Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A community-driven Ruby on Rails 4 style guide
branch: master

Merge pull request #135 from AJFaraday/ajf-tidying

various changes as discussed in pull request #134, tidied in to one commit
latest commit 1e9432a8f6
Bozhidar Batsov authored


Role models are important.
-- Officer Alex J. Murphy / RoboCop

The goal of this guide is to present a set of best practices and style prescriptions for Ruby on Rails 4 development. It's a complementary guide to the already existing community-driven Ruby coding style guide.

Some of the advice here is applicable only to Rails 4.0+.

You can generate a PDF or an HTML copy of this guide using Transmuter.

Translations of the guide are available in the following languages:

The Rails Style Guide

This Rails style guide recommends best practices so that real-world Rails programmers can write code that can be maintained by other real-world Rails programmers. A style guide that reflects real-world usage gets used, and a style guide that holds to an ideal that has been rejected by the people it is supposed to help risks not getting used at all – no matter how good it is.

The guide is separated into several sections of related rules. I've tried to add the rationale behind the rules (if it's omitted I've assumed it's pretty obvious).

I didn't come up with all the rules out of nowhere - they are mostly based on my extensive career as a professional software engineer, feedback and suggestions from members of the Rails community and various highly regarded Rails programming resources.

Table of Contents


  • Put custom initialization code in config/initializers. The code in initializers executes on application startup. [link]

  • Keep initialization code for each gem in a separate file with the same name as the gem, for example carrierwave.rb, active_admin.rb, etc. [link]

  • Adjust accordingly the settings for development, test and production environment (in the corresponding files under config/environments/) [link]

    • Mark additional assets for precompilation (if any):

      # config/environments/production.rb
      # Precompile additional assets (application.js, application.css,
      #and all non-JS/CSS are already added)
      config.assets.precompile += %w( rails_admin/rails_admin.css rails_admin/rails_admin.js )
  • Keep configuration that's applicable to all environments in the config/application.rb file. [link]

  • Create an additional staging environment that closely resembles the production one. [link]


  • When you need to add more actions to a RESTful resource (do you really need them at all?) use member and collection routes. [link]

    # bad
    get 'subscriptions/:id/unsubscribe'
    resources :subscriptions
    # good
    resources :subscriptions do
      get 'unsubscribe', on: :member
    # bad
    get 'photos/search'
    resources :photos
    # good
    resources :photos do
      get 'search', on: :collection
  • If you need to define multiple member/collection routes use the alternative block syntax. [link]

    resources :subscriptions do
      member do
        get 'unsubscribe'
        # more routes
    resources :photos do
      collection do
        get 'search'
        # more routes
  • Use nested routes to express better the relationship between ActiveRecord models. [link]

    class Post < ActiveRecord::Base
      has_many :comments
    class Comments < ActiveRecord::Base
      belongs_to :post
    # routes.rb
    resources :posts do
      resources :comments
  • Use namespaced routes to group related actions. [link]

    namespace :admin do
      # Directs /admin/products/* to Admin::ProductsController
      # (app/controllers/admin/products_controller.rb)
      resources :products
  • Never use the legacy wild controller route. This route will make all actions in every controller accessible via GET requests. [link]

    # very bad
    match ':controller(/:action(/:id(.:format)))'
  • Don't use match to define any routes unless there is need to map multiple request types among [:get, :post, :patch, :put, :delete] to a single action using :via option. [link]


  • Keep the controllers skinny - they should only retrieve data for the view layer and shouldn't contain any business logic (all the business logic should naturally reside in the model). [link]

  • Each controller action should (ideally) invoke only one method other than an initial find or new. [link]

  • Share no more than two instance variables between a controller and a view. [link]


  • Introduce non-ActiveRecord model classes freely. [link]

  • Name the models with meaningful (but short) names without abbreviations. [link]

  • If you need model objects that support ActiveRecord behavior (like validation) without the ActiveRecord database functionality use the ActiveAttr gem. [link]

    class Message
      include ActiveAttr::Model
      attribute :name
      attribute :email
      attribute :content
      attribute :priority
      attr_accessible :name, :email, :content
      validates :name, presence: true
      validates :email, format: { with: /\A[-a-z0-9_+\.]+\@([-a-z0-9]+\.)+[a-z0-9]{2,4}\z/i }
      validates :content, length: { maximum: 500 }

    For a more complete example refer to the RailsCast on the subject.


  • Avoid altering ActiveRecord defaults (table names, primary key, etc) unless you have a very good reason (like a database that's not under your control). [link]

    # bad - don't do this if you can modify the schema
    class Transaction < ActiveRecord::Base
      self.table_name = 'order'
  • Group macro-style methods (has_many, validates, etc) in the beginning of the class definition. [link]

    class User < ActiveRecord::Base
      # keep the default scope first (if any)
      default_scope { where(active: true) }
      # constants come up next
      COLORS = %w(red green blue)
      # afterwards we put attr related macros
      attr_accessor :formatted_date_of_birth
      attr_accessible :login, :first_name, :last_name, :email, :password
      # followed by association macros
      belongs_to :country
      has_many :authentications, dependent: :destroy
      # and validation macros
      validates :email, presence: true
      validates :username, presence: true
      validates :username, uniqueness: { case_sensitive: false }
      validates :username, format: { with: /\A[A-Za-z][A-Za-z0-9._-]{2,19}\z/ }
      validates :password, format: { with: /\A\S{8,128}\z/, allow_nil: true}
      # next we have callbacks
      before_save :cook
      before_save :update_username_lower
      # other macros (like devise's) should be placed after the callbacks
  • Prefer has_many :through to has_and_belongs_to_many. Using has_many :through allows additional attributes and validations on the join model. [link]

    # not so good - using has_and_belongs_to_many
    class User < ActiveRecord::Base
      has_and_belongs_to_many :groups
    class Group < ActiveRecord::Base
      has_and_belongs_to_many :users
    # prefered way - using has_many :through
    class User < ActiveRecord::Base
      has_many :memberships
      has_many :groups, through: :memberships
    class Membership < ActiveRecord::Base
      belongs_to :user
      belongs_to :group
    class Group < ActiveRecord::Base
      has_many :memberships
      has_many :users, through: :memberships
  • Prefer self[:attribute] over read_attribute(:attribute). [link]

    # bad
    def amount
      read_attribute(:amount) * 100
    # good
    def amount
      self[:amount] * 100
  • Prefer self[:attribute] = value over write_attribute(:attribute, value). [link]

    # bad
    def amount
      write_attribute(:amount, 100)
    # good
    def amount
      self[:amount] = 100
  • Always use the new "sexy" validations. [link]

    # bad
    validates_presence_of :email
    validates_length_of :email, maximum: 100
    # good
    validates :email, presence: true, length: { maximum: 100 }
  • When a custom validation is used more than once or the validation is some regular expression mapping, create a custom validator file. [link]

    # bad
    class Person
      validates :email, format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i }
    # good
    class EmailValidator < ActiveModel::EachValidator
      def validate_each(record, attribute, value)
        record.errors[attribute] << (options[:message] || 'is not a valid email') unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
    class Person
      validates :email, email: true
  • Keep custom validators under app/validators. [link]

  • Consider extracting custom validators to a shared gem if you're maintaining several related apps or the validators are generic enough. [link]

  • Use named scopes freely. [link]

    class User < ActiveRecord::Base
      scope :active, -> { where(active: true) }
      scope :inactive, -> { where(active: false) }
      scope :with_orders, -> { joins(:orders).select('distinct(') }
  • When a named scope defined with a lambda and parameters becomes too complicated, it is preferable to make a class method instead which serves the same purpose of the named scope and returns an ActiveRecord::Relation object. Arguably you can define even simpler scopes like this.


  class User < ActiveRecord::Base
    def self.with_orders

Note that this style of scoping can not be chained in the same way as named scopes. For instance:

  # unchainable
  class User < ActiveRecord::Base
    def User.old
      where('age > ?', 80)

    def User.heavy
      where('weight > ?', 200)

In this style both old and heavy work individually, but you can not call User.old.heavy, to chain these scopes use:

  # chainable
  class User < ActiveRecord::Base
    scope :old, -> { where('age > 60') }
    scope :heavy, -> { where('weight > 200') }
  • Beware of the behavior of the update_attribute method. It doesn't run the model validations (unlike update_attributes) and could easily corrupt the model state. [link]

  • Use user-friendly URLs. Show some descriptive attribute of the model in the URL rather than its id. There is more than one way to achieve this: [link]

    • Override the to_param method of the model. This method is used by Rails for constructing a URL to the object. The default implementation returns the id of the record as a String. It could be overridden to include another human-readable attribute.

        class Person
          def to_param
            "#{id} #{name}".parameterize

    In order to convert this to a URL-friendly value, parameterize should be called on the string. The id of the object needs to be at the beginning so that it can be found by the find method of ActiveRecord.

    • Use the friendly_id gem. It allows creation of human-readable URLs by using some descriptive attribute of the model instead of its id.

        class Person
          extend FriendlyId
          friendly_id :name, use: :slugged

    Check the gem documentation for more information about its usage.

  • Use find_each to iterate over a collection of AR objects. Looping through a collection of records from the database (using the all method, for example) is very inefficient since it will try to instantiate all the objects at once. In that case, batch processing methods allow you to work with the records in batches, thereby greatly reducing memory consumption. [link]

    # bad
    Person.all.each do |person|
    Person.where('age > 21').each do |person|
    # good
    Person.find_each do |person|
    Person.where('age > 21').find_each do |person|
  • Since Rails creates callbacks for dependent associations, always call before_destroy callbacks that perform validation with prepend: true. [link]

    # bad (roles will be deleted automatically even if super_admin? is true)
    has_many :roles, dependent: :destroy
    before_destroy :ensure_deletable
    def ensure_deletable
      fail "Cannot delete super admin." if super_admin?
    # good
    has_many :roles, dependent: :destroy
    before_destroy :ensure_deletable, prepend: true
    def ensure_deletable
      fail "Cannot delete super admin." if super_admin?

ActiveRecord Queries

  • Avoid string interpolation in queries, as it will make your code susceptible to SQL injection attacks. [link]

    # bad - param will be interpolated unescaped
    Client.where("orders_count = #{params[:orders]}")
    # good - param will be properly escaped
    Client.where('orders_count = ?', params[:orders])
  • Consider using named placeholders instead of positional placeholders when you have more than 1 placeholder in your query. [link]

    # okish
      'created_at >= ? AND created_at <= ?',
      params[:start_date], params[:end_date]
    # good
      'created_at >= :start_date AND created_at <= :end_date',
      start_date: params[:start_date], end_date: params[:end_date]
  • Favor the use of find over where when you need to retrieve a single record by id. [link]

    # bad
    User.where(id: id).take
    # good
  • Favor the use of find_by over where when you need to retrieve a single record by some attributes. [link]

    # bad
    User.where(first_name: 'Bruce', last_name: 'Wayne').first
    # good
    User.find_by(first_name: 'Bruce', last_name: 'Wayne')
  • Use find_each when you need to process a lot of records. [link]

    # bad - loads all the records at once
    # This is very inefficient when the users table has thousands of rows.
    User.all.each do |user|
    # good - records are retrieved in batches
    User.find_each do |user|
  • Favor the use of where.not over SQL. [link]

    # bad
    User.where("id != ?", id)
    # good
    User.where.not(id: id)


  • Keep the schema.rb (or structure.sql) under version control. [link]

  • Use rake db:schema:load instead of rake db:migrate to initialize an empty database. [link]

  • Enforce default values in the migrations themselves instead of in the application layer. [link]

    # bad - application enforced default value
    def amount
      self[:amount] or 0

    While enforcing table defaults only in Rails is suggested by many Rails developers, it's an extremely brittle approach that leaves your data vulnerable to many application bugs. And you'll have to consider the fact that most non-trivial apps share a database with other applications, so imposing data integrity from the Rails app is impossible.

  • Enforce foreign-key constraints. As of Rails 4.2, ActiveRecord supports foreign key constraints natively. [link]

  • When writing constructive migrations (adding tables or columns), use the change method instead of up and down methods. [link]

    # the old way
    class AddNameToPeople < ActiveRecord::Migration
      def up
        add_column :people, :name, :string
      def down
        remove_column :people, :name
    # the new prefered way
    class AddNameToPeople < ActiveRecord::Migration
      def change
        add_column :people, :name, :string
  • Don't use model classes in migrations. The model classes are constantly evolving and at some point in the future migrations that used to work might stop, because of changes in the models used. [link]


  • Never call the model layer directly from a view. [link]

  • Never make complex formatting in the views, export the formatting to a method in the view helper or the model. [link]

  • Mitigate code duplication by using partial templates and layouts. [link]


  • No strings or other locale specific settings should be used in the views, models and controllers. These texts should be moved to the locale files in the config/locales directory. [link]

  • When the labels of an ActiveRecord model need to be translated, use the activerecord scope: [link]

          user: Member
            name: 'Full name'

    Then User.model_name.human will return "Member" and User.human_attribute_name("name") will return "Full name". These translations of the attributes will be used as labels in the views.

  • Separate the texts used in the views from translations of ActiveRecord attributes. Place the locale files for the models in a folder models and the texts used in the views in folder views. [link]

    • When organization of the locale files is done with additional directories, these directories must be described in the application.rb file in order to be loaded.

        # config/application.rb
        config.i18n.load_path += Dir[Rails.root.join('config', 'locales', '**', '*.{rb,yml}')]
  • Place the shared localization options, such as date or currency formats, in files under the root of the locales directory. [link]

  • Use the short form of the I18n methods: I18n.t instead of I18n.translate and I18n.l instead of I18n.localize. [link]

  • Use "lazy" lookup for the texts used in views. Let's say we have the following structure: [link]

          title: 'User details page'

    The value for can be looked up in the template app/views/users/show.html.haml like this:

    = t '.title'
  • Use the dot-separated keys in the controllers and models instead of specifying the :scope option. The dot-separated call is easier to read and trace the hierarchy. [link]

    # bad
    I18n.t :record_invalid, :scope => [:activerecord, :errors, :messages]
    # good
    I18n.t 'activerecord.errors.messages.record_invalid'
  • More detailed information about the Rails I18n can be found in the Rails Guides [link]


Use the assets pipeline to leverage organization within your application.


  • Name the mailers SomethingMailer. Without the Mailer suffix it isn't immediately apparent what's a mailer and which views are related to the mailer. [link]

  • Provide both HTML and plain-text view templates. [link]

  • Enable errors raised on failed mail delivery in your development environment. The errors are disabled by default. [link]

    # config/environments/development.rb
    config.action_mailer.raise_delivery_errors = true
  • Use a local SMTP server like Mailcatcher in the development environment. [link]

    # config/environments/development.rb
    config.action_mailer.smtp_settings = {
      address: 'localhost',
      port: 1025,
      # more settings
  • Provide default settings for the host name. [link]

    # config/environments/development.rb
    config.action_mailer.default_url_options = { host: "#{local_ip}:3000" }
    # config/environments/production.rb
    config.action_mailer.default_url_options = { host: '' }
    # in your mailer class
    default_url_options[:host] = ''
  • If you need to use a link to your site in an email, always use the _url, not _path methods. The _url methods include the host name and the _path methods don't. [link]

    # bad
    You can always find more info about this course
    <%= link_to 'here', course_path(@course) %>
    # good
    You can always find more info about this course
    <%= link_to 'here', course_url(@course) %>
  • Format the from and to addresses properly. Use the following format: [link]

    # in your mailer class
    default from: 'Your Name <>'
  • Make sure that the e-mail delivery method for your test environment is set to test: [link]

    # config/environments/test.rb
    config.action_mailer.delivery_method = :test
  • The delivery method for development and production should be smtp: [link]

    # config/environments/development.rb, config/environments/production.rb
    config.action_mailer.delivery_method = :smtp
  • When sending html emails all styles should be inline, as some mail clients have problems with external styles. This however makes them harder to maintain and leads to code duplication. There are two similar gems that transform the styles and put them in the corresponding html tags: premailer-rails and roadie. [link]

  • Sending emails while generating page response should be avoided. It causes delays in loading of the page and request can timeout if multiple email are sent. To overcome this emails can be sent in background process with the help of sidekiq gem. [link]


  • Config your timezone accordingly in application.rb. [link]

    config.time_zone = 'Eastern European Time'
    # optional - note it can be only :utc or :local (default is :utc)
    config.active_record.default_timezone = :local
  • Don't use Time.parse. [link]

    # bad
    Time.parse('2015-03-02 19:05:37') # => Will assume time string given is in the system's time zone.
    # good'2015-03-02 19:05:37') # => Mon, 02 Mar 2015 19:05:37 EET +02:00
  • Don't use [link]

    # bad # => Returns system time and ignores your configured time zone.
    # good # => Fri, 12 Mar 2014 22:04:47 EET +02:00
    Time.current # Same thing but shorter.


  • Put gems used only for development or testing in the appropriate group in the Gemfile. [link]

  • Use only established gems in your projects. If you're contemplating on including some little-known gem you should do a careful review of its source code first. [link]

  • OS-specific gems will by default result in a constantly changing Gemfile.lock for projects with multiple developers using different operating systems. Add all OS X specific gems to a darwin group in the Gemfile, and all Linux specific gems to a linux group: [link]

    # Gemfile
    group :darwin do
      gem 'rb-fsevent'
      gem 'growl'
    group :linux do
      gem 'rb-inotify'

    To require the appropriate gems in the right environment, add the following to config/application.rb:

    platform = RUBY_PLATFORM.match(/(linux|darwin)/)[0].to_sym
  • Do not remove the Gemfile.lock from version control. This is not some randomly generated file - it makes sure that all of your team members get the same gem versions when they do a bundle install. [link]

Flawed Gems

This is a list of gems that are either problematic or superseded by other gems. You should avoid using them in your projects.

  • rmagick - this gem is notorious for its memory consumption. Use minimagick instead.

  • autotest - old solution for running tests automatically. Far inferior to guard and watchr.

  • rcov - code coverage tool, not compatible with Ruby 1.9. Use SimpleCov instead.

  • therubyracer - the use of this gem in production is strongly discouraged as it uses a very large amount of memory. I'd suggest using node.js instead.

This list is also a work in progress. Please, let me know if you know other popular, but flawed gems.

Managing processes

  • If your projects depends on various external processes use foreman to manage them. [link]

Further Reading

There are a few excellent resources on Rails style, that you should consider if you have time to spare:


Nothing written in this guide is set in stone. It's my desire to work together with everyone interested in Rails coding style, so that we could ultimately create a resource that will be beneficial to the entire Ruby community.

Feel free to open tickets or send pull requests with improvements. Thanks in advance for your help!

You can also support the project (and RuboCop) with financial contributions via gittip.

Support via Gittip

How to Contribute?

It's easy, just follow the contribution guidelines.


Creative Commons License This work is licensed under a Creative Commons Attribution 3.0 Unported License

Spread the Word

A community-driven style guide is of little use to a community that doesn't know about its existence. Tweet about the guide, share it with your friends and colleagues. Every comment, suggestion or opinion we get makes the guide just a little bit better. And we want to have the best possible guide, don't we?


Something went wrong with that request. Please try again.