Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
Fixes #6854 - Api status allowed for all users
(cherry picked from commit 7267e023e6db34db8ebb3ba59f4be4b8d0e07624)
Fixes #10635 - Formalize deprecation warning
(cherry picked from commit 319d1ffbed54f2c9eb988d132ec1586fb4d7c428)
Fixes #10916 - convert config_template_ids in operatingsystems
Fixes #7096 - Adds STI to templates
This commit converts Ptables to be just another type of Template so itgets the same features as ConfigTemplate. ConfigTemplate was renamed toProvisioningTemplate to reflect UI and the name under it's commonly known.
fixes #9632 - updated compute resource names to follow brand names
this commit changes strings such as Ovirt to oVirt in API v{1,2}descriptions
fixes #10509 - add toggle for LDAP usergroup updating
fixes #10437 - remove incorrect/duplicate hash statements
fixes #10167 - change default API from v1 to v2
Fixes #8890 - Allow selection of plaintext "encryption" method for root password
Fixes #9678 - Can't update admin flag for users via API
find_resource needs to be defined prior to UsersMixin is included as itrequires the variable @user being set.
Fixes #9452 - correct capitalization of VMware
Refs #3809 - Remove cop IndentationConsistency
Refs #3809 - Remove cops for empty lines
fixes #5812 - url parameter in compute_resource#create is not required for EC2, removing the required flag
fixes #8627 - add host comment field to API documentation
fixes #8228 - add a config_templates concern to serve config_templates controllers
fixes #8459 - remove sp_subnet_id from api/hosts
fixes #4463 - use unattended URL for hostgroup provisioning
fixes #3492 - API v2 nested routes for each controller
fixes #7332 - Host Create API documentation missing required parameters
Refs #3809 - Use parentheses in method definitions
Refs #3809 - Remove rubocop TODOs
Removed the following TODOs so that cops for these will run from now on:
Lint/AmbiguousOperator, DefEndAlignment, DeprecatedClassMethodsEnsureReturn, RequireParentheses, Void, BlockAlignment, EndAlignment,UselessAccessModifier,...
refs #2127 - add password_hash to API
fixes #4386 - gem friendly_id to simplify find by id, name, label, etc
fixes #5896 - Set Compute Resource's 'Console passwords' option in API
Fixes #5926 - hide sensitive parameter values
User can check to hide value when creating or editing global parameter.The value is masked by *** and is also not displayed when overriding.
Fixes #6538 - User group vs usergroup name consistency
fixes #6964 - replace default scope that hides users with explicit scope
fixes #6529 allow to define IP suggestion per subnet
fixes #6432 - add validation for attributes missing :presence => true and remove duplicate validation messages 'can't be blank'
fixes #6562 - APIv2 is declared stable as of the next release
Fixes #6285 - Settings API does not parse incoming values to correct data type
fixes #5345 - customizable dashboard
fixes #5612 - use correct permissions for authz in parameters API
fixes #4806 add support to register compute resource provider from a plugin
Fixes #4851: a SmartProxy.with_features scope replaces feature-specific scopes generated during class loading
fixes #3827 - adds ldap avatar support
fixes #4539 - changed os minor attribute to not required
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
fixes #4393 - rename ancestry label to title
fixes #3876 - API find_resource by name even if name starts with integer
fixes #3960 - wrap APIv2 errors in an "error" node
fixes #2231 - hostgroup deletion is restricted to hostgroups without children
fixes #2794 - set api_version and app_info in v1 and v2 base_controllers
fixes #3930 - refactoring of edit_self implementation.
fixed #3905 - wrong route in apidoc for reports delete (API v2)
Fixes #3720 - Add description field to operatingsystem
fixes #2983 - Add autosign#index to API v1 and v2 and remove from UI controller
fixes #3776 - change NAME_MAP to be a method
fixes #3736 - users API uses login name as an identifying attribute
fixes #3578 - minor SQL and whitespaces updates to the smart proxy class
fixes #3566 - exposes orchestration tasks via the API at /api/orchestration/id/tasks
fixes #2951 - Host API documentation lacks compute_resource_id
fixes #3140 - API to allow importing of puppet classes
fixes #2741 - rails 3 syntax
fixes #1244 - add smart proxy feature refresh link + API call
Fixes #3130 - Use the standard CentOS mirror
Fixes #2984 - API v1/v2 StatisticsController and remove JSON from UI controller
fixes #2863 - restrict APIs to resources that a user is permitted to manage (CVE-2013-4182)
fixes #2933 - add missing fields to installation media API
remove incorrect documentation in API v1 lookup_keys_controller
fixes #2728 - POST /api/hostgroups does not accept ancestry
fixes #2553 let setting admin attribute on user creation
Fixes #2459 - Create ProxyFeature methods from symbol name, lookup on real text
fixes #2248 adds api controllers and actions to access_permissions.rb
Feature #2368 - i18n extracting strings
Load the apipie documentation when calling '/api'
The documentation is used to list the links for the resources. We makesure it's loaded.
Using Apipie versioning features and Maruku for markdown
Apipie switched from Redcarpet to Maruku to avoid crashes of the CExtension. No further need of compiling anything to get markdown support.
API now allows for search of usergroups
include nested host routes in the api documentation
fix in compute resources api doc
added API v2 placeholders.
fixes #1890 api host status
added slash /unattended to other url_for calls
added compute resource actions and tests
host routes api changes squashed
support for passing template_kind hash as input parameter during create and update operations
Fix the path for create medium API
added template_kinds controller to api
removed params required => from update action
smart proxies api - filtering by proxy type
subnets api - removed required constraints from fields in update
The required constraints were blocking partial updates.
This commit adds most of the functionality required for API v1
The overall goal was to extract the existing JSON responseoverall controllers, and to move them to a seperate name space.
minor API v1 fixes
update api documentation
Subnets API
added environment API
api v1 - domains controller
api v1 - added media and dashboard controllers
api v1 - config templates
fixes #1576 - api v1 - oauth support
api v1 - Users controller and tests
- split api routes to separate routes file- better detection of permission failure in model- fix ApiConstraints- catch bad routes in api and return json- render home#index links from restapi- fixed resource params recognition
api v1 - operatingsystems controller
api v1 - architectures controler and tests
cleanup after merge conflict with latest develop branch
api v1 - fixing permissions
cleanups in base controller
api v1 - render errors with rabl
better detection of permission failure in modelfix ApiConstraintscatch bad routes in api and return json
api v1 - render home#index links from restapi