಛఆ͞Ε্ͨͰΠϯελϯεԽ͞Εͯɺ֘ ͢Δpolicyͷϝιου͕ݺΕͯͦͷΞΫγϣϯ͕࣮ߦՄೳ͔Ͳ ͏͔ఆ͢Δɻ
PunditͷϝϦοτᶃ - ݖݶཧͷϩδοΫ͕1Օॴʹू͞ΕΔ - ݖݶཧʮXXݖݶͳΒYYϦιʔεͷCRUDΛڐՄ͢Δʯ ͱ͍͏Α͏ʹϦιʔεϕʔεͷཁ݅Ͱ͋ΓɺModelͷͱ͠ ͯଊ͑Δ͜ͱͰݖݶϩδοΫͷ࣮Օॴ͕໌֬ʹͳΔɻ - ݖݶϩδοΫ͕PolicyΫϥεʹू͢Δ͜ͱͰɺController ͷ֤Action͕ෳࡶͳݖݶϩδοΫͰԚΕΔ͜ͱΛ͛Δɻ
PunditͷϝϦοτᶄ - PolicyΫϥεී௨ͷRubyΫϥεͷͨΊॊೈੑ͕ߴ͍ - PolicyΫϥεRubyͰग़དྷΔॲཧԿͰߦ͏ࣄ͕Ͱ͖Δͨ Ίɺࣗ༝͕ͱͯߴ͘ෳࡶͳۀϩδοΫʹॊೈʹରԠՄ ೳɻ - ϞδϡʔϧԽܧঝͱ͍ͬͨ͜ͱՄೳɻ
PunditͷσϝϦοτᶃ - ݸʑͷPolicyϑΝΠϧ͕Modelຖʹ࡞͞Ε͍ͯΔͷ Ͱݖݶશମͷݟ௨͕͠ѱ͍ɻ - ΞϓϦέʔγϣϯͷݖݶཧશମΛ֬ೝ͠Α͏ͱͨ͠߹ɺ ݸʑͷPolicyϑΝΠϧΛ1ͭͣͭݟ͍ͯ͘ඞཁ͕͋Δɻ - ΞϓϦέʔγϣϯ͕ෳࡶԽɾංେԽͨ͠߹ʹݟ௨͠ͷѱ ͞க໋తͳٕज़తෛ࠴ʹͳΓ͔Ͷͳ͍ɻ
PunditͷσϝϦοτᶄ - Modelຖʹඥͮ͘PolicyΫϥεʹControllerͷ Actionʹඥͮ͘ϝιουΛ࣮͢ΔͨΊɺ҉తʹ ModelͱPolicyͱController1:1:1ͱ͍͏੍ͱͳΔɻ - ΞϓϦέʔγϣϯ͕ෳࡶԽɾංେԽ͠ɺ1ͭͷModelΛѻ͏ Controller͕ෳଘࡏ͠ɺͦΕͧΕͰݖݶϩδοΫΛΓସ͑ ͍ͨͱ͍͏έʔε͕ੜ·Εͨ࣌ɺࠔΔɻ -
ͭ·Γɺ1ͭͷModelʹରͯ͠ɺෳͷPolicyΫϥε͕ඞཁͱ ͳͬͨ߹ʹԿΒ͔ͷΛ͢Δ͜ͱͳΔɻ (ྑ͍ϓϥΫςΟε͕͋ͬͨΒɺڭ͑ͯԼ͍͞(o*Ň_Ň)oųƅŠŕ)
·ͱΊ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ - PunditͷಋೖͰ֤ϦιʔεຖͷݖݶϩδοΫΛҰՕॴʹ·ͱΊ Δ͜ͱ͕ग़དྷΔͷͰControllerView͕݅ذίʔυͰԚΕ Δղܾग़དྷΔɻ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ͘ͳΔ -
`admin`ͱ͍͏ᐆດͳׂΛͳ͘͠ɺ֤Ϧιʔεຖʹ໌֬ͳ ׂ(role)ΛϢʔβʹׂΓͯɺPunditͰActionຖʹ࣮ߦ੍ޚ͢Δ ͜ͱͰᐆດ͞Λճආ͢Δ͜ͱՄೳɻ - ͨͩɺ`admin`ͱ͍͏ݖݶ࡞Ζ͏ͱࢥ͑࡞ΕΔͷͰɺࠜຊ తͳ੍ग़དྷͳ͍ɻ
͓ΘΓʹ - ʮLTΓ·͢ʂʯͱݴͬͯௐΔ·Ͱʮݖݶཧͷ ͱ…ʁʯͱײ͍ͯ͡·ͨ͠ɻ ͔͠͠ɺௐΔʹʹ֮͑ͷ͋ΔΞϓϦέʔγϣϯ ͷ֦େͷӨڹͰͷϩδοΫͷෳࡶԽɺόά͕ൃ ੜͨ͠߹ʹக໋ইʹͳΔՄೳੑͷߴ͔͞ΒೝࣝΛվ Ί·ͨ͠ɻ(*´Д⊂ʋŠƄŶƃūšŘ - ·ͨɺॏཁ͔ͩΒͦ͜γϯϓϧʹ୭ʹͰѻ͑ΔɾΘ͔Γ
͘͢อͭ͜ͱ͕ඞཁͱڧ͘ײ͡·ͨ͠ɻ(ͨΓલ)
͓·͚
͓·͚1ɿPunditɾCanCanCanͷൺֱ Pundit CanCanCan ಋೖ GemΛΠϯετʔϧ͠ɺBaseContollerͰPunditΛ include͢Ε༻Մೳɻ GemΛΠϯετʔϧ͠ɺAbilityΫϥεΛ࡞Ε༻Մ ೳɻControllerͰͷincludeෆཁɻ ݖݶઃఆ ֤ModelʹରԠͨ͠PolicyΫϥεΛ࡞͠ɺݖݶຖͷઃ
ఆΛهड़͢Δɻ 1ͭͷAbilityΫϥεʹϩʔϧຖͷ֤Ϟσϧʹର͢Δશͯͷ ݖݶΛهࡌ͍ͯ͘͠ɻ ControllerͰͷೝՄ authorizeϝιουΛݺͼग़͢͜ͱͰϞσϧʹରԠ͢Δ PolicyΫϥε͕ࣗಈతʹࢀর͞ΕΔɻControllerͷΞΫ γϣϯ໊ͱϚονͨ͠PolicyΫϥεͷϝιου͕ݺ Εɺ࣮ߦՄೳ͔ఆ͢Δɻ authorize!ϝιουͰݖݶͷೝՄ͕Ͱ͖ɺAbilityΫϥεʹ ఆٛͨ͠ݖݶઃఆΛࢀর͠ɺ࣮ߦՄೳ͔ఆ͢Δɻ ViewͰͷೝՄ policyϝιουΛ༻͢Δ͜ͱͰఆͰ͖Δɻ can?cannot?ϝιουͰఆͰ͖Δɻ Ϩίʔυͷ੍ scopeͱ͍͏ػೳΛ༻͍ͯɺPolicyϑΝΠϧʹΠϯφ ʔΫϥεͱͯ͠ScopeΫϥεΛఆٛ͢Δ͜ͱͰϢʔβ ͷϨίʔυͷΞΫηεΛ੍ݶͰ͖Δɻ policy_scopeϝιουͰݺͼग़͠Մೳɻ Hash of Conditionsͱ͍͏ػೳΛ༻͍ͯɺ݅Λ͢ͱऔ ಘ͢ΔϨίʔυΛ੍ݶग़དྷΔɻ accessible_byϝιουͰݺͼग़͠Մೳɻ ૯߹ ֤ϞσϧຖʹରԠͨ͠PolicyϑΝΠϧΛఆٛ͢Δɻ σʔλϞσϧ͕ଟ͍߹ͰɺPolicyϑΝΠϧγϯ ϓϧʹอͯΔ͕ɺݸʑͷPolicyϑΝΠϧʹݖݶ͕ݸผ ࣮͞Ε͍ͯΔͷͰશମͷݟ௨͕͠ѱ͍ɻ 1ͭͷAbilityΫϥεʹ֤ϩʔϧͷ֤ϞσϧͷݖݶΛఆ ٛ͢Δɻ1ϑΝΠϧʹશͯͷݖݶใ͕ू·ΔͷͰݟ௨ ͠ྑ͍͕ɺΞϓϦέʔγϣϯͷ֦େͱڞʹංେԽͷҰ ్ΛḷΔɻ
͓·͚2ɿͦͷଞͷݖݶཧGem - rolifyɿϢʔβʹϩʔϧΛ༩ͨ͠Γɺࢦఆͨ͠ϩʔϧΛ͍࣋ͬͯ ΔϢʔβΛ୳ͨ͠ΓͱϩʔϧϕʔεͰͷݖݶཧΛߦ͏ɻ →ೝূGem(deviseͳͲ)ೝՄGem(CanCanCanɾPundit)ͱ؆୯ʹ ଓग़དྷΔɻ - authorityɿORMʹґଘͤͣʹControllerͷActionຖʹ࣮ߦͰ͖Δ ݖݶΛఆٛͰ͖Δɻ2019ʹ։ൃఀࢭதɻ -
bankenɿPunditϥΠΫͳAPIΛอͪͭͭModelʹґଘͤͣʹɺ ControllerͷActionʹඥͮ͘ϝιουͷݖݶΛఆٛग़དྷΔɻ →ΞϓϦ͕֦େʹͳΓɺModelɾController͕ෳࡶʹͳͬͯҰ؏ ͍ͯ͠ଓ͚Δ͜ͱՄೳɻ
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ