In the previous sections, we created the models for both User and Memo. In this section, we are going to be creating the controllers for both of them.

Rails controllers

Rails controllers are responsible for routing incoming traffic from the network.

The User Controller

Lets create a new controller for User.

rails generate scaffold_controller User

This will create a new file called users_controller.rb in app/controllers.

├── ./controllers
│   ├── ./controllers/application_controller.rb
│   ├── ./controllers/concerns
│   └── ./controllers/users_controller.rb

Structure of a Rails controller

Your userscontroller_ should now contain the following functions that correspond to REST and CRUD:

  • index - For showing all items of a resource. eg. All Users, all Memos. Translates to a GET request.
  • show - For showing a singular item of a resource by a specific identifier. eg. one user by id, one memo by title. Translates to a GET request using url parameters to fetching the specific resource.
  • create - You usually creates the appropriate model for a resource. Corresponds to a POST request.
  • update - Updates an existing resource. Corresponds to a put/patch request.
  • destroy - Deletes a specific resource. Corresponds to a DELETE request.

Using the rails scaffoldcontroller generator creates some boilerplate code for all the _CRUD actions in a controller

Lets run our rails app now to verify that everything is working:

rails server


Before we test our new models and controllers, we have to add some routes to our rails app.

Routes map URLs to controllers.

Open the routes.rb file located under config folder and add the following code.

resources :users

Your routes.rb file should look like this now:

Rails.application.routes.draw do
  resources :users

Previewing our routes

We can tell Rails to show us all the routes in our app by running the following command in terminal.

rails routes

This should print the following:

Prefix Verb   URI Pattern          Controller#Action
 users GET    /users(.:format)     users#index
       POST   /users(.:format)     users#create
  user GET    /users/:id(.:format) users#show
       PATCH  /users/:id(.:format) users#update
       PUT    /users/:id(.:format) users#update
       DELETE /users/:id(.:format) users#destroy

We can see here that it created RESTful routes for our User resource.

Lets test our User resource by running our rails server and going to: http://localhost:3000/users

This should print out a JSON array of Users.

Can you trace what is happening here?

When we make a get request to http://localhost:3000/users, Rails routes this action to the index function of the users controller.

Parameter Sanitizing

With our current controller setup, Rails will allow any parameter into our controller. Lets fix that by only whitelisting parameters for creating a user.

Modify the user_params function to add this code:

def user_params
  params.permit(:name, :email)

The users_controller.rb file should now look like this:

class UsersController < ApplicationController
  before_action :set_user, only: [:show, :update, :destroy]

  # GET /users
  def index
    @users = User.all

    render json: @users

  # GET /users/1
  def show
    render json: @user

  # POST /users
  def create
    @user =

      render json: @user, status: :created, location: @user
      render json: @user.errors, status: :unprocessable_entity

  # PATCH/PUT /users/1
  def update
    if @user.update(user_params)
      render json: @user
      render json: @user.errors, status: :unprocessable_entity

  # DELETE /users/1
  def destroy

    # Use callbacks to share common setup or constraints between actions.
    def set_user
      @user = User.find(params[:id])

    # Only allow a trusted parameter "white list" through.
    def user_params
      params.permit(:name, :email)


  • Controllers can manage CRUD on a resource by providing us with methods to handle diffent types of HTTP requests.
  • Routes map URLs to the appropriate controllers.
  • We define our routes in the routes.rb file under the config folder.
  • The parameter sanitizer only allows whitelisted parameters into our controllers.


If you have feedback on this tutorial or find any mistakes, please open issues on the GitHub Repository or comment below.

Summer academy

An iOS Development Summer Course

Design, code and launch your own app. Locations in San Francisco and Asia

Find your location

Product College

A computer science college

Graduate into a successful career as a founder or software engineer.

Learn more

Cookies on Make School's website

We have placed cookies on your device to ensure that we give you the best experience on our website.

This site uses cookies to deliver our services. By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service. Your use of Make School’s Products and Services is subject to these policies and terms.

Please note that Make School no longer supports Internet Explorer

We recommend upgrading to a modern web browser. Learn more