Skip to content

Backend Pattern Policy

Ferris Tseng edited this page Dec 13, 2019 · 3 revisions

[Pattern] Policy

Description

Policy objects are plain old Ruby classes that encapsulate complex read operations.

The most common case of using policy objects is for authorization when you need to check a combination of rules before allowing the user to execute some action. Sometimes those rules are complex, and it is better to extract this logic in its own class, rather than put it in controllers.

Location

  • app/policies

Best Practices

N/A

Tradeoffs

One definition says that policy objects are similar to service objects, but the difference is that service objects are used for write operations and policy objects for reads.

Also, they are different from query objects because query objects focus on SQL reads, while policy objects operate on data already loaded in memory.

Resources

Examples in Caseflow

Additional Reading

Related Patterns

Pattern Description
Service Similar pattern, but for writes
Query Similar pattern, but wraps SQL
Clone this wiki locally