---

name: rails-controllers description: This skill should be used when the user asks about controllers, routing, request handling, RESTful design, controller concerns, strong parameters, filters, or API endpoints. Trigger phrases include "controller", "routing", "routes", "RESTful", "slim controllers", "before_action", "params", "strong parameters", "respond_to", "API design", "concerns".

Rails 8 Controllers Expert

Expertise in routing, RESTful design, slim controllers, concerns, and request handling for Rails 8 applications.

Core Philosophy: Slim Controllers

Controllers are traffic cops. They receive requests, coordinate with models, and render responses. That's it. If your controller action has more than 5-7 lines, something's wrong.

RESTful Design

The Seven Actions

Every resource controller should have at most seven actions:

Action	HTTP	Path	Purpose
index	GET	/articles	List all
show	GET	/articles/:id	Show one
new	GET	/articles/new	Form for create
create	POST	/articles	Create record
edit	GET	/articles/:id/edit	Form for update
update	PATCH/PUT	/articles/:id	Update record
destroy	DELETE	/articles/:id	Delete record

If you need more actions, you need more controllers.

Generating Controllers

bin/rails generate controller Articles index show new create edit update destroy

Or for a complete resource:

bin/rails generate scaffold Article title:string body:text user:references

Routing

Resource Routing

# config/routes.rb
Rails.application.routes.draw do
  resources :articles do
    resources :comments, only: [:create, :destroy]
    member do
      post :publish
    end
    collection do
      get :drafts
    end
  end
end

Nested Resources (Shallow)

Avoid deep nesting. Use shallow:

resources :articles, shallow: true do
  resources :comments
end

# Generates:
# GET    /articles/:article_id/comments     (index)
# POST   /articles/:article_id/comments     (create)
# GET    /comments/:id                       (show)
# DELETE /comments/:id                       (destroy)

Namespace vs Scope

# Namespace: adds module and URL prefix
namespace :admin do
  resources :articles  # Admin::ArticlesController, /admin/articles
end

# Scope: URL prefix only
scope :admin do
  resources :articles  # ArticlesController, /admin/articles
end

# Module: module only
scope module: :admin do
  resources :articles  # Admin::ArticlesController, /articles
end

The Slim Controller Pattern

Ideal Controller Action

class ArticlesController < ApplicationController
  def create
    @article = current_user.articles.build(article_params)

    if @article.save
      redirect_to @article, notice: "Article created."
    else
      render :new, status: :unprocessable_entity
    end
  end
end

That's it. No business logic. The model handles validation and persistence.

Before Actions

Extract common setup:

class ArticlesController < ApplicationController
  before_action :set_article, only: [:show, :edit, :update, :destroy]
  before_action :require_author, only: [:edit, :update, :destroy]

  private

  def set_article
    @article = Article.find(params[:id])
  end

  def require_author
    redirect_to articles_path unless @article.user == current_user
  end
end

Strong Parameters

Basic Pattern

class ArticlesController < ApplicationController
  private

  def article_params
    params.require(:article).permit(:title, :body, :published_at)
  end
end

Nested Attributes

def article_params
  params.require(:article).permit(
    :title,
    :body,
    comments_attributes: [:id, :content, :_destroy],
    tag_ids: []
  )
end

Conditional Params

def article_params
  permitted = [:title, :body]
  permitted << :published_at if current_user.admin?
  params.require(:article).permit(permitted)
end

Controller Concerns

When to Use

Extract shared behavior across controllers:

# app/controllers/concerns/authenticatable.rb
module Authenticatable
  extend ActiveSupport::Concern

  included do
    before_action :authenticate_user!
    helper_method :current_user
  end

  private

  def current_user
    @current_user ||= User.find_by(id: session[:user_id])
  end

  def authenticate_user!
    redirect_to login_path unless current_user
  end
end

# Usage in controller
class ArticlesController < ApplicationController
  include Authenticatable
end

Good Concern Candidates

• Authentication/authorization
• Pagination setup
• Response format handling
• Error handling

Response Handling

HTML Responses

def update
  if @article.update(article_params)
    redirect_to @article, notice: "Updated successfully."
  else
    render :edit, status: :unprocessable_entity
  end
end

JSON/API Responses

class Api::ArticlesController < ApplicationController
  def index
    @articles = Article.published.includes(:user)
    render json: @articles
  end

  def create
    @article = current_user.articles.build(article_params)

    if @article.save
      render json: @article, status: :created
    else
      render json: { errors: @article.errors }, status: :unprocessable_entity
    end
  end
end

Turbo Stream Responses

def create
  @article = current_user.articles.build(article_params)

  respond_to do |format|
    if @article.save
      format.turbo_stream
      format.html { redirect_to @article }
    else
      format.html { render :new, status: :unprocessable_entity }
    end
  end
end

Rails 8 Authentication

Generated Authentication

bin/rails generate authentication

Creates:

• User model with has_secure_password
• Session model for session tokens
• SessionsController for login/logout
• PasswordsController for reset flow
• Authentication concern

The Generated Pattern

# app/controllers/concerns/authentication.rb
module Authentication
  extend ActiveSupport::Concern

  included do
    before_action :require_authentication
    helper_method :authenticated?
  end

  private

  def authenticated?
    Current.session.present?
  end

  def require_authentication
    resume_session || request_authentication
  end
end

Anti-Patterns to Avoid

Fat Controller (DON'T)

# BAD: Business logic in controller
def create
  @order = Order.new(order_params)
  @order.total = calculate_total(@order)
  @order.apply_discount(current_user.loyalty_level)
  @order.tax = @order.total * 0.08

  if inventory_sufficient?(@order)
    @order.save
    send_confirmation_email(@order)
    update_inventory(@order)
    redirect_to @order
  end
end

Better: Slim Controller (DO)

# GOOD: Model handles business logic
def create
  @order = current_user.orders.build(order_params)

  if @order.complete!
    redirect_to @order, notice: "Order placed."
  else
    render :new, status: :unprocessable_entity
  end
end

Custom Actions Beyond REST

DON'T add non-RESTful actions. Create new controllers instead:

# BAD
resources :articles do
  post :publish
  post :unpublish
  post :archive
end

# GOOD
resources :articles
resources :published_articles, only: [:create, :destroy]
resources :archived_articles, only: [:create, :destroy]

Additional Resources

• references/routing-patterns.md - Advanced routing
• references/api-controllers.md - JSON API patterns
• examples/restful-controller.rb - Complete example
• examples/concerns.rb - Concern patterns