Good day!

From time to time I come across a situation where instead of a bundle of standard settings for all occasions (in the form of checkboxes, selects and text fields), it is much easier (and acceptable for the user) to leave room for entering a small piece of code with which he can implement any logic.

Well, for example, a typical situation is a universal delivery management system for an online store. There is the essence of "delivery service", copies of which are different delivery services, and each with its own logic of pricing ... For some, the cost of delivery is considered as "minimum cost + additional weight x price additional weight", others have a fix, but depends from the city, for the third - a non-linear grid of the type "0..1kg, 1..5kg, 5..25kg, etc.", in the fourth - a system of markups for a certain type of goods, etc. And when you connect another tricky supplier, you have to climb into the code and add support for new concepts, create special settings for them, etc.

It is clear that “according to Feng Shui” it is necessary to derive a universal set of parameters suitable for any logic, but firstly, this is an unjustified complication, and secondly, there will be another tricky left-handed bolt that will fly out of the frame, so it is sometimes easier to create create a set of settings for the standard logic of calculation, and for everything "beyond" leave one text field, where the savvy manager can simply enter a piece of code, and implement any tricky logic.

The task is to provide the ability to customize any new logic for the new carrier "from the admin" without interfering with the code. BUT! at the same time, to observe safety when executing this code, and limit it (the code) to opportunities exclusively by accepting input parameters (data on order, goods, delivery, etc.) and returning the result in a standard form (well, for example, one number - the total cost delivery).

Actually, the question is : for sure, are there any ready-made tools for such a task? It is clear that an extreme case is to saw your bike, but the question is about existing tools or semi-finished products.

What options come to mind:

  • php eval - I’ll point out here just for completeness of the list, because immediately swept aside for security reasons (although maybe there are ways to run eval in the sandbox and limit its impact on the external environment?

  • smarty - it's better if you tighten all the security nuts; however, the requirement "to return only the number when rendering" and the ban on php-calls greatly harm readability, but at least this is an option ...

What else is worth seeing?

Thank you in advance.

  • I would like to receive feedback - Gedweb

2 answers 2

Similar situations with additional logic are often encountered, for example, in the gaming industry.

Visual flowcharts are often used to solve. Each unit is responsible for some action, some of them perform mathematical and logical calculations, others send notifications to employees, etc. Your manager builds these blocks into the scheme and launches it into the business - visually and conveniently.

If everything is so complicated that the flowchart is indispensable, you can use an embedded language, such as Lua . This is a complete language (similar to js) with the possibility of extension. An inept user will not be able to delete all data from the database from it, unless you yourself provided him with such a tool. Regarding PHP, Lua support is present .

  • Yes, thank you, Lua is quite an option (and not because “everything is difficult”, but rather because it is much faster to plug into a project than to nag your own graphic language. - AlexandrX
  • By the way, now I’m still looking in the direction of Symfony Expression Language, which can also be connected (it seems like now it can live independently, separately from the framework). It is also quite an option (for less confused logic, which can be crammed into one expression, even if it is long and branched). - AlexandrX
  • Are there any ready-made tools for php for flowcharts? - AlexandrX
  • one
    In php, it is enough to write several functions that will implement the logic of the blocks. And for building schemes there are a lot of tools on js. For example JsPlumb - Gedweb
  • cool thing ... true, 4 lines of code turn into full screen, for which I don't like flowcharts -)) - AlexandrX

The safest option: write your own full-fledged DSL-language interpreter. The most frightening novice part is writing syntax parser, done using tools like lex / yacc, for Python I use PLY, for PHP there should also be a ready generator of parsers like: https://github.com/jakubkulhan/pacc

Security is ensured by the fact that all potentially dangerous trashcode is isolated within the data structures of the interpreter's virtual machine, the only potentially dangerous case is the overflow of dynamic structures, provide a mechanism for accurate client shooting.