ipsec: fix off-by-section in ipsec migration

PR: https://forum.opnsense.org/index.php?topic=42407.0

plist

@@ -721,6 +721,7 @@
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_0.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_1.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_2.php
+/usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_3.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php
 /usr/local/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/Interfaces/ACL/ACL.xml

src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.xml

@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/IPsec</mount>
-    <version>1.0.2</version>
+    <version>1.0.3</version>
     <description>OPNsense IPsec</description>
     <items>
         <general>

src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_2.php

@@ -35,7 +35,7 @@ use OPNsense\IPsec\IPsec;
 class M1_0_2 extends BaseModelMigration
 {
     /**
-     * Migrate pre-shared-keys from both IPsec legacy and user administration
+     * Migrate pre-shared-keys from advanced settings legacy page stored under "ipsec" section
      */
     public function run($model)
     {
@@ -68,10 +68,6 @@ class M1_0_2 extends BaseModelMigration
             $model->general->passthrough_networks = (string)$cnf->ipsec->passthrough_networks;
             unset($cnf->ipsec->passthrough_networks);
         }
-        if (isset($cnf->ipsec->disablevpnrules) && !empty((string)$cnf->ipsec->disablevpnrules)) {
-            $model->general->disablevpnrules = "1";
-            unset($cnf->ipsec->disablevpnrules);
-        }
         if (isset($cnf->ipsec->preferred_oldsa) && !empty((string)$cnf->ipsec->preferred_oldsa)) {
             $model->general->preferred_oldsa = "1";
             unset($cnf->ipsec->preferred_oldsa);

src/opnsense/mvc/app/models/OPNsense/IPsec/Migrations/M1_0_3.php

@@ -0,0 +1,54 @@
+<?php
+
+/*
+ * Copyright (C) 2024 Deciso B.V.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\IPsec\Migrations;
+
+use OPNsense\Base\BaseModelMigration;
+use OPNsense\Core\Config;
+use OPNsense\IPsec\IPsec;
+
+class M1_0_3 extends BaseModelMigration
+{
+    /**
+     * Migrate the previously missing advanced setting that was stored under "system" section
+     */
+    public function run($model)
+    {
+        if (!$model instanceof IPsec) {
+            return;
+        }
+        $cnf = Config::getInstance()->object();
+        if (!isset($cnf->system)) {
+            return;
+        }
+        if (isset($cnf->system->disablevpnrules) && !empty((string)$cnf->system->disablevpnrules)) {
+            $model->general->disablevpnrules = '1';
+            unset($cnf->system->disablevpnrules);
+        }
+    }
+}