Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Gotanda.rb#46 権限管理のつらみとPundit
Search
Hiroki Tanaka
September 29, 2020
Programming
7.5k
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Gotanda.rb#46 権限管理のつらみとPundit
2020/09/29のGotanda.rb#46LT発表した『権限管理のつらみとPundit』です。
Hiroki Tanaka
September 29, 2020
More Decks by Hiroki Tanaka
See All by Hiroki Tanaka
機能QA会のすゝめ
hiroki_tanaka
0
310
定期リリースの導入
hiroki_tanaka
0
230
noteの品質課題に立ち上げ直後のQAチームが挑んだ軌跡
hiroki_tanaka
1
1.6k
note初のBug Bashを やってみた
hiroki_tanaka
1
1.6k
コロナ禍の1年間でAWSの資格を 3つ取得した話
hiroki_tanaka
0
540
Rubocop対応のすゝめ
hiroki_tanaka
0
97
Gotanda.rb#48 ECS on Fargateでのハマりポイント
hiroki_tanaka
1
400
Gotanda.rb#47 Mailgun3分クッキング
hiroki_tanaka
1
7.5k
Other Decks in Programming
See All in Programming
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
940
スマートグラスで並列バイブコーディング
hyshu
0
270
Skillsは効率化、Agentsは"自分の拡張"——Builder時代のエージェント編成(CC Night 2026)
wemra
1
190
AI時代のUIはどこへ行く?その2!
yusukebe
22
7.7k
フロントエンドとバックエンドで「1文字」を揃えよう
youkidearitai
PRO
0
780
AIを活用したE2Eテスト実装効率化のあゆみ / ebisu-mobile-14-kotetu
kotetuco
0
150
作って学ぶ、 JSX (TSX) ランタイムの基本
syumai
7
1.7k
The Bowling Game- From Imperative to Functional Programming - Part 1
philipschwarz
PRO
0
190
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
210
Strategic Design in the Frontend: Moduliths & Micro Frontends @DDDEurope
manfredsteyer
PRO
0
140
AI 輔助遺留系統現代化的經驗分享
jame2408
1
1.1k
The NotImplementedError Problem in Ruby
koic
1
1k
Featured
See All Featured
Optimizing for Happiness
mojombo
378
71k
Designing for Timeless Needs
cassininazir
1
270
Ruling the World: When Life Gets Gamed
codingconduct
0
270
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
30 Presentation Tips
portentint
PRO
1
340
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Odyssey Design
rkendrick25
PRO
2
710
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
Principles of Awesome APIs and How to Build Them.
keavy
128
18k
Six Lessons from altMBA
skipperchong
29
4.3k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
450
Transcript
Gotanda.rb#46 ݖݶཧͷͭΒΈͱPundit 2020/09/29 גࣜձࣾτϨλ @hiroki_tanaka
ࣗݾհ ɾాத جɿ@hiroki_tanaka ɾSIerɿϑϡʔνϟʔΞʔΩςΫτ(4ؒ) →WebܥϕϯνϟʔɿגࣜձࣾτϨλ(1ؒ) ɾRubyɿ2ɾJavaɿ2ɾSQLɿ5 ɾझຯɿεϓϥτΡʔϯɾમ౬८Γ ɾॳΊͯͷ֎෦ษڧձͰͷLTɺŪƄŝŪƄŝ…(((*´>ω<`)))…ŪƄŝŪƄŝ…
ࠓ͢͜ͱɾ͞ͳ͍͜ͱ ʲ͢͜ͱʳ - ݖݶཧͷΑ͋͘ΔͱͲ͏ཱ͔͍͔ͪͬͯ͘ - ݖݶཧͷGemͷհ (→ͪͳΈʹɺࢲ͕ͬͨ͜ͱ͕͋ΔͷCanCanͱPundit) ʲ͞ͳ͍͜ͱʳ - ཧը໘ߏஙͷGemͷ
→rails_admin/active_admin/administrateͳͲ
ݖݶͰ͜Μͳܦݧɺ ͋Γ·ͤΜ͔ʁ
͜ͷػೳॏཁͳػೳ͔ͩΒɺ ৬͕෦Ҏ্͔ͭ౦ژຊࣾͷਓʹ͔͠ ࣮ߦݖݶΛ༩͑ͳ͍Ͱཉ͍͠ɻ
ސ٬ͷݸਓใγεςϜཧऀݖݶͩ ͚Ͱͳ͘ɺݸਓใཧऀݖݶͷ͋ΔϢʔβ ͷΈͷӾཡͱͯ͠ཉ͍͠ɻ
ݖݶཧͷΑ͋͘Δ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ ͘ͳΔ
ݖݶཧͷΑ͋͘Δᶃ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ - ݖݶʹؔ͢ΔϏδωεϩδοΫΛ࣮͢ΔͨΊʹController Viewͷϝιου͕ifจcaseจͩΒ͚ʹͳΔɻ - ࣅͨΑ͏ͳೝՄϩδοΫ͕༷ʑͳॴʹίϐϖ͞Εͯɺमਖ਼͢ ΔࡍͷӨڹൣғ͕େ͖͘ͳͬͯ͠·͏ɻ
- Fat ControllerͷҰཁҼʹͳΔɻ
ݖݶཧͷΑ͋͘Δᶃ ྫ͑ɺ͜Μͳײ͡ͷίʔυɻ - Controller - View
ݖݶཧͷΑ͋͘Δᶄ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ ͘ͳΔ - αʔϏεͷ`admin`ͱ͍͏ݖݶຊདྷɺͲͷϦιʔεʹର ͯ͠ԿͰग़དྷΔ͕ɺαʔϏεͷ֦େͱڞʹத్ʹͳ Γ͕ͪɻ - ݁Ռతʹcurrent_user͕`admin`͔Ͳ͏͔ͷνΣοΫͰͳ
͘ɺΑΓηϯγςΟϒͳݖݶͰνΣοΫ͢ΔϩδοΫΛ࣋ͭ Ϧιʔε͕ੜ·ΕɺʮadminͱԿͩͬͨͷ͔…ʯͱͳͬͯ ͠·͏ɻ
ݖݶཧͷΑ͋͘Δᶄ ྫ͑ɺ͜Μͳঢ়گɻ - current_user͕`admin`ͩͬͨ߹ϦιʔεAͷॴ༗ऀͰͳ͘ ͯɺCRUDશͯՄೳɻ - current_user͕adminͩͬͨ߹ϦιʔεBࢀরͷΈՄೳͩ ͕ɺͦΕҎ֎Ϧιʔεͷॴ༗ऀͰͳ͍ͱෆՄɻ - current_user͕adminͩͬͨ߹ͰϦιʔεCݸਓใؚ͕
·ΕΔͷͰࢀরؚΊશͯෆՄɻ
ݖݶཧͷΑ͋͘Δᶃɾᶄ ᶃͱᶄͷΛ์ஔ͢ΔͱͲ͏ͳΔͷ͔ʁ - ݖݶϩδοΫαʔϏεͷ֦େͱڞʹංେԽ͍ͯͨ͘͠Ίɺ ࠷ऴతʹෳࡶͳذϩδοΫ͕ൣғʹര͢Δɻ 㱺ظతʹɺݖݶϩδοΫ͕֤Ϧιʔεʹࢄ͢Δ͜ͱͰ मਖ਼࿙Ε͕͋ͬͨ߹ɺக໋తͳόάͷԹচʹͳΔɻ - ຊདྷݟ͍͚͑ͯͳ͍ϖʔδ͕ݟ͑ͯ͠·͏ɾॲཧ͕Ͱ͖ͯ͠· ͏ɻٯʹɺຊདྷݟ͑Δͣͷϖʔδ͕ݟ͑ͳ͍ɻ
ݖݶཧͷΑ͋͘Δᶃɾᶄ ᶃͱᶄͷΛ์ஔ͢ΔͱͲ͏ͳΔͷ͔ʁ - ݖݶϩδοΫαʔϏεͷ֦େͱڞʹංେԽ͍ͯͨ͘͠Ίɺ ࠷ऴతʹෳࡶͳذϩδοΫ͕ൣғʹര͢Δɻ 㱺தظతʹɺίʔυͷՄಡੑɾอकੑ͕Լ͠ɺϝϯς φϯείετͷ૿େͱͳٕͬͯज़తͳෛͷҨ࢈ʹͳΔɻ
Ͳ͏ཱ͔ͪ͏͔ɿݪҼٻ ͦͦͷʰϢʔβͱϦιʔεͷݖݶʹؔ͢ ΔϩδοΫͷ࣮͕ࢄɾ͍ͯ͠Δʱ͜ͱɻ 㱺ਅҼʰຊདྷڞ௨Խ࣮ͯ͠͞ΕΔ͖Ϣʔβͷ ݖݶʹؔ͢ΔϩδοΫ͕֤ػೳɾ֤Ϣʔεέʔεຖʹϕ λͰ࣮͞Ε͍ͯΔɾͤ͟ΔΛಘͳ͍ঢ়گʹͳ͍ͬͯ Δʱ͜ͱɻ
͡Ό͋ɺͲ͏͠Α͏ʁ
ͦ͏ͩɺ PunditΛͬͯΈΑ͏
Punditͱ - ֤ϦιʔεͷActionʹରͯ͠ೝՄ݅Λઃఆ͢Δɻ - ֤ModelຖʹݖݶઃఆΛߦ͏PolicyΫϥεΛ࡞͠ɺ Actionʹର͢ΔೝՄ݅Λఆٛ͢Δɻ(Modelґଘ) - PolicyΫϥεී௨ͷRubyΫϥεͰ͋ΔͨΊɺRuby ͷجૅ͕ࣝ͋Ε୭Ͱѻ͑Δɻ
PunditΛಋೖͨ݁͠Ռ - PolicyΫϥε
PunditΛಋೖͨ݁͠Ռ - ControllerΫϥε ControllerଆͰauthorizeΛ࣮ߦͨ͠ࡍʹɺModel໊+Policyͷن ଇͰPolicyΫϥε͕ಛఆ͞Ε্ͨͰΠϯελϯεԽ͞Εͯɺ֘ ͢Δpolicyͷϝιου͕ݺΕͯͦͷΞΫγϣϯ͕࣮ߦՄೳ͔Ͳ ͏͔ఆ͢Δɻ
PunditͷϝϦοτᶃ - ݖݶཧͷϩδοΫ͕1Օॴʹू͞ΕΔ - ݖݶཧʮXXݖݶͳΒYYϦιʔεͷCRUDΛڐՄ͢Δʯ ͱ͍͏Α͏ʹϦιʔεϕʔεͷཁ݅Ͱ͋ΓɺModelͷͱ͠ ͯଊ͑Δ͜ͱͰݖݶϩδοΫͷ࣮Օॴ͕໌֬ʹͳΔɻ - ݖݶϩδοΫ͕PolicyΫϥεʹू͢Δ͜ͱͰɺController ͷ֤Action͕ෳࡶͳݖݶϩδοΫͰԚΕΔ͜ͱΛ͛Δɻ
PunditͷϝϦοτᶄ - PolicyΫϥεී௨ͷRubyΫϥεͷͨΊॊೈੑ͕ߴ͍ - PolicyΫϥεRubyͰग़དྷΔॲཧԿͰߦ͏ࣄ͕Ͱ͖Δͨ Ίɺࣗ༝͕ͱͯߴ͘ෳࡶͳۀϩδοΫʹॊೈʹରԠՄ ೳɻ - ϞδϡʔϧԽܧঝͱ͍ͬͨ͜ͱՄೳɻ
PunditͷσϝϦοτᶃ - ݸʑͷPolicyϑΝΠϧ͕Modelຖʹ࡞͞Ε͍ͯΔͷ Ͱݖݶશମͷݟ௨͕͠ѱ͍ɻ - ΞϓϦέʔγϣϯͷݖݶཧશମΛ֬ೝ͠Α͏ͱͨ͠߹ɺ ݸʑͷPolicyϑΝΠϧΛ1ͭͣͭݟ͍ͯ͘ඞཁ͕͋Δɻ - ΞϓϦέʔγϣϯ͕ෳࡶԽɾංେԽͨ͠߹ʹݟ௨͠ͷѱ ͞க໋తͳٕज़తෛ࠴ʹͳΓ͔Ͷͳ͍ɻ
PunditͷσϝϦοτᶄ - Modelຖʹඥͮ͘PolicyΫϥεʹControllerͷ Actionʹඥͮ͘ϝιουΛ࣮͢ΔͨΊɺ҉తʹ ModelͱPolicyͱController1:1:1ͱ͍͏੍ͱͳΔɻ - ΞϓϦέʔγϣϯ͕ෳࡶԽɾංେԽ͠ɺ1ͭͷModelΛѻ͏ Controller͕ෳଘࡏ͠ɺͦΕͧΕͰݖݶϩδοΫΛΓସ͑ ͍ͨͱ͍͏έʔε͕ੜ·Εͨ࣌ɺࠔΔɻ -
ͭ·Γɺ1ͭͷModelʹରͯ͠ɺෳͷPolicyΫϥε͕ඞཁͱ ͳͬͨ߹ʹԿΒ͔ͷΛ͢Δ͜ͱͳΔɻ (ྑ͍ϓϥΫςΟε͕͋ͬͨΒɺڭ͑ͯԼ͍͞(o*Ň_Ň)oųƅŠŕ)
·ͱΊ 1. ΞϓϦέʔγϣϯ͕ݖݶͷ݅ذίʔυͰԚΕΔ - PunditͷಋೖͰ֤ϦιʔεຖͷݖݶϩδοΫΛҰՕॴʹ·ͱΊ Δ͜ͱ͕ग़དྷΔͷͰControllerView͕݅ذίʔυͰԚΕ Δղܾग़དྷΔɻ 2. `admin`ͱ͍͏ݴ༿ͷࢦ͍ͯ͠Δݖݶ͕Α͘Θ͔Βͳ͘ͳΔ -
`admin`ͱ͍͏ᐆດͳׂΛͳ͘͠ɺ֤Ϧιʔεຖʹ໌֬ͳ ׂ(role)ΛϢʔβʹׂΓͯɺPunditͰActionຖʹ࣮ߦ੍ޚ͢Δ ͜ͱͰᐆດ͞Λճආ͢Δ͜ͱՄೳɻ - ͨͩɺ`admin`ͱ͍͏ݖݶ࡞Ζ͏ͱࢥ͑࡞ΕΔͷͰɺࠜຊ తͳ੍ग़དྷͳ͍ɻ
͓ΘΓʹ - ʮLTΓ·͢ʂʯͱݴͬͯௐΔ·Ͱʮݖݶཧͷ ͱ…ʁʯͱײ͍ͯ͡·ͨ͠ɻ ͔͠͠ɺௐΔʹʹ֮͑ͷ͋ΔΞϓϦέʔγϣϯ ͷ֦େͷӨڹͰͷϩδοΫͷෳࡶԽɺόά͕ൃ ੜͨ͠߹ʹக໋ইʹͳΔՄೳੑͷߴ͔͞ΒೝࣝΛվ Ί·ͨ͠ɻ(*´Д⊂ʋŠƄŶƃūšŘ - ·ͨɺॏཁ͔ͩΒͦ͜γϯϓϧʹ୭ʹͰѻ͑ΔɾΘ͔Γ
͘͢อͭ͜ͱ͕ඞཁͱڧ͘ײ͡·ͨ͠ɻ(ͨΓલ)
͓·͚
͓·͚1ɿPunditɾCanCanCanͷൺֱ Pundit CanCanCan ಋೖ GemΛΠϯετʔϧ͠ɺBaseContollerͰPunditΛ include͢Ε༻Մೳɻ GemΛΠϯετʔϧ͠ɺAbilityΫϥεΛ࡞Ε༻Մ ೳɻControllerͰͷincludeෆཁɻ ݖݶઃఆ ֤ModelʹରԠͨ͠PolicyΫϥεΛ࡞͠ɺݖݶຖͷઃ
ఆΛهड़͢Δɻ 1ͭͷAbilityΫϥεʹϩʔϧຖͷ֤Ϟσϧʹର͢Δશͯͷ ݖݶΛهࡌ͍ͯ͘͠ɻ ControllerͰͷೝՄ authorizeϝιουΛݺͼग़͢͜ͱͰϞσϧʹରԠ͢Δ PolicyΫϥε͕ࣗಈతʹࢀর͞ΕΔɻControllerͷΞΫ γϣϯ໊ͱϚονͨ͠PolicyΫϥεͷϝιου͕ݺ Εɺ࣮ߦՄೳ͔ఆ͢Δɻ authorize!ϝιουͰݖݶͷೝՄ͕Ͱ͖ɺAbilityΫϥεʹ ఆٛͨ͠ݖݶઃఆΛࢀর͠ɺ࣮ߦՄೳ͔ఆ͢Δɻ ViewͰͷೝՄ policyϝιουΛ༻͢Δ͜ͱͰఆͰ͖Δɻ can?cannot?ϝιουͰఆͰ͖Δɻ Ϩίʔυͷ੍ scopeͱ͍͏ػೳΛ༻͍ͯɺPolicyϑΝΠϧʹΠϯφ ʔΫϥεͱͯ͠ScopeΫϥεΛఆٛ͢Δ͜ͱͰϢʔβ ͷϨίʔυͷΞΫηεΛ੍ݶͰ͖Δɻ policy_scopeϝιουͰݺͼग़͠Մೳɻ Hash of Conditionsͱ͍͏ػೳΛ༻͍ͯɺ݅Λ͢ͱऔ ಘ͢ΔϨίʔυΛ੍ݶग़དྷΔɻ accessible_byϝιουͰݺͼग़͠Մೳɻ ૯߹ ֤ϞσϧຖʹରԠͨ͠PolicyϑΝΠϧΛఆٛ͢Δɻ σʔλϞσϧ͕ଟ͍߹ͰɺPolicyϑΝΠϧγϯ ϓϧʹอͯΔ͕ɺݸʑͷPolicyϑΝΠϧʹݖݶ͕ݸผ ࣮͞Ε͍ͯΔͷͰશମͷݟ௨͕͠ѱ͍ɻ 1ͭͷAbilityΫϥεʹ֤ϩʔϧͷ֤ϞσϧͷݖݶΛఆ ٛ͢Δɻ1ϑΝΠϧʹશͯͷݖݶใ͕ू·ΔͷͰݟ௨ ͠ྑ͍͕ɺΞϓϦέʔγϣϯͷ֦େͱڞʹංେԽͷҰ ్ΛḷΔɻ
͓·͚2ɿͦͷଞͷݖݶཧGem - rolifyɿϢʔβʹϩʔϧΛ༩ͨ͠Γɺࢦఆͨ͠ϩʔϧΛ͍࣋ͬͯ ΔϢʔβΛ୳ͨ͠ΓͱϩʔϧϕʔεͰͷݖݶཧΛߦ͏ɻ →ೝূGem(deviseͳͲ)ೝՄGem(CanCanCanɾPundit)ͱ؆୯ʹ ଓग़དྷΔɻ - authorityɿORMʹґଘͤͣʹControllerͷActionຖʹ࣮ߦͰ͖Δ ݖݶΛఆٛͰ͖Δɻ2019ʹ։ൃఀࢭதɻ -
bankenɿPunditϥΠΫͳAPIΛอͪͭͭModelʹґଘͤͣʹɺ ControllerͷActionʹඥͮ͘ϝιουͷݖݶΛఆٛग़དྷΔɻ →ΞϓϦ͕֦େʹͳΓɺModelɾController͕ෳࡶʹͳͬͯҰ؏ ͍ͯ͠ଓ͚Δ͜ͱՄೳɻ
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ