Expose complex dynamic queries over REST

I’m trying to build a web application for data analysis. The client can send ad-hoc queries to my back-end data service. For example:

(foo >= 10 OR bar == ‘baz’) AND bat < 10

Is there a rails/activerecord standard for sending this type of query through REST? A DAO / method_missing won’t work because there are an infinite number of permutations per model (e.g. an arbitrary number of attributes, clauses, etc). Is there something that could take a “Lucene-like” query string and construct an activerecord request? Or do I just have to manually parse it myself?

I would advise you question the need for this. Not because it's
difficult in Rails, but for security. Imagine what someone with evil
intents could do. He could delete your data, or worse yet just alter
it so the answers are wrong. He could fill up your database, and if
there aren't limits on that, then maybe your whole disk. Depending
what DBMS you're using, *maybe* there's some way to make it read-only.
Alternately, maybe there's some gem that will sanitize it for you.
IWCTW, you could take the more difficult approach of letting them
specify what variable(s) need to be in what range, what tables to join
on, etc.


One approach would be to define a domain specific language and implement a compiler. This would give you an opportunity to check both the form (lexical scanner) and content (syntax checker) of the user input and map all legal requests on your data.

For obvious reasons, this language should not include the ability to pass SQL statements intact from the user to your database. But you could allow the user to implement a nice custom report generator to support analysis.

Racc is the gem capturing the syntax, it continues the tradition of recasting Stephen Johnson’s YACC, which itself built on Donald Knuth’s work. There isn’t a lex/flex gem but ruby provides good support for lexical analysis.