1. create a role with the following filters -> [ :view_facts, (:view_hosts, :search => "content_view_id = 1")] note I used content_view_id as the search filter for the host. You could use any facet attribute for this.
2. create a user associated to this role
3. execute api call

4. curl -s -u 'apiuser:redhat' -k https://<url>/api/v2/hosts/3/facts

Expected:
Assuming Host with id 3 is associated to cv 1, we should get the facts

Actual:
$ curl -s -u 'apiuser:redhat' -k https://<url>/api/v2/hosts/3/facts
{
  "error": {"message":"Can't join 'Host::Base' to association named 'content_facet'; perhaps you misspelled it?"}
}

Problem here is with this call -> https://github.com/theforeman/foreman/blob/develop/app/services/authorizer.rb#L62

Basically the code does the equivalent of

> FactValue.joins(:host => :content_facet).to_sql
ActiveRecord::ConfigurationError: Can't join 'Host::Base' to association named 'content_facet'; perhaps you misspelled it?

Any facet attribute associated to the host is going to hit this issue.