Thinning controllers for easier unit testing and separation of concerns

I wrote this gem, GitHub - NullVoxPopuli/skinny_controllers: A pattern for allowing for easier testing of large projects' business logic
which is influenced by Trailblazer, but less with some different
here and there.

The main idea that it pulls out of trailblazer is operations and

Operations are in app/operations
Policies are in app/policies

Operations control what data you are getting, and Policies control if
are allowed to get it.

The goal is to have all the logic in ruby objects that don’t require a
controller instance to run (i.e. avoiding put/get/post in your tests).

At the very minimum, you’d need

include SkinnyControllers::Diet
# and then in your action
render json: model

and the rest is implicit.

obviously, not everyone wants the same create / update / destroy
functionality, so that can all be configured:

here is an example of the create operation for the EventsController

module EventOperations
  class Create < SkinnyControllers::Operation::Base
    def run
      return unless allowed?
      # @model is used here, because the method `model` is memoized off
      @model =
      @model # or just `model`

allowed? is a special method that looks up the corresponding policy:

class EventPolicy < SkinnyControllers::Policy::Base
  # for the Create operation for the EventsController is matched to 
in the policy
  # o / object here is the instance of the model trying to be created
  def create?(o = object)


I’m using this in a big side project I’ve been working on for event
registration. (Rails API + Ember)

example of operation specs:

example of policy specs: