I’m trying to build a web application for data analysis. The client can
send ad-hoc queries to my back-end data service. For example:
(foo >= 10 OR bar == ‘baz’) AND bat < 10
Is there a rails/activerecord standard for sending this type of query
through REST? A DAO / method_missing won’t work because there are an
infinite number of permutations per model (e.g. an arbitrary number of
attributes, clauses, etc). Is there something that could take a
“Lucene-like” query string and construct an activerecord request? Or do
I
just have to manually parse it myself?
On Fri, Jan 10, 2014 at 3:14 PM, Colin T. [email protected]
wrote:
I’m trying to build a web application for data analysis. The
client can send ad-hoc queries to my back-end data service.
I would advise you question the need for this. Not because it’s
difficult in Rails, but for security. Imagine what someone with evil
intents could do. He could delete your data, or worse yet just alter
it so the answers are wrong. He could fill up your database, and if
there aren’t limits on that, then maybe your whole disk. Depending
what DBMS you’re using, maybe there’s some way to make it read-only.
Alternately, maybe there’s some gem that will sanitize it for you.
IWCTW, you could take the more difficult approach of letting them
specify what variable(s) need to be in what range, what tables to join
on, etc.
-Dave
–
Dave A., the T. Rex of Codosaurus LLC (codosaur.us),
freelance software developer, and creator of these sites:
PullRequestRoulette.com, blog.codosaur.us, & Dare2XL.com.
One approach would be to define a domain specific language and implement a
compiler. This would give you an opportunity to check both the form
(lexical scanner) and content (syntax checker) of the user input and map
all legal requests on your data.
For obvious reasons, this language should not include the ability to pass
SQL statements intact from the user to your database. But you could allow
the user to implement a nice custom report generator to support analysis.
Racc is the gem capturing the syntax, it continues the tradition of
recasting Stephen Johnson’s YACC, which itself built on Donald Knuth’s
work. There isn’t a lex/flex gem but ruby provides good support for
lexical analysis.