Ruby on Rails Reference

`resources :articles` generates seven RESTful routes: GET /articles (index), GET /articles/new (new), POST /articles (create), GET /articles/:id (show), GET /articles/:id/edit (edit), PATCH/PUT /articles/:id (update), and DELETE /articles/:id (destroy). Each route maps to the corresponding controller action. You can use `only:` or `except:` to restrict which routes are generated, and nest resources with a block to create nested routes like `/articles/:article_id/comments`.

`has_many :through` creates a many-to-many relationship via an explicit join model (e.g., Appointments joining Physicians and Patients). This is preferred when you need to store additional attributes on the join record or add validations to it. `has_and_belongs_to_many` creates a direct many-to-many relationship with a join table but no model, so you cannot add attributes to the join. Use `has_many :through` for most cases as it gives more flexibility.

Strong Parameters prevent mass assignment vulnerabilities by requiring explicit whitelisting of permitted attributes. Without them, an attacker could submit additional fields in a form (like `admin: true`) and update sensitive model attributes. In your controller, use `params.require(:model_name).permit(:field1, :field2)` to create a safe parameters hash. Rails will raise an `ActionController::ForbiddenAttributesError` if you try to pass raw `params` directly to `create` or `update`.

Migrations are Ruby classes that describe changes to your database schema in a database-agnostic way. Run `rails generate migration AddColumnToTable column:type` to create a migration file, then `rails db:migrate` to apply it. Rails tracks which migrations have been run in the `schema_migrations` table. Use `rails db:rollback` to undo the last migration. The `change` method handles both up and down directions for reversible operations; use separate `up` and `down` methods for non-reversible changes.

`before_action` runs a method before one or more controller actions execute. It is commonly used to look up a resource (`@article = Article.find(params[:id])`), require authentication, or set up shared instance variables. Use `only: [:show, :edit, :update, :destroy]` to restrict which actions trigger the callback, or `except:` to exclude specific actions. Multiple `before_action` declarations run in order. You can halt the chain by rendering or redirecting inside the callback.

Named scopes are reusable query fragments defined on a model with `scope :name, -> { query }`. For example, `scope :published, -> { where(published: true) }` lets you call `Article.published` anywhere in your code. Scopes are chainable: `Article.published.recent` works if you also define `scope :recent, -> { order(created_at: :desc) }`. Scopes return an ActiveRecord::Relation, so they compose well with other scopes, `where` clauses, and `limit`.

Rails includes a built-in test framework based on Minitest. Test files live in `test/models/`, `test/controllers/`, etc. Run tests with `rails test` or target a specific file. Test methods start with `test "description" do ... end`. Common assertions include `assert_equal expected, actual`, `assert_difference "Model.count", 1 do ... end` (verifies a count changes), and `assert_response :success` (checks HTTP 200). Load test data with YAML fixtures defined in `test/fixtures/`.

`render` renders a view template and returns a 200 response without making a new HTTP request. It is used when a form submission fails validation — you re-render the form with error messages while keeping the submitted data available. `redirect_to` returns a 302 (or 301) response that tells the browser to make a new GET request to a different URL. It is used after a successful create/update/destroy to prevent form resubmission on browser refresh (the Post/Redirect/Get pattern).