book

Layered Design for Ruby on Rails Applications - Second Edition

Name: Layered Design for Ruby on Rails Applications - Second Edition
Author: Vladimir Dementyev
ISBN: 9781806114238

by Vladimir Dementyev

December 2025

Intermediate to advanced

452 pages

9h 7m

English

Packt Publishing

Read now

Unlock full access

Preface
Who this book is forWhat this book coversTo get the most out of this bookGet in touchFree Benefits with Your BookHow to Unlock
Explore Rails and Its Abstractions
Rails as a Web Application Framework
Free Benefits with Your BookTechnical requirementsThe journey of a click through Rails’ abstraction layersFrom web requests to abstraction layersThe properties of a good abstraction layerDesigning abstraction layersRackRails on RackRails routingC for controllerBeyond requests – background and scheduled tasksThe need for background jobsJobs as units of workScheduled jobsThe heart of a web application – the databaseThe trade-off between abstractions and database performanceDatabase-level abstractionsSummaryQuestionsExercisesFurther readingGet This Book’s PDF Version and Exclusive Extras
Active Model and Active Record
Technical requirementsActive Record overview: persistence and beyondObject-relational mappingFrom mapping to the modelFrom model to anythingActive Model: the hidden gem behind Active RecordActive Model as an interfaceActive Model as an Active Record satelliteActive Model versus pure Ruby objects: performance implicationsActive Model for an Active Record-like experienceSeeking God objectsSummaryQuestionsExercisesFurther readingGet This Book’s PDF Version and Exclusive Extras
More Adapters, Fewer Implementations
Technical requirementsActive Job as a universal queue interfaceAdapterizing queuesSerializing all thingsActive Storage and its adapters and pluginsAdapters versus pluginsAdapters and wrappers at your serviceSummaryQuestionsExercisesFurther readingGet This Book’s PDF Version and Exclusive Extras
Rails Anti-Patterns?
Technical requirementsCallbacks, callbacks everywhereCallbacks under control (and in controllers)Active Record callbacks go wildTransformers and utility callbacksOperations and event handlersConcerning Rails concernsExtracting behavior, not codeNon-shared concernsConcerns are still modules, with all the shortcomingsExtracting objects from objectsExtracting models from modelsExtracting value objects from modelsOn global and current statesCurrent everythingSummaryQuestionsExerciseGet This Book’s PDF Version and Exclusive Extras
When Rails Abstractions Are Not Enough
Technical requirementsThe curse of fat/thin controllers and thin/fat modelsFrom fat controllers to fat modelsA fat controller exampleRefactoring the example controller following the thin controllers, fat models principleFrom fat models to servicesOn generic services and granular abstractionsOn layered architecture and abstraction layersSummaryQuestionsGet This Book’s PDF Version and Exclusive Extras
Extracting Layers from Models
Data Layer Abstractions
Technical requirementsUsing query objects to extract (complex) queries from modelsExtracting query objectsFrom pattern to abstractionScopes versus query objectsReusable query objects and ArelCode organization with query objects versus architecture layersSeparating domain and persistence with repositoriesSummaryQuestionsGet This Book’s PDF Version and Exclusive Extras
State Transitions and Workflows
Technical requirementsImplicit states and transitionsFinite-state machines for modelsFrom implicit to embeddedPattern matching to the rescueFrom computed state to static stateStates versus eventsSqueezing the most from state machinesState machines in the Ruby worldFrom embedded to standalone state machines and workflowsExtracting the publication workflowForming a workflow abstractionWhen not to use state machinesSummaryQuestionsExercisesGet This Book’s PDF Version and Exclusive Extras

Handling User Input Outside of Models
Technical requirementsForm objects – closer to the UI, farther from persistenceUI forms versus modelsScaffolding a form-controller-model relationshipFrom generic creation to invitation and registrationAdding notifications to the equationForm objects to the rescueUsing Active Model to abstract form objectsAdding callbacks to decompose submission actionsMaking form objects Action View friendlyForm objects versus strong parametersForm object for updating recordsMulti-model formsModel-less formsMulti-step forms, or wizardsFilter objects or user-driven query buildingFiltering in controllersMoving filtering to modelsExtracting filter objectsFilter objects versus form objects versus query objectsSummaryQuestionsExercisesGet This Book’s PDF Version and Exclusive Extras
Pulling Out the Representation Layer
Technical requirementsUsing presenters to decouple models from viewsLeaving helpers to librariesPresenters and decoratorsBasic presenters in plain RubyPresenters-decoratorsOpen or closed presenters – which to choose?Multi-model presenters, page objects, facades, or…Presenters as an abstraction layerNaming conventions and code organizationView helpers in presentersAvoiding leaking presentersSerializers are presenters for your APIFrom model to JSONUsing #as_jsonTemplatifying JSON via JbuilderSerializers as API presentersPlain Ruby serializerSerializer as an abstractionSerializers as a bridge between frontend and backendSummaryQuestionsFurther readingGet This Book’s PDF Version and Exclusive Extras
Essential Layers for Rails Applications
Authorization Models and Layers
Technical requirementsAuthentication, authorization, and friendsAuthentication versus authorizationLines of defense of a web applicationAuthorization modelsDomainless authorization modelsClassic authorization modelsRole-based access control (RBAC)Attribute-based access control (ABAC)Authorization enforcement, or the need for authorization abstractionsExtracting policy objectsShaping an abstraction layer for authorizationConventions for policy classesSeamless authorization enforcementAuthorization versus testabilityAuthorization in viewsForm fields versus authorizationPerformance implications of authorizationThe N+1 authorization problem in the representation layerThe case of scoping-based authorizationSummaryQuestionsExerciseFurther readingGet This Book’s PDF Version and Exclusive Extras
Crafting the Notifications Layer
Technical requirementsFrom Action Mailer to multiple notification channelsAction Mailer in actionMailers in the layered architectureNot only emails or adding more notification channelsExtracting the notifications layerAd hoc abstractionA sketch of a pluggable architecture for notificationsUsing third-party libraries to manage notificationsActive DeliveryNoticedModeling user notification preferencesBit fields and value objectsNotification preferences storeA separate table to store preferencesSummaryQuestionsExercisesGet This Book’s PDF Version and Exclusive Extras
Better Abstractions for HTML Views
Technical requirementsThe V in Rails’ MVC: templates and helpersUI without a programming interfaceStitching controllers and templates via instance variablesGetting strict with templatesReusability and design systemsDesign systems on RailsPartials and helpers for the UI kit?Thinking in componentsTurning partials and helpers into componentsComponents as Ruby objectsView components as an abstraction layerView Component by exampleTesting view componentsDry initializers, i18n, and callbacksView components without HTMLView components for mixed teamsSummaryQuestionsFurther readingGet This Book’s PDF Version and Exclusive Extras
Abstractions in the AI Era
Technical requirementsAI at a distance of one API call?AI in models: post summarizationAI in controllers: on-demand content translationAbstraction-less AI limitationsAgents at your serviceFrom APIs to agentsExtracting a translation agentStreaming in and out of agentsTesting agents and aroundStandalone agents and workflowsExtracting a standalone summarization agentStructuring responsesUsing tools to go from low to mediumFrom agents to workflowsAgents 201Safety on AI roadsThe art of prompt managementOnline and offline evaluationMemoriaRAG, MCP, and othersContext-engineer your domainRetrievable domain modelPresentation layer for AI clientsMCP the Rails way with controllersSummaryQuestionsFurther readingGet This Book’s PDF Version and Exclusive Extras
Configuration as a First-Class Application Citizen
Technical requirementsConfiguration sources and typesFiles, secrets, credentials, and moreEnvironment variables as a primary configuration sourceSettings and secretsSettings and sensible defaultsSecrets and sensitive informationProduction, development, and local configurations versus data providersLayered architecture versus configurationUsing domain objects to tame configuration complexitySeparating application code from configuration sourcesMoving all data sources to YAMLUsing a singleton configuration objectMaking the code base environment-freeEnforcing environment-free code with lintersUsing specialized configuration classesKeeping configuration with Anyway ConfigSummaryQuestionsExercisesGet This Book’s PDF Version and Exclusive Extras
Cross-Layers and Off-Layers
Technical requirementsThe Rails infrastructure layer and its diversityInfrastructure abstractions and implementationsAcross the layers – logging and monitoringLoggingAll you need is LoggerExceptions trackingInstrumentationActive Support NotificationsAbstracting monitoring services from instrumentation dataStructured eventsExtracting implementations into servicesSeparating WebSockets from Action Cable with AnyCableProcessing images on the fly and off RailsSummaryQuestionsGet This Book’s PDF Version and Exclusive Extras
Unlock Your Exclusive Benefits
Unlock this Book’s Free Benefits in 3 Easy StepsStep 1Step 2Step 3Need help?
Other Books You May Enjoy
Index

Content preview from Layered Design for Ruby on Rails Applications - Second Edition

10 Authorization Models and Layers

Authorization is a crucial security aspect and, thus, it’s important for any web application. This chapter explores the concept of authorization in Ruby on Rails applications. First, we will discuss the role and place of authorization in an application’s security.

Then, we’ll introduce the two fundamental concepts of authorization: the authorization model and the authorization layer. Finally, we’ll discuss the problem of authorization enforcement and how it relates to an application’s performance.

This chapter touches on an important topic of application security. The robustness of its implementation is doubly important. Every user action must be authorized, and every input verified. You can achieve such a ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Layered Design for Ruby on Rails Applications

Publisher Resources

ISBN: 9781806114238

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Layered Design for Ruby on Rails Applications - Second Edition

by Vladimir Dementyev

10

Authorization Models and Layers

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.