Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
Fixes #6854 - Api status allowed for all users
(cherry picked from commit 7267e023e6db34db8ebb3ba59f4be4b8d0e07624)
Fixes #11219 - rename config_template attributes in os_default_templates
(cherry picked from commit 3a4b4001c1defc5a1dd5210d106e281e4f3484ab)
Fixes #11033 - adding missing params to auth_source ldap API docs
(cherry picked from commit 66f3267354ee2a7391ef8feba27d1cb050d9b5df)
Fixes #10635 - Formalize deprecation warning
(cherry picked from commit 319d1ffbed54f2c9eb988d132ec1586fb4d7c428)
Fixes #10963 - partition table can't access os ids
(cherry picked from commit 5fc2aed63fa0ab78432bbf91dbfd61c2543dfc97)
Fixes #10917 - Update API docs for template combinations
Fixes #10916 - convert config_template_ids in operatingsystems
Refs #10720 - Use API v2 response for vm_compute_attributes
Fixes #9793 - API v2 fact_values index works for non-admins
Fixes #6976 - Build default PXE menu should be POST request
Fixes #10713 - improved backtrace logging
Fixes #7096 - Adds STI to templates
This commit converts Ptables to be just another type of Template so itgets the same features as ConfigTemplate. ConfigTemplate was renamed toProvisioningTemplate to reflect UI and the name under it's commonly known.
fixes #10720 - Adds API to get host vm attributes
This exposes an API to fetch a host's vm_compute_attributes,such as vmware cpus and memory. It lives at a separate endpointbecause it involves a fetch for data from the compute resource,and may have different performance characteristics than the database.
Fixes #10715 - api build_pxe_default returns non-JSON message
The fix adds a new method `render_message` for responding with a statustext.
fixes #9031 - Add routes to view template_combinations per hostgroup / environment
fixes #9632 - updated compute resource names to follow brand names
this commit changes strings such as Ovirt to oVirt in API v{1,2}descriptions
fixes #10509 - add toggle for LDAP usergroup updating
fixes #10471 - use Rails' force_ssl
Fixes #8525 - Rename "Mail" to "Email" in user preferences
fixes #10437 - remove incorrect/duplicate hash statements
fixes #9812 - Adds validation on override value, ensure match returns error if blank
Fixes #9687 - respect custom controller permissions
fixes #10167 - change default API from v1 to v2
Fixes #9878 - refresh external usergroup on API manipulation
Fixes #8812 - Pass model type so search_for is called on Host
At least on version 1.6.1, the absence of this second parameter leads to aruntime crash when it's time to validate if the current user (non-admin) isallowed to perform a power operation on given a host via the APIv2....
Fixes #9921 - specify requirements on apidoc params for NICs
Fixes #8890 - Allow selection of plaintext "encryption" method for root password
Fixes #7378 - fixed API lookup keys filters
refs #9877 - s/variable/class parameter/ on param :override
fixes #9877 - Add descriptions to smart_class_parameters in api/v2
fixes #9823 - Add description to smart variables
Fixes #9723 - missing owner_type in host api docs
Fixes #9657 - merge NICs from compute profile in host create API
- updated api docs for hosts and interfaces- host create/update api actions now merge interfaces from compute profiles- NIC type mapping extracted into a separate class- return full host detail after host update
Fixes #9678 - Can't update admin flag for users via API
find_resource needs to be defined prior to UsersMixin is included as itrequires the variable @user being set.
Fixes #9452 - correct capitalization of VMware
Refs #3809 - Remove classcheck cop
Refs #3809 - Remove cop IndentationConsistency
Refs #3809 - Remove cops for empty lines
fixes #5812 - url parameter in compute_resource#create is not required for EC2, removing the required flag
Fixes #9113 - api docs for users miss locale and timestamp params
Locale was missing also in the server responses.
fixes #9030 - Adds support to clone config template via api
Fixes #9225 - private is defined twice in hosts controller
Fixes #8838 - Replace HTTP error codes with human-readable symbols
fixes #8484 - make SmartProxyAuth concern more useful to plugins
fixes #8049 - Add timezone to user
fixes #8627 - add host comment field to API documentation
fixes #8228 - add a config_templates concern to serve config_templates controllers
Fixes #8284 - missing params in OS api docs
fixes #8459 - remove sp_subnet_id from api/hosts
Refs #3809 - Remove useless assignments
fixes #7586, #7734, #7172 - user preferences for receiving mail notifications
Adds a framework for user-selectable mail notifications. The work isstill done in ActionMailer classes and launch by rake in cron, however awrapper called MailNotification is used to provide RBAC and make the...
fixes #4463 - use unattended URL for hostgroup provisioning
Fixes #3260- Allows puppet to manage value of smart class parameter that can be overrided
Fixes #8005 - Convert allowed NIC types to strings
- allowed NIC type classes need to be registered now- api for interfaces use lowercase human readable values for defining types- fixed output of api's create action to the standard format
Fixes #3309 - Support deep merging of hash and array structures in smart class parameters
Fixes #7830 - interfaces api output is class specific
- per type rabl templates- fixed api docs for interfaces
fixes #7372 - API v2 - accept PUT/POST requests with wrapped root node to add/remove has_many associations of child nodes
fixes #3492 - API v2 nested routes for each controller
fixes #7332 - Host Create API documentation missing required parameters
refs #7401 - fix markdown syntax in API doc
Fixes #7401 - Add support for bonds
Renames physical_device to attached_to and move the virtual deviceform out of BMC.Extends the form for Bond devicesAllow configuration of bonds in KS templateParsing of Bond interfaces from factsMac address is required only for physical devices
Refs #3809 - Use parentheses in method definitions
Refs #3809 - Fix a few rubocop TODOs
Refs #3809 - Remove rubocop TODOs
Removed the following TODOs so that cops for these will run from now on:
Lint/AmbiguousOperator, DefEndAlignment, DeprecatedClassMethodsEnsureReturn, RequireParentheses, Void, BlockAlignment, EndAlignment,UselessAccessModifier,...
fixes #7756 - render not_found.json.rabl for API errors rather than expose too much internal information
refs #2127 - add password_hash to API
fixes #4386 - gem friendly_id to simplify find by id, name, label, etc
Fixes #2524 - adding taxonomy scope parameters
Fixes #5088 - adding location_ids and organizations_ids to apidocs of taxable resources
fixes #5896 - Set Compute Resource's 'Console passwords' option in API
Fixes #6864 - adding api messages for extraction
refs #3085 - missing API i18n string extraction
Fixes #3085: Request to be able to clone host groups via API
Fixes #6444 - add support for virtual NICs
Extend additional interface details refs #2240
NIC facts parsing change and we create interfaces in Foreman accordingto facts we recieve.
Subclasses does not define their own attributes and serialize them toattrs hash. All BMC attributes are extracted to separate columns so it's...
Fixes #5926 - hide sensitive parameter values
User can check to hide value when creating or editing global parameter.The value is masked by *** and is also not displayed when overriding.
Fixes #7261 - API v2 - mark wrapped params hash for POST/PUT as required instead of optional
fixes #7191 - move API response logger to named filter so it can be skipped
Fixes #6538 - User group vs usergroup name consistency
Fixes #6161 - Mark override on adding smart variable override via api
Fixes #6756 - exposes vmware resource pools and folders through the API
Fixes #6608 - expose disk usage info through available_storage_domains API
fixes #6696 - API v2 - specify 'host' as the key in which parameters will be wrapped rather than Host::Base
fixes #6964 - replace default scope that hides users with explicit scope
Fixes #5734 - API for external groups management
Fixes #6794: Adds search parameter for template kinds
fixes #6825 - refactor api/v2/filters_controller.rb to use find_optional_nested_object and add Authorizable to class Role
Fixes #6446 - Forbidding non-json POST/PUT requests in v2
Refs #4478 - API doc strings marked for translation
fixes #6529 allow to define IP suggestion per subnet
fixes #6432 - add validation for attributes missing :presence => true and remove duplicate validation messages 'can't be blank'
Fixes #6768 - Hammer set-parameter does not work
Fixes #6236 - add taxonomy parameters to host API v2 create/update documentation
fixes #6375 - fix needed for Rails 3.2.8 only that ensures reference_id on parameter.rb matches the nested object id
fixes #1646, #3103 - enable cloning and locking of templates
fixes #6562 - APIv2 is declared stable as of the next release
fixes #5178 - unify API parameters and return values. User creation should not require payload wrapped with 'user' root
fixes #4155 - enable host/CR (dis)association via api
Fixes #6532 - permission related api extensions
- usergroups#show lists associated roles - listing available resource types - filters#show lists associated roles - filters#index lists associated roles and permissions and orders the results - pagination in permissions#index...
Fixes #6285 - Settings API does not parse incoming values to correct data type