[
https://issues.apache.org/jira/browse/SOLR-5287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13835900#comment-13835900
]
Erick Erickson commented on SOLR-5287:
--------------------------------------
bq: "ShowFileRequestHandler".
Yeah, I though about how confusing _that_ was too. But did I do it when I was
thinking about it? Noooooo.
[[email protected]]
bq: We should also do some validation on the uploaded file.
We don't have the button in the UI yet, but there's a "test" capability that
creates and tries to load a temporary core, it never tries to write either to
the local conf directory or ZK; it uses a temp dir. Does that serve? It'll barf
in all cases where the XML for schema and config is just flat mal-formed.
Hmmmm, validating anything with an xml extension would be cheap enough to do
whether the user pressed the test button or not, wouldn't it... Good idea.
OK, it seems like it would be acceptable to move writing to something more
appropriately named and allow the security concerns to be governed by whether
people un-comment the new handler and/or set it up with passwords etc. I'll
open up a JIRA and see what I can whip up so we can figure out what to do next
as in whether to revert or not. Of course I'd like to not throw away the work,
but that happens now and again.
> Allow at least solrconfig.xml and schema.xml to be edited via the admin screen
> ------------------------------------------------------------------------------
>
> Key: SOLR-5287
> URL: https://issues.apache.org/jira/browse/SOLR-5287
> Project: Solr
> Issue Type: Improvement
> Components: Schema and Analysis, web gui
> Affects Versions: 4.5, 5.0
> Reporter: Erick Erickson
> Assignee: Erick Erickson
> Priority: Blocker
> Fix For: 5.0, 4.7
>
> Attachments: SOLR-5287.patch, SOLR-5287.patch, SOLR-5287.patch,
> SOLR-5287.patch, SOLR-5287.patch
>
>
> A user asking a question on the Solr list got me to thinking about editing
> the main config files from the Solr admin screen. I chatted briefly with
> [~steffkes] about the mechanics of this on the browser side, he doesn't see a
> problem on that end. His comment is there's no end point that'll write the
> file back.
> Am I missing something here or is this actually not a hard problem? I see a
> couple of issues off the bat, neither of which seem troublesome.
> 1> file permissions. I'd imagine lots of installations will get file
> permission exceptions if Solr tries to write the file out. Well, do a
> chmod/chown.
> 2> screwing up the system maliciously or not. I don't think this is an issue,
> this would be part of the admin handler after all.
> Does anyone have objections to the idea? And how does this fit into the work
> that [[email protected]] has been doing?
> I can imagine this extending to SolrCloud with a "push this to ZK" option or
> something like that, perhaps not in V1 unless it's easy.....
> Of course any pointers gratefully received. Especially ones that start with
> "Don't waste your effort, it'll never work (or be accepted)"...
> Because what scares me is this seems like such an easy thing to do that would
> be a significant ease-of-use improvement, so there _has_ to be something I'm
> missing.
> So if we go forward with this we'll make this the umbrella JIRA, the two
> immediate sub-JIRAs that spring to mind will be the UI work and the endpoints
> for the UI work to use.
> I think there are only two end-points here
> 1> list all the files in the conf (or arbitrary from <solr_home>/collection)
> directory.
> 2> write this text to this file
> Possibly later we could add "clone the configs from coreX to coreY".
> BTW, I've assigned this to myself so I don't lose it, but if anyone wants to
> take it over it won't hurt my feelings a bit....
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
