Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
Fixes #10715 - api build_pxe_default returns non-JSON message
The fix adds a new method `render_message` for responding with a statustext.
Refs #3809 - Remove cops for empty lines
fixes #8484 - make SmartProxyAuth concern more useful to plugins
fixes #3492 - API v2 nested routes for each controller
fixes #4386 - gem friendly_id to simplify find by id, name, label, etc
Fixes #5088 - adding location_ids and organizations_ids to apidocs of taxable resources
Fixes #7261 - API v2 - mark wrapped params hash for POST/PUT as required instead of optional
Refs #4478 - API doc strings marked for translation
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
fixes #3925 - create apipie param_groups for API v2 to DRY documentation
fixes #3760 - API v2 define metadata @total for each controller
fixed #3905 - wrong route in apidoc for reports delete (API v2)
fixes #3017 - split APIv2 controllers from v1 parents
fixes #1830 - auto assign puppet proxy if its not defined upon facts/reports event
fixes #3207 avoid extra validation calls when importing a report
Fixes #2414 - Move puppet report processing code to the report processor
This creates a API route for POST:/api/reports which matches the GETformat for reports. Tests are updated, with the report model testsmoving to the puppet-foreman module (along with the report fixtures).