Fixes #23918 - Find correct scope when updating taxonomy
Fixes #19789 - fix Layout/SpaceAroundOperators cop
Fixes #23857 - Fix Performance/InefficientHashSearch cop
Refs #23776 - correct deprecation for notice
Fixes #23776 - Remove deprecations for 1.18
Fixes #22778 - disableable bruteforce protection
Fixes #19781 - Fix Layout/LeadingCommentSpace cop
fixes #23335 - normalize scsi attributes in rails 5 (#5475)
Fixes #23145 - fix strong params for compute attributes on fail (#5412)
Fixes #19787 - Fix Layout/SpaceAfterComma cop
Fixes #23081 - Fix Style/SafeNavigation cop
Fixes #19894 - Fix Style/RedundantParentheses cop
Fixes #19839 - Fix Rails/Present cop
Fixes #23123 - Fix Rails/ActiveRecordAliases cop
Fixes #23067 - expose option to use oVirt APIv4
Also handle v4 certificate error and v3 path migration
Fixes #22893 - Specify taxonomies on template import (#5323)
fixes #21694 - Add MTU to subnet
Fixes #23075 - Fix Rails/HttpStatus cop
Refs #22285 - Prepare tests for strong params enforcement
- Fix broken hosts api tests- Fix role cloning tests- Fix ssh key controller api test- Fix http proxies controller test- Fix lookup key override api controller test- Fix puppetclass controller api test...
Refs #22285 - Correct parameter filtering for strong params
- Allow $resource_id param on parameters controller- Permit user_id on access token controller- Allow params in templete combination controller Allows `config_template_id` and `:provisioning_template_id`...
Refs #22285 - Remove keep_param
This workaround was needed in Rails 5.0, but 5.1 already supportsfiltering on arbitrary hash params.
Fixes #19874 - Fix Style/MultilineMemoization cop
Fixes #19857 - Fix Style/EachWithObject cop
Fixes #15286 - New API for auth sources (#4865)
Fixes #22721 - Rename setting to trusted_hosts
The setting trusted_puppetmaster_hosts is used to allow hosts to submitstuff to the facts/reports API endpoint.The name made sense a long time ago, but these days other plugins andany user can submit stuff to this API to generate...
Fixes #21999,#22005 - Migrate toasts to pf-react
Fixes #7451 - Review whitespace in extracted strings
Refs #20800 - Move session timed out warning inline
Fixes #19889 - Fix Style/PerlBackrefs cop
Fixes #22327 - Fix Lint/MissingCopEnableDirective cop
Fixes #20807 - Remove deprecations for 1.18
Fixes #22359 - Don't rely on default taxonomy in API for any user (#5202)
Fixes #19907 - Configure Style/TernaryParentheses cop
Fixes #19895 - Fix Style/RedundantReturn cop
Fixes #11389 - Remove API v1
API v1 has been deprecated since Foreman 1.9 - over 2 years ago.This is more then enough time for anyone needing to migrate to v2.Even though the original issue requests extraction to a plugin, I do notsee any point in investing the time and effort to maintain a long...
Fixes #5790 - Add compute resource to hostgroup (#4593)
fixes #22062 - support vmware vmrc console
Fixes #21760 - Fix tests on Rails 5.1
Fixes #21343 - support multiple orgs supported for non-admin users
This adds a full support for taxonomies in API for non-admin users. Itfixes the issue with dirty associations module that only track _ids...
Fixes #19772, #19773, #19774 - Fix some empty line cops
Fixes #21944 - HttpProxy - whitelist taxonomix params
Fixes #21867 - Restore context when leaving tax wizard (#5055)
Fixes #21099 - Replace redirect_to :back with redirect_back
Some instances of process_success/error with :back as a redirect alsoneed changing, and the redirect_back_or_to helper should be deprecatedand replaced throughout with redirect_back too.
Fixes #4238 - Prevent login brute forcing
After 30 failed attempts from the same ip, login will be blocked for 5minutes from that ip.
Fixes #21353 - users can edit login if they have permissions
Fixes #12054 - Openstack v3 support
Fixes #15402 - Moved puppet to separate api controller
Fixes #17992, #18103 - Improve external usergroup errors
When one submit an user group with external user groups, and thisdoesn't work for whatever reason, like:
Net::LDAP::Error - No route to host - connect(2)LdapFluff::Generic::UnauthenticatedException...
fixes #21394 - user login with access token api
Fixes #21119 - set taxonomies in API
With this we correctly set the default taxonomy for non-admin usersin API calls. Admins are not touched at all, their context remains"any context" for API calls. This also refactors various placeswhere tried to set the right taxonomy and combines them into single...
Fixes #12216 - support http proxies for compute resources
Fixes #20957 - Replace alias_method_chain with Module prepend
Deprecated in Rails 5.0 and will be removed in 5.1. Some instances ofclasses overwriting existing methods can be handled with `super`, otherconcerns or modules are changed to use prepend instead of include....
Fixes #20963 - CVE-2017-7535 prevent XSS on org/loc host assign
Fixes #20951 - Replace render :text with :plain
fixes #20820 - set ajax vars for cr host import
Fixes #20386 - Allow to identify smart proxy by ip only
This allows setting trusted_puppet_master_hosts to an IP in thenon-https case. This can e.g. be useful when testing ansible factimporting from another machine.
Fixes #19031 - move to patternfly pagination style
fixes #4509 - VMWare: multiple scsi controllers
Fixes #16112 - support for netgroups in LDAP auth source
Fixes #17087 - default and overrides values converted to string
fixes #19913 - fixes rubocop Style/ZeroLengthPredicate
Fixes #19315 - redirect to login when session expired
Refs #19588 - Allow passing header to csv responder
Fixes #19700 - update rubocop rules
The following changes have been made:
- Performance/RedundantMerge:changes lines such as:```not_found_message.merge! :message => options```to:```not_found_message[:message] = options```
- converts str.match() to str =~ ()...
Fixes #19612 - CVE-2017-7505 don't expose admin to taxed users
fixes #19479, #10587, #19500 - two pane notifications are visible
- notification is now inside the content div, allowing two-pane serverresponses to include it.- refactored all notifications to use notification helpers (notice,warning and error) instead of direct flash manipulation...
Fixes #19417 - Safely check params for nested keys
Fixes #19125 - Add description to hostgroup
Fixes #18687 - restore hash format for parameter attributes
Fixes #19148 - Add description field to subnets
fixes #18982 - replace AC::Params#each using one-arg block
ActionController::Parameters#each works differently in Rails 5.0: it nolonger yields an array of [key, value] entries for hashes, only thekey when given a block with arity of one. This method now iterates over...
fixes #19035 - rewrite TopbarSweeper without rails-observers
Moves from the observer object into two mixins, one on the model and oneon the top-level controllers to observe creates/updates/destroys onmonitored models. Replaces rails-observers as it lacks Rails 5 support.
Fixes #18948 - correctly relogin user with SSO sessions
fixes #18476 - users have ssh keys
Fixes #18760 - Allow export to CSV
This introduces a way of exporting tables from the UI to CSV.There are 3 steps to adding a CSV export to a table:
1. Add the CsvResponder concern to the relevant controller.2. Add a `format.csv` block to the index controller action. This block...
fixes #18665 - call #to_h before comparing AC::Parameters to hash
Allows comparisons when ActionController::Parameters is separated fromHash in Rails 5.0. #permit! is now called on inner hashes sent throughKeepParam (similar to rails/rails@e86524c in 5.1) so they are included...
fixes #18664 - ignore missing callbacks in SmartProxyAuth concern
Filters that are only registered on the UI controllers cause errorswhen using SmartProxyAuth on an API controller under Rails 5.0.
Fixes #18582 - add missing id params to taxonomy apidoc
Fixes #16982 - Scope properly when no taxonomies are set
The default scope for hosts and other objects did not restrictproperly by taxonomies. An user without organizations orlocations, could do anything it's permissions allow to.The list of hosts was unrestricted and showed hosts in...
Fixes #12294 - Update existing params using API
fixes #18568 - replace deprecated AC::Parameters#update
The #update method in Rails 5 is returning a HWIA rather than theActionController::Parameters instance, causing keep_param to return thewrong object type. It is also deprecated in 5.0, so replace it with a...
fixes #13618 - cache expensive vmware api calls
Refs #15779 - make background processing unavailable for now (#4217)
The original PR got vetted in the packaging phase and includingforeman-task as dependency of Foreman was refused. We need to rethinkour approach for getting the foreman-tasks functionality available...
Fixes #17681 - Switch to newly created taxonomy
Refs #17653 - fix typo in show_hidden_parameters and add tests
Refs #17653 - add show_hidden to apidoc
fixes #17545 - adds UI notification support
- Initial data model for notification support, based on manageiq design.- addes notification JSON endpoints.
Fixes #18045 - Puppet classes show up choosing only env.
After #3551 was merged, the hosts controller requires both environmentand hostgroup to be set in order to display puppetclasses.
It shouldn't be required to have both, so we should check what'savailable and use it. If it's only the hostgroup or the environment, it...
Fixes #6502 - List ignored classes and environments on import
When importing environments and classes from puppet, ignoredenvironments and classes defined in ignored_environments.ymlaren't aparent.
This will add them to the list to import as ignored and...
Fixes #15403 - moved puppet to a concern in hosts UI controller
Fixes #17015 - Adds Key pairs controller
Fixes #17503 - Only trigger PXELoader suggestion when needed
Previously every host instantiation triggered a PXELoader suggestion,which led to up to 3 extra queries per host loaded. This changes so thatthe suggestion is only applied when a host changes it's OS.
Fixes #17487 - support sessions for api calls
- authenticated api calls save user to session and set flag api_authenticated_session- sessions with such flag allow posting requests without CSRF token- api sessions exipre the same way as UI sessions- api sessions don't store any additional data to keep the requests...
Fixes #15779 - make background processing available
Fixes #17343 - set deep munge config off
deep_munge was introduced as a solution to keepRails secure by default which results in'empty array becomes nil in params'.Thats why, set deep_munge config off in application.rb.Also, added changes which will cast param argument to string...
Fixes #16739 - unify parameters permissions
fixes #16798 - move scoped_search definitions to STI subclasses
scoped_search doesn't support class inheritance with STI, so registeringdefinitions on the subclass fixes various issues. This fixes an issuewhere scoped_search on CommonParameter calls Parameter.all and is...
fixes #17300 - accept Nic::Bond#attached_devices string inputs
Fixes #16646 - Add ability to plugins to modify index scope
Fixes #16548 - Changing user own passwd require current passwd