Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
fixes #10586 - make the 401 status comparison actually match.
(cherry picked from commit 3196ebaa009ca1d79e1330d36a0362b7ca04aade)
fixes #10509 - add toggle for LDAP usergroup updating
(cherry picked from commit 19bf6b096c03b999a02c82b61dfe0694cbb21a9a)
Conflicts: app/models/auth_sources/auth_source_ldap.rb
Fixes #9506 - Add granular permissions to config groups
(cherry picked from commit 6825f8de6debe3854e03d171f6de5b630bfc85b9)
fixes #10342 - adding :host_parameters_attributes to except list in template_used()
(cherry picked from commit d4e53f27fefffc4a1b2b0f25f2d35accf5d4de6e)
Fixes #9687 - respect custom controller permissions
(cherry picked from commit a63aa7cbac0f81955ac9ebcf010bfcf45f5b07c1)
fixes #9773 - correctly render template URL
(cherry picked from commit f7174439285708c3010605230fec16797f3a0763)
Fixes #9884 - refresh deleted external usergroups
(cherry picked from commit e780381933a7838af4be9a550942ef0f22608fd4)
Fixes #9878 - refresh external usergroup on API manipulation
(cherry picked from commit 22d2b02fefc54228631008181c3d0db0b2360d28)
Fixes #8593 - remove N+1 queries on puppetclass index page
(cherry picked from commit 0e5fefb087492c926e32417039528d0a105d51a0)
Fixes #10111 - Use a dummy primary interface for unmanaged hosts
Unmanaged hosts require a host interface due to delegation of networkingattributes, and some others like 'name'. Since unmanaged hosts do notnecessarily have an interface associated (unless created through puppet...
Fixes #8812 - Pass model type so search_for is called on Host
At least on version 1.6.1, the absence of this second parameter leads to aruntime crash when it's time to validate if the current user (non-admin) isallowed to perform a power operation on given a host via the APIv2....
Fixes #9921 - specify requirements on apidoc params for NICs
(cherry picked from commit e404a0fa999b995fea3b7222611fa852b26fb6f8)
Fixes #8890 - Allow selection of plaintext "encryption" method for root password
(cherry picked from commit 331ff165939399787022e77ad17778e2ac39c148)
Fixes #7378 - fixed API lookup keys filters
(cherry picked from commit bc68c48da5b718084c3e531e61e48124e8e00d36)
refs #9877 - s/variable/class parameter/ on param :override
(cherry picked from commit 00c41428f08d427eb41c041e9bf8bb2eeac26bfc)
fixes #9877 - Add descriptions to smart_class_parameters in api/v2
(cherry picked from commit f43531494ef29c26081ece9c6ab1caea8c9fa08e)
fixes #9823 - Add description to smart variables
(cherry picked from commit b8239e44dfdd9bf924758f2dd179018a9b9f4d4a)
fixes #9469 - redirect to reports#index on destroy
(cherry picked from commit 0b1dafbbef20e185a9e4fdda626796db4a6168bd)
Fixes #9723 - missing owner_type in host api docs
(cherry picked from commit 55be35e9699765bb5fb137db518b06411be20939)
Fixes #9657 - merge NICs from compute profile in host create API
- updated api docs for hosts and interfaces- host create/update api actions now merge interfaces from compute profiles- NIC type mapping extracted into a separate class- return full host detail after host update...
Fixes #9678 - Can't update admin flag for users via API
find_resource needs to be defined prior to UsersMixin is included as itrequires the variable @user being set.
(cherry picked from commit 1b1b39861e485523b0cc0c6435fef30c38df7e07)
Fixes #9480 - multiple NICs integration with compute profiles
From users point of view:- interfaces setup in compute profiles is back- interface related compute attrs get merged into host NICs upon compute profile selection- NIC overview table displays details in the column "Type"...
Fixes #9427 - Return meaningful errors from subnets/freeip and parse the error response to the UI
(cherry picked from commit b9521a8dc7f4e61a011cabbfdfe78657bd3c24d2)
Fixes #8736 - confirmation before host delete for freshly created hosts
(cherry picked from commit 96277f876959e1cd61c30cb8e28552e3183624da)
Fixes #9452 - correct capitalization of VMware
Refs #3809 - Remove classcheck cop
Refs #3809 - Remove cop IndentationConsistency
Refs #3809 - Remove cops for empty lines
fixes #9358 - match unattended template requests against provision interface
Fixes #9231 - Require English lib and fix ENC failure
fixes #9362 - Add mediapath support to CoreOS
fixes #5812 - url parameter in compute_resource#create is not required for EC2, removing the required flag
Fixes #9113 - api docs for users miss locale and timestamp params
Locale was missing also in the server responses.
fixes #9030 - Adds support to clone config template via api
Fixes #9225 - private is defined twice in hosts controller
Fixes #7456 - Extract primary interface from host
All host must have at least one primary interface and one provision (can...
Fixes #9099 - Upgrade rubocop to 0.28.0
Fixes #8838 - Replace HTTP error codes with human-readable symbols
Fixes #8764 - adds description to taxonomies
fixes #8484 - make SmartProxyAuth concern more useful to plugins
Fixes #8837 - Return correctly formatted response on ajax_error
Fixes #6832 - Don't show location/organization on host edit page if host has none
fixes #7652 - Implements CoreOS OS support
fixes #8049 - Add timezone to user
fixes #8442 - add eager loading of users on audit show page for history tab
fixes #8638 - ensure that a redirect to hosts index after host destroy
Fixes #8790 - Fix N+1 query on user list page
fixes #8627 - add host comment field to API documentation
fixes #8590 - handle missing 'config' when listing vSphere VMs
Fixes #8400: Remove eager loading of puppetclass in lookup_keys index
fixes #8228 - add a config_templates concern to serve config_templates controllers
fixes #8513 - removing n+1 query from images#index
Fixes #8284 - missing params in OS api docs
Fixes #8267 - accept template_url in call to foreman from proxy
Fixes #8428 - Connecting audits to existing users
fixes #8459 - remove sp_subnet_id from api/hosts
Fixes #8405 - Filter :interfaces_attributes when calculating templates_used
Refs #3809 - Remove useless assignments
Fixes #8425 - n+1 query on audits index
Audits index include users who performed actions, and these are beingcalled with n+1 queries. Fix should be as simple as providing theusers through the controller with an includes.
fixes #5634 - save sso_method on session expiry
Fixes #1448 - correctly display puppetclass statistics
fixes #5773 - redirect to referrer URL that includes page and search
Fixes #7369 - External user groups update on login
fixes #7586, #7734, #7172 - user preferences for receiving mail notifications
Adds a framework for user-selectable mail notifications. The work isstill done in ActionMailer classes and launch by rake in cron, however awrapper called MailNotification is used to provide RBAC and make the...
fixes #4463 - use unattended URL for hostgroup provisioning
Fixes #3260- Allows puppet to manage value of smart class parameter that can be overrided
Fixes #746 - Generate all the Host template when click on Build to avoid errors during installation
Fixes #7519 - i18n extract ajax error message
Fixes #8005 - Convert allowed NIC types to strings
- allowed NIC type classes need to be registered now- api for interfaces use lowercase human readable values for defining types- fixed output of api's create action to the standard format
Fixes #3309 - Support deep merging of hash and array structures in smart class parameters
fixes #7331 - delete unassigned os default templates
Fixes #7830 - interfaces api output is class specific
- per type rabl templates- fixed api docs for interfaces
fixes #7898 - ensure that format can respond to json / yaml
fixes #4439 - ensure user logins are handled case insensitively
fixes #7372 - API v2 - accept PUT/POST requests with wrapped root node to add/remove has_many associations of child nodes
fixes #3492 - API v2 nested routes for each controller
fixes #7332 - Host Create API documentation missing required parameters
fixes #7805 - Add several security related HTTP headers - security hardening.
Fixes #7884 - Display Fog errors on vm operation
refs #7401 - fix markdown syntax in API doc
Fixes #5139 - leftovers subscribe_to_all_hostgroups
Remove user_xxx unnecessary tables and notices
Update subhostgroups removed
Fixes for migration of foreign keys
Remove users from compute_resource fixture
Remove table notices after fk are removed for pg/mysql
Fixes #7401 - Add support for bonds
Renames physical_device to attached_to and move the virtual deviceform out of BMC.Extends the form for Bond devicesAllow configuration of bonds in KS templateParsing of Bond interfaces from factsMac address is required only for physical devices
Refs #3809 - Use parentheses in method definitions
Refs #3809 - Fix a few rubocop TODOs
Refs #3809 - Remove rubocop TODOs
Removed the following TODOs so that cops for these will run from now on:
Lint/AmbiguousOperator, DefEndAlignment, DeprecatedClassMethodsEnsureReturn, RequireParentheses, Void, BlockAlignment, EndAlignment,UselessAccessModifier,...
fixes #2321 - remove new puppet creation option
refs #7608 - i18n fixes, tests, use POST for action + only display link if authed
fixes #7608 - Override all puppetclass parameters in one click
fixes #7756 - render not_found.json.rabl for API errors rather than expose too much internal information
Fixes #7620: When cloning a host show old host name
fixes #4672 - added template_name template variable
fixes #6856 - API v2 - more efficient import puppetclasses for single environment
refs #2127 - add password_hash to API
Fixes #7572 - remove rundeck from core
Foreman rundeck is now a plugin available in https://github.com/theforeman/foreman_host_rundeck
fixes #4386 - gem friendly_id to simplify find by id, name, label, etc
Fixes #6999 - protect user logout against CSRF requests (CVE-2014-3590)
To avoid CSRF, logout is changed to be a POST request soprotect_from_forgery checks the CSRF token. However, in Rails 3 the onlystrategy available is to nullify the session of the attacker....
Fixes #2524 - adding taxonomy scope parameters
Fixes #5088 - adding location_ids and organizations_ids to apidocs of taxable resources
fixes #5896 - Set Compute Resource's 'Console passwords' option in API
