Fixes #23918 - Find correct scope when updating taxonomy

Fixes #19789 - fix Layout/SpaceAroundOperators cop

Fixes #23857 - Fix Performance/InefficientHashSearch cop

Refs #23776 - correct deprecation for notice

Fixes #23776 - Remove deprecations for 1.18

Fixes #22778 - disableable bruteforce protection

Fixes #19781 - Fix Layout/LeadingCommentSpace cop

fixes #23335 - normalize scsi attributes in rails 5 (#5475)

Fixes #23145 - fix strong params for compute attributes on fail (#5412)

Fixes #19787 - Fix Layout/SpaceAfterComma cop

Fixes #23081 - Fix Style/SafeNavigation cop

Fixes #19894 - Fix Style/RedundantParentheses cop

Fixes #19839 - Fix Rails/Present cop

Fixes #23123 - Fix Rails/ActiveRecordAliases cop

Fixes #23067 - expose option to use oVirt APIv4

Also handle v4 certificate error and v3 path migration

Fixes #22893 - Specify taxonomies on template import (#5323)

fixes #21694 - Add MTU to subnet

Fixes #23075 - Fix Rails/HttpStatus cop

Refs #22285 - Prepare tests for strong params enforcement

- Fix broken hosts api tests
- Fix role cloning tests
- Fix ssh key controller api test
- Fix http proxies controller test
- Fix lookup key override api controller test
- Fix puppetclass controller api test...

Refs #22285 - Correct parameter filtering for strong params

- Allow $resource_id param on parameters controller
- Permit user_id on access token controller
- Allow params in templete combination controller
Allows `config_template_id` and `:provisioning_template_id`...

Refs #22285 - Remove keep_param

This workaround was needed in Rails 5.0, but 5.1 already supports
filtering on arbitrary hash params.

Fixes #19874 - Fix Style/MultilineMemoization cop

Fixes #19857 - Fix Style/EachWithObject cop

Fixes #15286 - New API for auth sources (#4865)

Fixes #22721 - Rename setting to trusted_hosts

The setting trusted_puppetmaster_hosts is used to allow hosts to submit
stuff to the facts/reports API endpoint.
The name made sense a long time ago, but these days other plugins and
any user can submit stuff to this API to generate...

Fixes #21999,#22005 - Migrate toasts to pf-react

• Replace Alert and Toasts components with patternfly-react
• Refactor the server side flash-notification
• Allow rails-flah-notification to react-toast-notification with link

Fixes #7451 - Review whitespace in extracted strings

Refs #20800 - Move session timed out warning inline

Fixes #19889 - Fix Style/PerlBackrefs cop

Fixes #22327 - Fix Lint/MissingCopEnableDirective cop

Fixes #20807 - Remove deprecations for 1.18

Fixes #22359 - Don't rely on default taxonomy in API for any user (#5202)

Fixes #19907 - Configure Style/TernaryParentheses cop

Fixes #19895 - Fix Style/RedundantReturn cop

Fixes #11389 - Remove API v1

API v1 has been deprecated since Foreman 1.9 - over 2 years ago.
This is more then enough time for anyone needing to migrate to v2.
Even though the original issue requests extraction to a plugin, I do not
see any point in investing the time and effort to maintain a long...

Fixes #5790 - Add compute resource to hostgroup (#4593)

fixes #22062 - support vmware vmrc console

Fixes #21760 - Fix tests on Rails 5.1

Fixes #21343 - support multiple orgs supported for non-admin users

• Fixes #21343 - support multiple orgs supported for non-admins

This adds a full support for taxonomies in API for non-admin users. It
fixes the issue with dirty associations module that only track _ids...

Fixes #19772, #19773, #19774 - Fix some empty line cops

Fixes #21944 - HttpProxy - whitelist taxonomix params

Fixes #21867 - Restore context when leaving tax wizard (#5055)

Fixes #21099 - Replace redirect_to :back with redirect_back

Some instances of process_success/error with :back as a redirect also
need changing, and the redirect_back_or_to helper should be deprecated
and replaced throughout with redirect_back too.

Fixes #4238 - Prevent login brute forcing

After 30 failed attempts from the same ip, login will be blocked for 5
minutes from that ip.

Fixes #21353 - users can edit login if they have permissions

Fixes #12054 - Openstack v3 support

Fixes #15402 - Moved puppet to separate api controller

Fixes #17992, #18103 - Improve external usergroup errors

When one submit an user group with external user groups, and this
doesn't work for whatever reason, like:

Net::LDAP::Error - No route to host - connect(2)
LdapFluff::Generic::UnauthenticatedException...

fixes #21394 - user login with access token api

Fixes #21119 - set taxonomies in API

With this we correctly set the default taxonomy for non-admin users
in API calls. Admins are not touched at all, their context remains
"any context" for API calls. This also refactors various places
where tried to set the right taxonomy and combines them into single...

Fixes #12216 - support http proxies for compute resources

Fixes #20957 - Replace alias_method_chain with Module prepend

Deprecated in Rails 5.0 and will be removed in 5.1. Some instances of
classes overwriting existing methods can be handled with `super`, other
concerns or modules are changed to use prepend instead of include....

Fixes #20963 - CVE-2017-7535 prevent XSS on org/loc host assign

Fixes #20951 - Replace render :text with :plain

fixes #20820 - set ajax vars for cr host import

Fixes #20386 - Allow to identify smart proxy by ip only

This allows setting trusted_puppet_master_hosts to an IP in the
non-https case. This can e.g. be useful when testing ansible fact
importing from another machine.

Fixes #19031 - move to patternfly pagination style

fixes #4509 - VMWare: multiple scsi controllers

Fixes #16112 - support for netgroups in LDAP auth source

Fixes #17087 - default and overrides values converted to string

fixes #19913 - fixes rubocop Style/ZeroLengthPredicate

Fixes #19315 - redirect to login when session expired

Refs #19588 - Allow passing header to csv responder

Fixes #19700 - update rubocop rules

The following changes have been made:

- Performance/RedundantMerge:
changes lines such as:
```not_found_message.merge! :message => options```
to:
```not_found_message[:message] = options```

- converts str.match() to str =~ ()...

Fixes #19612 - CVE-2017-7505 don't expose admin to taxed users

fixes #19479, #10587, #19500 - two pane notifications are visible

- notification is now inside the content div, allowing two-pane server
responses to include it.
- refactored all notifications to use notification helpers (notice,
warning and error) instead of direct flash manipulation...

Fixes #19417 - Safely check params for nested keys

Fixes #19125 - Add description to hostgroup

Fixes #18687 - restore hash format for parameter attributes

Fixes #19148 - Add description field to subnets

fixes #18982 - replace AC::Params#each using one-arg block

ActionController::Parameters#each works differently in Rails 5.0: it no
longer yields an array of [key, value] entries for hashes, only the
key when given a block with arity of one. This method now iterates over...

fixes #19035 - rewrite TopbarSweeper without rails-observers

Moves from the observer object into two mixins, one on the model and one
on the top-level controllers to observe creates/updates/destroys on
monitored models. Replaces rails-observers as it lacks Rails 5 support.

Fixes #18948 - correctly relogin user with SSO sessions

fixes #18476 - users have ssh keys

Fixes #18760 - Allow export to CSV

This introduces a way of exporting tables from the UI to CSV.
There are 3 steps to adding a CSV export to a table:

1. Add the CsvResponder concern to the relevant controller.
2. Add a `format.csv` block to the index controller action. This block...

fixes #18665 - call #to_h before comparing AC::Parameters to hash

Allows comparisons when ActionController::Parameters is separated from
Hash in Rails 5.0. #permit! is now called on inner hashes sent through
KeepParam (similar to rails/rails@e86524c in 5.1) so they are included...

fixes #18664 - ignore missing callbacks in SmartProxyAuth concern

Filters that are only registered on the UI controllers cause errors
when using SmartProxyAuth on an API controller under Rails 5.0.

Fixes #18582 - add missing id params to taxonomy apidoc

Fixes #16982 - Scope properly when no taxonomies are set

The default scope for hosts and other objects did not restrict
properly by taxonomies. An user without organizations or
locations, could do anything it's permissions allow to.
The list of hosts was unrestricted and showed hosts in...

Fixes #12294 - Update existing params using API

fixes #18568 - replace deprecated AC::Parameters#update

The #update method in Rails 5 is returning a HWIA rather than the
ActionController::Parameters instance, causing keep_param to return the
wrong object type. It is also deprecated in 5.0, so replace it with a...

fixes #13618 - cache expensive vmware api calls

Refs #15779 - make background processing unavailable for now (#4217)

The original PR got vetted in the packaging phase and including
foreman-task as dependency of Foreman was refused. We need to rethink
our approach for getting the foreman-tasks functionality available...

Fixes #17681 - Switch to newly created taxonomy

Refs #17653 - fix typo in show_hidden_parameters and add tests

Refs #17653 - add show_hidden to apidoc

fixes #17545 - adds UI notification support

- Initial data model for notification support, based on manageiq design.
- addes notification JSON endpoints.

Fixes #18045 - Puppet classes show up choosing only env.

After #3551 was merged, the hosts controller requires both environment
and hostgroup to be set in order to display puppetclasses.

It shouldn't be required to have both, so we should check what's
available and use it. If it's only the hostgroup or the environment, it...

Fixes #6502 - List ignored classes and environments on import

When importing environments and classes from puppet, ignored
environments and classes defined in ignored_environments.yml
aren't aparent.

This will add them to the list to import as ignored and...

Fixes #15403 - moved puppet to a concern in hosts UI controller

Fixes #17015 - Adds Key pairs controller

Fixes #17503 - Only trigger PXELoader suggestion when needed

Previously every host instantiation triggered a PXELoader suggestion,
which led to up to 3 extra queries per host loaded. This changes so that
the suggestion is only applied when a host changes it's OS.

Fixes #17487 - support sessions for api calls

- authenticated api calls save user to session and set
flag api_authenticated_session
- sessions with such flag allow posting requests without CSRF token
- api sessions exipre the same way as UI sessions
- api sessions don't store any additional data to keep the requests...

Fixes #15779 - make background processing available

Fixes #17343 - set deep munge config off

deep_munge was introduced as a solution to keep
Rails secure by default which results in
'empty array becomes nil in params'.
Thats why, set deep_munge config off in application.rb.
Also, added changes which will cast param argument to string...

Fixes #16739 - unify parameters permissions

fixes #16798 - move scoped_search definitions to STI subclasses

scoped_search doesn't support class inheritance with STI, so registering
definitions on the subclass fixes various issues. This fixes an issue
where scoped_search on CommonParameter calls Parameter.all and is...

fixes #17300 - accept Nic::Bond#attached_devices string inputs

Fixes #16646 - Add ability to plugins to modify index scope

Fixes #16548 - Changing user own passwd require current passwd