Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Rails Authorization

Kyuden Masahiro
January 19, 2016
Programming
21
13k

Rails Authorization

Ginza.rb 第31回 ユーザの権限管理どうしてます?発表資料
https://ginzarb.doorkeeper.jp/events/36898

kyuden/banken
https://github.com/kyuden/banken

Kyuden Masahiro

January 19, 2016
Tweet

More Decks by Kyuden Masahiro

See All by Kyuden Masahiro
Red-Black Tree for Ruby
kyuden
1
1.3k
365日24時間稼働必須サービスの 完全無停止DB移行
kyuden
23
9.8k
Why Rails 5.1
kyuden
1
590
One Night Vue.js
kyuden
14
3.4k

Other Decks in Programming

See All in Programming
7 principles for rich web apps And how next.js achieves these principles
yosuke_furukawa
PRO
6
1k
EbitengineでGUIツール作ってみた
aethiopicuschan
0
110
Iintroduction of how big tech runs tech projects
kazamori
1
450
ドメインを中心にしたプロダクト開発/domain-driven-product
hirodragon112
1
190
Chatwork プロダクト本部 紹介資料(エンジニア向け)
chatwork_hr
0
540
認知負荷で考えるフロントエンドの組織体制
shibe23
0
400
Kubernetesソースコードリーディング入門
bells17
15
2.8k
Exploring Code Smells - ElixirConf US 2023
elainenaomi
1
240
Unit of Workパターンで永続化とトランザクションを制御する
shimabox
6
1.4k
スキル差があるペア_モブプロで効果的な_ドライバーナビゲータ以外のロールの分け方.pdf
yatasunshine
1
150
Compose で Android/iOS アプリを作る
m_coder
0
1.3k
Jetpack Compose の Side-effect を使いこなす / DroidKaigi 2023
star_zero
1
670

Featured

See All Featured
A designer walks into a library…
pauljervisheath
199
17k
Building an army of robots
kneath
300
41k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Mobile First: as difficult as doing things right
swwweet
214
8.2k
Gamification - CAS2011
davidbonilla
75
4.3k
Into the Great Unknown - MozCon
thekraken
7
600
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
17
1.3k
How to Ace a Technical Interview
jacobian
272
22k
The Pragmatic Product Professional
lauravandoore
23
4k
[Brighton Ruby 2023] The Magic of Rails
eileencodes
3
260
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
50k
The Invisible Customer
myddelton
113
12k

Transcript

  1. RAILS
    AUTHORIZATION
    KYUDEN MASAHIRO
    kyuden_ kyuden

    View Slide

  2. ೔ຊޠTutorialΛWIKIʹ༻ҙ͠·ͨ͠


    View Slide

  3. ೔ຊޠTutorialΛWIKIʹ༻ҙ͠·ͨ͠


    View Slide

  4. View Slide

  5. View Slide

  6. ݖݶ؅ཧ
    Talking Theme

    View Slide

  7. ݖݶ؅ཧ͸ίʔυ͕༰қ͘ߥΕΔ

    View Slide

  8. ݖݶ؅ཧͷDBઃܭʹ͍ͭͯ͸
    ࿩͠·ͤΜ

    View Slide

  9. Why
    ݖݶ؅ཧͷDBઃܭ͸
    ཁ݅ʹΑͬͯ͞·͟·͔ͩΒ

    View Slide

  10. ຊ୊ɿݖݶʹΑΔController΍Viewͷ੍ޚ

    View Slide

  11. ControllerͱView͕ if ͰߥΕΔ

    View Slide

  12. ‣ ࣅͨΑ͏ͳೝՄ৚͕݅Controller΍ViewͳͲ޿͍ൣғʹࢄࡏ

    ‣ Modelʹݖݶ൑ఆΛدͤͯ΋ݖݶ͕૿͑ΔͱFat Modelʹ

    View Slide

  13. ʨ›`≡ŋŐŋ≡´ʩ›ớ ᵲᴸᴸᴸᵲ

    View Slide

  14. Use gem

    View Slide

  15. Choose CanCan/CanCanCan gem ?

    View Slide

  16. View Slide

  17. Architecture with CanCan/CanCanCan
    Controller A
    Controller B
    Controller C
    Ability
    ‣ Controller͝ͱʹఆ͍ٛͯͨ͠ೝՄ৚݅Λ෼཭͠

    1ͭͷAbilityΫϥεʹूதͤ͞Δ

    View Slide

  18. Design concept of CanCan/CanCanCan
    ‣ ݖݶ͝ͱʹ

    ֤ϦιʔεͱActionʹର͢ΔೝՄ৚݅Λఆٛ

    View Slide

  19. How to use CanCan/CanCanCan
    class HogesController < ApplicationController
    def index
    authorize! :index, Hoge

    View Slide

  20. Problem of CanCan/CanCanCan
    ‣ ݖݶ؅ཧ͕ෳࡶͳΞϓϦͰ͸AbilityΫϥε͕ංେԽ͠
    खʹෛ͑ͳ͘ͳΔ

    ‣ ͢΂ͯͷೝՄ৚͕݅ఆٛ͞ΕͨAbilityΫϥε͕ϦΫΤ
    ετຖʹධՁ͞ΕΔͨΊϨεϙϯε͕ଟগॏ͘ͳΔ

    (க໋తͰ͸ͳ͍͕ແବ͕ଟ͍)

    ‣ CanCanCan͕ఏڙ͢ΔೝՄ৚݅Λఆٛ͢ΔͨΊͷಠ
    ࣗDSL͕ෳࡶͰਏ͍֮͑ͨ͘͠ͳ͍


    View Slide

  21. ʨ΁ `≡ŋŐŋ≡´ʩ΁ ᵪᴸᴸᴸᵪ

    View Slide

  22. ʨ›`≡ŋŐŋ≡´ʩ›ớ ᵲᴸᴸᴸᵲ

    View Slide

  23. Choose Pundit gem ?

    View Slide

  24. View Slide

  25. Design concept of Pundit
    ‣ Ϧιʔεຖʹ

    Actionʹର͢ΔೝՄ৚݅Λఆٛ

    View Slide

  26. Architecture with Pundit
    ‣ ModelຖʹPolicyΫϥεΛ࡞੒͠Actionʹ
    ର͢ΔೝՄ৚݅Λఆ͍ٛͯ͘͠
    Model A

    A Policy

    Controller A
    update
    destroy
    update?
    destroy?

    View Slide

  27. How to use Pundit
    v

    View Slide

  28. Impression of Pundit (1)
    ‣ Punditͷ಺෦࣮૷͸RailsͷϞϯΩʔύον
    ͳͲͷ֦ுΛߦ͍ͬͯͳ͍ͷͰRailsͷόʔ
    δϣϯΞοϓʹΑΔӨڹΛड͚ʹ͍͘

    View Slide

  29. Impression of Pundit (2)
    ‣ CanCanCanͷΑ͏ͳೝՄ৚݅Λఆٛ͢Δಠ
    ࣗDSLΛ࢖ΘͣೝՄ৚݅Λఆٛ͢Δࣄ͕Ͱ
    ͖ΔɻPunditΛ࢖͏্Ͱඞཁͳͷ͸࠷খݶ
    ͷ࢖͍ํͱRubyྗ

    ‣ PolicyΫϥε͸୯ͳΔRubyͷΫϥεͰ͋Δ
    ͨΊϞδϡʔϧԽͨ͠Γܧঝͤͨ͞Γཁ݅
    ʹԠͯ͡ॊೈʹ࣮૷Ͱ͖Δ

    View Slide

  30. Impression of Pundit (3)
    ‣ ຊདྷɺݖݶ؅ཧͱ͸ʮAdminͳΒArticleϦ
    ιʔεͷߋ৽ΛೝՄ͢ΔʯͷΑ͏ʹϦιʔε
    ϕʔεͷཁ݅Ͱ͋ΔͨΊݖݶ؅ཧΛϞσϧد
    Γͷ੹຿ͱͯ͠ଊ͑ɺϦιʔε͝ͱʹೝՄ৚
    ݅Λఆ͍ٛͯ͘͠Ξϓϩʔν͸ͱͯ΋ࣗવɻ

    View Slide

  31. ʨ`≡ŋŐŋ≡´ʩὑ

    View Slide

  32. Problem of Pundit (1)
    ‣ Modelຖʹ࡞੒͢ΔPolicyΫϥεʹ͸Controllerͷ
    Actionʹඥͮ͘ϝιου(action + ?)Λ࣮૷͢Δͨ
    ΊɺPunditΛ࢖͏্Ͱ͸Model, Policy, Controller
    ͕1ର1ର1ͱ͍͏੍໿͕҉໧తʹੜ·ΕΔ
    Model A

    A Policy

    Controller A
    update
    destroy
    update?
    destroy?

    View Slide

  33. Problem of Pundit (2)
    ‣ جຊతʹ͸ArticleModelΛѻ͏ͷ͸
    ArticlesControllerͳͷͰArticlePolicy͕͋Ε͹ࣄ
    ଍ΓΔ

    ‣ ͕͔͠͠ɺΞϓϦ͕ෳࡶʹͳ͍ͬͯ͘ͱಛఆͷϞ
    σϧΛѻ͏Controller͕ෳ਺ଘࡏ͢Δ৔߹ɺͭ·Γ
    1ͭͷϞσϧʹର͠ෳ਺ͷPolicy͕ඞཁʹͳΔ৔߹
    ͕͋Γɺ͜ͷ࣌Punditར༻ऀ͸ԿΒ͔ͷ޻෉͢Δ
    ඞཁ͕͋Δɻ(ࠇຐज़ͰPunditΛὃ͢ɺϞϯΩʔ
    ύονΛ౰ͯΔɺPolicyΫϥεΛ޻෉͢ΔͳͲ)

    View Slide

  34. Problem of Pundit (3)

    UserPolicy
    show?

    UsersController
    show

    Admin::UsersController
    show
    User
    ‣ UsersControllerͱAdmin::UsersControllerͷshowͷೝՄ৚݅
    ͕ҧ͏৔߹ɺUserPolicyͱAdmin::UserPolicy͕ཉ͘͠
    ͳΔ͕1ͭͷModelʹରͯ͠͸1ͭͷPolicy͔͠ඥ෇
    ͚Δ͜ͱ͸Ͱ͖ͳ͍

    View Slide

  35. ʨ΁ `≡ŋŐŋ≡´ʩ΁ ᵪᴸᴸᴸᵪ

    View Slide

  36. ʨ›`≡ŋŐŋ≡´ʩ›ớ ᵲᴸᴸᴸᵲ

    View Slide

  37. ʨ΁ `≡ŋŐŋ≡´ʩ΁ ᵪᴸᴸᴸᵪ

    View Slide

  38. Make a hypothesis for authorization
    ‣ ݖݶ؅ཧ͕ϞσϧدΓͷ੹຿ͳΒɺຊདྷೝՄର
    ৅͸ControllerͷActionͰͳ͘ActiveRecordͷ
    ૢ࡞ܥϝιου(create, updateͳͲ)Ͱ͸ͳ͍͔

    ‣ ͔͠͠ɺͦΕͰ͸ొ࿥ɺߋ৽ɺ࡟আ͸ೝՄՄೳ
    ͕ͩࢀরΛೝՄͰ͖ͦ͏ʹͳ͍
    ‣ ΍͸Γݖݶ؅ཧ͸ControllerدΓͷ੹຿ͳͷͰ
    ͸ͳ͍͔

    View Slide

  39. https://github.com/kyuden/banken

    View Slide

  40. Choose banken gem

    View Slide

  41. Design concept of Banken
    ‣ Controllerຖʹ

    Actionʹର͢ΔೝՄ৚݅Λఆٛ

    View Slide

  42. Architecture with Banken
    ‣ ControllerຖʹLoyaltyΫϥεΛ࡞੒͠Action
    ʹର͢ΔೝՄ৚݅Λఆ͍ٛͯ͘͠

    A Loyalty

    Controller A
    update
    destroy
    update?
    destroy?

    View Slide

  43. How to use Banken
    v

    View Slide

  44. Description of Banken (1)
    ‣ Pundit likeͳAPIΛอͪͳ͕ΒPunditͷ
    ModelدΓͷ੹຿ΛControllerدΓʹॻ͖
    ׵͑ͨgem


    View Slide

  45. Description of Banken (2)

    Admin::UsersLoyalty
    show?

    UsersController

    Admin::UsersController
    show

    UsersLoyalty
    show?
    show
    ‣ ControllerຖʹLoyaltyΫϥεΛ࡞੒͠
    Modelʹ͸ґଘ͠ͳ͍ͷͰɺલड़ͨ͠
    Punditͷऑ఺΋ճආͰ͖Δ

    View Slide

  46. Description of Banken (3)
    ‣ Punditಉ༷ʹ಺෦࣮૷͸RailsͷϞϯΩʔ
    ύονͳͲͷ֦ுΛߦ͍ͬͯͳ͍ͷͰRails
    ͷόʔδϣϯΞοϓʹΑΔӨڹΛड͚ʹ͘ɺ
    ࠓ·Ͱ௨Γݩؾʹ৲ඌΛৼͬͯಈ͍ͯ͘Ε
    Δ

    ‣ LoyaltyΫϥε͸୯ͳΔRubyͷΫϥεͰ͋
    ΔͨΊϞδϡʔϧԽͨ͠Γܧঝͤͨ͞Γཁ
    ݅ʹԠͯ͡ॊೈʹ࣮૷Ͱ͖Δ

    View Slide

  47. Problem of Banken
    ‣ Bankenʹ͸੹຿ΛModel͔ΒControllerدΓʹ
    Ҡͨ͠ࣄͰPunditͰ͍͏ॴͷScopeػೳ͕ͳ͍

    ‣ Scopeػೳͱ͍͏ͷ͸ɺݖݶ͝ͱʹ࢖༻͢Δ
    named scopeΛ੾Γସ͑Δػೳ
    ‣ ͕͔͠͠ɺnamed scopeͷ੾Γସ͕͑ඞཁͳ৔
    ߹͸୯७ʹModelʹ࣮૷͢Ε͹ྑ͍ͷͰɺඞͣ͠
    ΋Scopeػೳ͕ඞཁ͔ͱ͍͑͹ͦΜͳ͜ͱ͸ͳ͍

    View Slide

  48. Difference between Banken and Pundit
    Banken
    ‣ ControllerدΓͷݖݶ؅ཧ
    ‣ Scopeػೳ͕࢖༻Ͱ͖ͳ͍
    ‣ ModelɺControllerͷؔ܎͕ෳࡶʹͳͬͯ΋ɺҰ؏͠
    ͯBankenຊདྷͷ࢖͍ํΛଓ͚Δ͜ͱ͕Ͱ͖Δ
    Pundit
    ‣ ModelدΓͷݖݶ؅ཧ
    ‣ Scopeػೳ͕࢖༻Ͱ͖Δ
    ‣ ModelɺControllerͷؔ܎͕ෳࡶʹͳΔͱɺ։ൃऀࣗ਎Ͱ͜ͷ໰
    ୊Λղܾ͢Δඞཁ͕͋ΓɺPunditຊདྷͷ࢖͍ํ͔Β֎ΕΔ৔
    ߹͕͋Δ

    View Slide

  49. ΋͏ҰͭBankenʹ͸଍Γͳ͍ࣄ͕

    View Slide

  50. ࡞ͬͨ͹͔ΓͳͷͰར༻ऀ͕গͳ͍͜ͱ

    (github star΍࣮ࡍͷϓϩδΣΫτͰ࢖ͬͯ΋Β͑Δͱخ͍͠Ͱ͢
    )

    View Slide

  51. Tutorial (ӳޠ &೔ຊޠ)΋WIKIʹ͋Γ·͢


    View Slide

  52. 1ΞϓϦʹ1ඖ

    BankenΛࣂͬͯΈͯ͸͍͔͔͕Ͱ͔͢

    View Slide

  53. ·ͱΊ
    ‣ ݖݶ؅ཧͱ͸
    ‣ ݖݶ؅ཧܥGemͷൺֱ
    ‣ CanCanCan
    ‣ Pundit
    ‣ Banken

    ‣ ίʔυͷඒ͚ͩ͠͞Ͱͳ͘ΑΓઃ
    ܭతͳࢹ఺(Architecture, Design concept)Ͱ
    GemΛධՁ͢Δͱ৽͍͠ൃݟ͕͋Δ

    View Slide

  54. END

    View Slide