Issue 8148 fixes 6121 after review

Makefile

@@ -15,7 +15,7 @@ pip_requirements:
 	$(PIP) install --upgrade -r requirements.txt
 
 django_migrations:
-	$(PYTHON) manage.py base_specify_migration --database=migrations
+	$(PYTHON) manage.py base_specify_migration --use-override --database=migrations
 	$(PYTHON) manage.py migrate --database=migrations
 
 specifyweb/settings/build_version.py: .FORCE

docker-entrypoint.sh

@@ -9,11 +9,9 @@ if [ "$1" = 've/bin/gunicorn' ] || [ "$1" = 've/bin/python' ]; then
   rsync -a --delete specifyweb/frontend/static/ /volumes/static-files/frontend-static
   cd /opt/specify7
   echo "Applying Django migrations."
-  set +e
-  ./sp7_db_setup_check.sh # Setup db users and run mirgations
+  ./sp7_db_setup_check.sh # Setup db users and run migrations
   # ve/bin/python manage.py base_specify_migration
   # ve/bin/python manage.py migrate
-  ve/bin/python manage.py run_key_migration_functions # Uncomment if you want the key migration functions to run on startup.
-  set -e
+  # ve/bin/python manage.py run_key_migration_functions # Uncomment if you want the key migration functions to run on startup.
 fi
 exec "$@"

specifyweb/backend/businessrules/uniqueness_rules.py

@@ -395,15 +395,15 @@ def create_uniqueness_rule(model_name: str, discipline, is_database_constraint:
     UniquenessRuleField = registry.get_model(
         'businessrules', 'UniquenessRuleField') if registry else models.UniquenessRuleField
 
+    fields = list(fields)
+    scopes = list(scopes)
+
     final_discipline = None if rule_is_global(scopes) else discipline
 
     candidate_rules = UniquenessRule.objects.filter(modelName=model_name,
                                                     isDatabaseConstraint=is_database_constraint,
                                                     discipline=final_discipline)
 
-    fields = list(fields)
-    scopes = list(scopes)
-
     for rule in candidate_rules:
         # If the rule already exists, skip creating the rule
         if _rule_fields_match(

specifyweb/backend/permissions/initialize.py

@@ -32,22 +32,26 @@ def is_sp6_user_permissions_migrated(user, apps=apps) -> bool:
     return UserRole.objects.filter(specifyuser=user).exists() or \
         UserPolicy.objects.filter(specifyuser=user).exists()
 
-def initialize(
-    wipe: bool = False,
-    apps=apps,
-    *,
-    migrate_sp6_users: bool = True,
-) -> None:
+def has_sp6_permissions_tables() -> bool:
+    with connection.cursor() as cursor:
+        cursor.execute("""
+            SELECT COUNT(*)
+            FROM information_schema.tables
+            WHERE table_name IN ('specifyuser_spprincipal', 'spuserrole')
+            AND table_schema = DATABASE();
+        """)
+        return cursor.fetchone()[0] == 2
+
+def initialize(wipe: bool=False, apps=apps) -> None:
     with transaction.atomic():
         if wipe:
             wipe_permissions(apps)
         create_admins(apps)
         create_roles(apps)
-        if migrate_sp6_users:
-            if 'test' in ''.join(sys.argv):
-                assign_users_to_roles_during_testing(apps)
-            else:
-                assign_users_to_roles(apps)
+        if 'test' in ''.join(sys.argv):
+            assign_users_to_roles_during_testing(apps)
+        else:
+            assign_users_to_roles(apps)
 
 def create_admins(apps=apps) -> None:
     UserPolicy = apps.get_model('permissions', 'UserPolicy')
@@ -91,15 +95,10 @@ def assign_users_to_roles(apps=apps) -> None:
     }
 
     results = []
+    if not has_sp6_permissions_tables():
+        return # Newly created sp7 databases don't have these sp6 specific tables.
+
     with connection.cursor() as cursor:
-        cursor.execute("""
-            SELECT COUNT(*)
-            FROM information_schema.tables
-            WHERE table_name IN ('specifyuser_spprincipal', 'spuserrole')
-            AND table_schema = DATABASE();
-        """)
-        if cursor.fetchone()[0] < 2:
-            return # Newly created sp7 databases don't have these sp6 specific tables.
         cursor.execute("""
             SELECT
                 u.SpecifyUserID as user_id,
@@ -165,7 +164,6 @@ def assign_users_to_roles_during_testing(apps=apps) -> None:
     Specifyuser = apps.get_model('specify', 'Specifyuser')
     Agent = apps.get_model('specify', 'Agent')
 
-    cursor = connection.cursor()
     for user in Specifyuser.objects.all():
         for collection in Collection.objects.all():
             if user.usertype == 'Manager':
@@ -175,16 +173,21 @@ def assign_users_to_roles_during_testing(apps=apps) -> None:
             if user.usertype in ('LimitedAccess', 'Guest'):
                 user.roles.create(role=Role.objects.get(collection=collection, name="Read Only - Legacy"))
 
-        for colid, _ in users_collections_for_sp6(cursor, user.id):
-            # Does the user has an agent for the collection?
-            if Agent.objects.filter(specifyuser=user, division__disciplines__collections__id=colid).exists():
-                # Give them access to the collection.
-                UserPolicy.objects.create(
-                    collection_id=colid,
-                    specifyuser_id=user.id,
-                    resource=CollectionAccessPT.access.resource(),
-                    action=CollectionAccessPT.access.action(),
-                )
+    if not has_sp6_permissions_tables():
+        return
+
+    with connection.cursor() as cursor:
+        for user in Specifyuser.objects.all():
+            for colid, _ in users_collections_for_sp6(cursor, user.id):
+                # Does the user has an agent for the collection?
+                if Agent.objects.filter(specifyuser=user, division__disciplines__collections__id=colid).exists():
+                    # Give them access to the collection.
+                    UserPolicy.objects.get_or_create(
+                        collection_id=colid,
+                        specifyuser_id=user.id,
+                        resource=CollectionAccessPT.access.resource(),
+                        action=CollectionAccessPT.access.action(),
+                    )
 
 def create_roles(apps = apps) -> None:
     LibraryRole = apps.get_model('permissions', 'LibraryRole')
@@ -548,4 +551,4 @@ def create_roles(apps = apps) -> None:
         )
         if is_new:
             for lp in collection_admin.policies.all():
-                ca.policies.get_or_create(resource=lp.resource, action=lp.action)
+                ca.policies.get_or_create(resource=lp.resource, action=lp.action)

specifyweb/settings/__init__.py

@@ -83,6 +83,12 @@
 }
 
 DB_ALIAS = os.getenv("DJANGO_DB_ALIAS", "default") # Might want to set to "app" in the future
+if DB_ALIAS not in DATABASES:
+    valid_aliases = ", ".join(sorted(DATABASES))
+    raise ValueError(
+        f"Invalid DJANGO_DB_ALIAS '{DB_ALIAS}'. "
+        f"Expected one of: {valid_aliases}."
+    )
 if DB_ALIAS != "default":
     from copy import deepcopy
     DATABASES['default'] = deepcopy(DATABASES[DB_ALIAS])

specifyweb/settings/specify_settings.py

@@ -55,21 +55,15 @@
 # https://docs.djangoproject.com/en/4.2/ref/settings/#std-setting-OPTIONS
 DATABASE_OPTIONS = {}
 
-# The master user login. This is the MySQL user used to connect to the
-# database. This can be the same as the Specify 6 master user.
-MASTER_NAME = 'MasterUser'
-MASTER_PASSWORD = 'MasterPassword'
-MIGRATOR_NAME = 'MasterUser'
-MIGRATOR_PASSWORD = 'MasterPassword'
-APP_USER_NAME = 'MasterUser'
-APP_USER_PASSWORD = 'MasterPassword'
-
-# MASTER_NAME = os.environ.get('MASTER_NAME', 'root')
-# MASTER_PASSWORD = os.environ.get('MASTER_NAME', 'password')
-# MIGRATOR_NAME = os.environ.get('MIGRATOR_NAME', MASTER_NAME)
-# MIGRATOR_PASSWORD = os.environ.get('MIGRATOR_PASSWORD', MASTER_PASSWORD)
-# APP_USER_NAME = os.environ.get('APP_USER_NAME', MIGRATOR_NAME)
-# APP_USER_PASSWORD = os.environ.get('APP_USER_PASSWORD', MIGRATOR_PASSWORD)
+# The master, migrator, and application user logins. The migrator and app
+# credentials fall back through the more privileged roles for compatibility.
+ROOT_PASSWORD = os.getenv('MYSQL_ROOT_PASSWORD', 'password')
+MASTER_NAME = os.getenv('MASTER_NAME', 'root')
+MASTER_PASSWORD = os.getenv('MASTER_PASSWORD', ROOT_PASSWORD)
+MIGRATOR_NAME = os.getenv('MIGRATOR_NAME', MASTER_NAME)
+MIGRATOR_PASSWORD = os.getenv('MIGRATOR_PASSWORD', MASTER_PASSWORD)
+APP_USER_NAME = os.getenv('APP_USER_NAME', MIGRATOR_NAME)
+APP_USER_PASSWORD = os.getenv('APP_USER_PASSWORD', MIGRATOR_PASSWORD)
 
 # The Specify web attachment server URL.
 WEB_ATTACHMENT_URL = None

specifyweb/specify/management/commands/base_specify_migration.py

@@ -25,28 +25,20 @@ def add_arguments(self, parser):
     def handle(self, *args, **options):
         use_override = bool(options.get('use_override', False))
         alias = options["database"]
-        conn = connections[alias]
         logger.info(f"Running base_specify_migration using database alias '{alias}'")
 
+        # Validate the alias exists and is usable; fallback to 'master' if not
+        original_alias = alias
         try:
-            transaction.atomic(using=alias)
-        except:
+            connections[alias].ensure_connection()
+        except Exception as e:
             alias = 'master'
+            logger.warning(f"Database alias '{original_alias}' unavailable ({e}), falling back to 'master'")
 
+        conn = connections[alias]
         with transaction.atomic(using=alias):
             with conn.cursor() as cursor:
-                # Check django table
-                try:
-                    cursor.execute("""
-                        SELECT 1
-                        FROM django_migrations
-                        LIMIT 1;
-                    """)
-                    exists = True
-                except:
-                    exists = False
-
-                if not exists:
+                if "django_migrations" not in conn.introspection.table_names(cursor):
                     # Check if the django_migrations table exists and create it if it doesn't
                     cursor.execute("""
                         CREATE TABLE IF NOT EXISTS `django_migrations` (