Building a JSON Structure to Store Rules for Web Requests

Question

I'm trying to store rules for web requests in a JSON object and am having trouble thinking of a good structure. Here are some examples of my rules:

Possible Conditions

the user must be logged in
the user must belong to an account of type [____]
the user must belong to an account named [___]
the user must have a username [___]
the user must have the account role [___]
the current time must be between [___] and [___]
the variable [___] must be set to [___]

Possible Success Actions

allow access to the requested view
redirect to download a specific file

Possible Failure Actions

redirect to a certain view to display reasons why access was denied
redirect to a purchase page
redirect to a login page with a notice explaining why access was denied

I need to store multiple rules in a single object. I also need to be able to store boolean relationships like this:

(rule1 && rule2) || rule3

Object structure normally comes easy to me, but I'm struggling putting this together. Here's an example of a requirement the JSON object should be able to store:

A user can access the control panel if they are logged in and belong to an account named "Owners". If the user has the account role "Employee" then they can only login during Monday-Friday, not weekends. If the user has the name "root" they can login regardless of any other rule. If none of the rules succeed, then redirect the user to a page telling them specifically why they are unable to get to the control panel. E.g., "It's the weekend and you are only allowed to login Monday-Friday."

Answer 1

There are a number of ways to build a rudimentary decision engine. If there aren't too many rules involved, you could even model a common decision table structure (conditions & actions) directly in JSON format. As VolkerK mentioned, it is not clear whether client and/or server validation is required.

A really simple format could use bitmasks (popular in Windows API programming :) You can even pass it between client and server side as a simple string. At some point though, the number of rules can become unwieldy. One of our systems at the shop actually uses a business rules engine because of the sheer number of choices.

Here's a little snippet that should output a binary string: 1010001

<!DOCTYPE html>
<html><head><title>Bitmask</title></head>
<body>

<div id="output"></div>
<script type="text/javascript">
var out = document.getElementById('output');

var R_IS_LOGGED_IN    = 1;
var R_HAS_ACCT_TYPE_X = 2;
var R_HAS_ACCT_TYPE_Y = 4;
var R_HAS_USER_NAME   = 8;
var R_HAS_ROLE_X      = 16;
var R_HAS_ROLE_Y      = 32;
var R_VAR_X_IS_A      = 64;
var R_VAR_X_IS_B      = 128;

var attrs_as_string = 
  (R_IS_LOGGED_IN | R_HAS_ROLE_X | R_VAR_X_IS_A).toString(2);

out.innerText = attrs_as_string;
</script>
</body>
</html>

You could then precompute the desired combinations of conditions and possibly use a simple switch/case dispatch table approach:

switch(computed_bitmask) {
  case '11001' : do_this(); break;
  case '1101'  : do_that(); break;
  default: do_whatever();
}

Answer 2

Check out Amazon S3 Bucket Policies fits the bill. It's already in JSON. Try extending the Conditions with your own and extend the Effect actions to include a message.

http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?AccessPolicyLanguage.html

I'd say try looking for an open source Amazon bucket policy creator tool that you can extend but I'm not finding anything with a simple google search.