Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
fixes #9469 - redirect to reports#index on destroy
(cherry picked from commit 0b1dafbbef20e185a9e4fdda626796db4a6168bd)
Refs #3809 - Remove cops for empty lines
fixes #4386 - gem friendly_id to simplify find by id, name, label, etc
fixes #6402 - use standard success/error handlers in UI controllers
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
fixes #3920 - prevent 500 ScopedSearch errors on the API, raise UI errors correctly
fixes #2741 - rails 3 syntax
fixes #2969 - remove all legacy api code in UI controllers, add deprecation response
Fixes #2414 - Move puppet report processing code to the report processor
This creates a API route for POST:/api/reports which matches the GETformat for reports. Tests are updated, with the report model testsmoving to the puppet-foreman module (along with the report fixtures).
fixes #2440 remove unused files, code, unnecessary require statements
Feature #2368 - i18n extracting strings
fixes #2121, #2069 - restrict importers and ENC to puppetmasters and users
CVE-2013-0171: report and fact importers parse YAML directly from the remotehost without authentication. Untrusted YAML can instantiate objects and beused to exploit Foreman.
CVE-2013-0174: external nodes (ENC) output is available to any source and...
host routes api changes squashed
ensure no duplicate hosts can be created
Add organization and location to foreman.
This feature allows foreman to provide multi location, multi tenant andmulti organizations capablities.
the idea is that resources within foreman (e.g. hosts, subnets, users,environments etc) can belong to one or more locations and organization,...
minor SQL improvments
fixes #1657 - Support Puppet http reports processor
this patch allow usage of puppet http report processor.in order to use it simply update your puppet.conf to have the following:
reports = httpreporturl = http://foreman/reports
NOTE: its not possible to use ssl URLS with the current report processor (AFAIK)
fixes #1446 - expire idle web sessions
Don't show reports from hosts not in a User's filter refs #1356
WIP rails3 migration
fixes #956 return custom number of reports
Signed-off-by: Corey Osman <corey@logicminds.biz>
Feature #882 - add api call to reports page to get the index section
Signed-off-by: Corey Osman <corey@logicminds.biz>Signed-off-by: Ohad Levy <ohadlevy@gmail.com>
fixes #847 - Retrieve last report information per host via the api
this adds two URLS to the API:
/hosts/fqdn/reports/last/reports/last
both supports JSON output which provides all of the report information.
fixes #829 - /hosts/fqdn/reports should not be a redirection
added search to reports page #refs 719
Fixes #683 - Report list sometimes fail to generate the correct SQL query
fixes #303 - cleanup flash hash from activescafold leftovers
Fixes #444 - use searchlogic in interesting report filter
fixes #445 - ensure that all anonymous actions are accessible
Ensures that all anonymous actions are allowed - refs #366
Fixes #370 - Added 'interesting' filter to reports
Fixes #366 - Redmine authorization port
This is a major feature which provides RBAC authorization within Foremana mental note to myself - never ever work on large commits
Fixes #405 and Fixes #349 - Adds support to 2.6.x reports
NOTE: Its recommended to Backup your DB prior to using this patch.
Some of the controller filters were running twice,this way is the preferred way to ensure that they running only once where appropriate.
XHTML compliance
fixes #272 - add a warning if there is a clock drift between the client and foreman
Fixes #249 - Remove AS from reports
Added a searchbar for hostname, reporting period and the type of report.
sessions are lazy loaded in rails 2.3, no need to declare them
fixes #131 - do not store sessions for facts/reports creation
fixes #106 - redid the status calcuation, this fixes #80 but not in an optimal way - db migration would be required for that.
fixes #117 - Add SSL redirection
fixes #57 - add retention rules to expire old reports
fixes #54
fixes #44 this filters the content of the report/fact, but still shows the request in the log
ensure that the authentcation filter runs on all other actions beside create
fixes #53, fixes #25 and general improvment to sql delete commands
Squashed commit of the following:
commit c4382aeea5d72402bcbf3049d3c08f74792ca379Author: Ohad Levy <ohadlevy@gmail.com>Date: Thu Oct 15 22:03:26 2009 +0800
disable ldap by default
commit 685baf5f2c78128feebcbeed6910b131a072a81bAuthor: Ohad Levy <ohadlevy@gmail.com>...
fixes #44, this however doesnt show any Report of Facts controllect activites, could not find a way to specify it per method
Fixes #16, this adds the possibility to see the host report status out of the host list
Fixes #23; This provides status indicators to the reports list.Additionally, this provides a detailed overview of each host.
Fixes #9 and introduce a basic reporting viewing over http