Skip to content

[18.0][web_tour] Obsolete security rules block login after migration#5365

Open
demodooit wants to merge 1 commit intoOCA:18.0from
demodooit:fix-web_tour-end-migration-18
Open

[18.0][web_tour] Obsolete security rules block login after migration#5365
demodooit wants to merge 1 commit intoOCA:18.0from
demodooit:fix-web_tour-end-migration-18

Conversation

@demodooit
Copy link

@demodooit demodooit commented Sep 6, 2025
edited by legalsylvain
Loading

Impacted versions:

  • OpenUpgrade 18.0
  • Module web_tour

Steps to reproduce:

  1. Migrate a DB from 17.0 to 18.0 with web_tour installed.
  2. After migration, login fails due to obsolete security rules for model web_tour.tour.

Current behavior:

  • Login blocked after migration.

Expected behavior:

  • Obsolete security rules should be removed during end-migration.py.

Proposed fix:

  • Update openupgrade_scripts/scripts/web_tour/18.0.1.0/end-migration.py to drop security rules for model web_tour.tour.

@openupgrade.migrate()
def migrate(env, version=None):
"""
Set consumed tours from legacy table after migration and
remove obsolete security rules.
"""
openupgrade.logged_query(
env.cr,
f"""
INSERT INTO res_users_web_tour_tour_rel
(res_users_id, web_tour_tour_id)
SELECT legacy_table.user_id, web_tour_tour.id
FROM
{openupgrade.get_legacy_name('web_tour_tour')} legacy_table,
web_tour_tour
WHERE web_tour_tour.name=legacy_table.name
ON CONFLICT DO NOTHING
""",
)

openupgrade.logged_query(
    env.cr,
    """
    DELETE FROM ir_rule
    WHERE model_id = (
        SELECT id FROM ir_model WHERE model = 'web_tour.tour'
    )
    AND domain_force LIKE '%user_id%';
    """,
)

@legalsylvain legalsylvain mentioned this pull request Sep 6, 2025
Closed
@MiquelRForgeFlow MiquelRForgeFlow added this to the 18.0 milestone Sep 18, 2025
hbrunn
hbrunn requested changes Sep 19, 2025
View reviewed changes
Copy link
Member

@hbrunn hbrunn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please figure out where the problematic rule comes from, because web_tour.own_tours is supposed to be deleted during the migration. Chances are the issue is with your database or the way you run OU.

Then your sql statement is pretty broad, and given ir.rules usually have xmlids, if we actually need this, you should use delete_records_safely_by_xml_id - but as of above, I doubt it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hbrunn hbrunn hbrunn requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

18.0

Development

Successfully merging this pull request may close these issues.

3 participants

@demodooit @hbrunn @MiquelRForgeFlow