This highly depends on how capable are your admin users and what kind of mapping we are talking about.
There are few notable options:
- Use a safe templating DSL like mustache. This is the most limited option in terms of flexibility as you can’t execute custom code, however is the safest one from the point of security;
- Use elixir EEx. This option combines complete flexibility and a declarative approach, but at the same time it is the most dangerous one as the executed code is not sandboxed. You can use this in combination with something like dune to limit the allowed functionality, but it still has some security holes;
- Use a fully sandboxed solution like luerl. This combines both full flexibility with a great sandbox and doesn’t require messing with external processes as the stack machine used to run lua is implemented in erlang as pure data. The only downside is that you will have to write the scripts in lua, even though I don’t think this is a problem if the admins know how to write code;
- Start a separate runtime on demand. I’ve seen some commercial elixir projects using javascript sandbox runtimes to run their custom business logic in a safe manner. This option I would recommend the least simply because of performance penalty and potential risk of leaking processes and memory.
