Ensure updates are always done with super user permission #18503
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Our process for performing updates is currently designed in a way that allows anyone (even without permission) to trigger the database updates (once the files were updated).
This can currently lead to errors or differing results depending on the current users permissions.
I saw this basically for this update script where I saw differing results:
matomo/core/Updates/4.6.0-b4.php
Lines 54 to 58 in 4fe950a
Initializing a segment using
new Segment
tries to perform an API request toAPI.getSegmentsMetadata
in the background. Based on the current user this might return either the segments (user with view permission) or an error (user without permission). This causes the resulting list of generated queries to be different depending on the user.In that case this might not be that problematic, but there could be cases where it could even break something.
Therefor it's imho required to perform the migration scripts as superuser always.
Review