Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)

ReportsController 'show' and 'destroy' now perform a check to see if
the User is authorized to see the Host associated with the Report. In
case it's not, it returns 404, as to not give hints whether a Report...

Fixes #11031 - ignore identifiers of interfaces being destroyed

(cherry picked from commit 1e7822a586b6e4f288823df0b9419ef2749d6b8c)

refs #10867 - bool cast compatibility with 1.8

Fixes #10915 - Deleting a host removes all host specific overrides

(cherry picked from commit 674755f43684f76e6b23ca499a57153aad3db5e2)

Fixes #10867 - OpenStack boot_from_volume is true only when checked

(cherry picked from commit 776cff93637b006cb69063fecf142e776acd1378)

Fixes #10607 - match bonds based on identifier only

(cherry picked from commit 7be20b248502eb8682008e1c6b03fef71da4f73d)

Fixes #10888 - skip attached_to updates if identifier was blank

(cherry picked from commit db6d6b8b7d0d2e90e27d4c23308e5db26abd3820)

i18n - extracting new, updating rails, pulling from tx

fixes #10627 - apply host taxonomy scope to facts/report joins

Previous changes to perform a join onto hosts with authorisation result
in a query such as Report.joins(:hosts), which ignores any
default_scope on Host::Base. This commit explicitly passes taxonomy...

Fixes #10260 - allow NIC management in attended mode and for unmanage hosts

(cherry picked from commit 3a30ac9e54c60f82b68076b6e6815312dfc31781)

Fixes #10566 - allow identifier modifications that do not change interface type

(cherry picked from commit a6b8542a0e1a7eb0d71fdd1d328b224669e3010b)

fixes #10646 - disable NIC subnet taxonomy checks when feature's disabled

(cherry picked from commit d6a192531b7203b12f5e755a7b695435c423ece4)

fixes #10397 - parse Windows Local_Area_Connection interface name

(cherry picked from commit d07bcaf034909c0b6753e77bb80b6eade95a7b87)

fixes #10613 - restore VMware SCSI controller field

(cherry picked from commit 7da1dea0a3860857cb9e176078932ce2609b7335)

Fixes #10542: correct path for auto complete search on filters page.

The filters page was using an incorrect path for the autocomplete search
which caused it to not work on initial page load with non-core resources.
This commit updates the autocomplete search path to use the correct URL....

fixes #10586 - make the 401 status comparison actually match.

(cherry picked from commit 3196ebaa009ca1d79e1330d36a0362b7ca04aade)

fixes #8597 - escape slashes for ptable URL parameters

(cherry picked from commit 053c032dba5b52593c0235d96d74cdd1aae65721)

Fixes #10568 - Show release field when OS family is CoreOS

$release is necessary for CoreOS installation media, however the new Operating
System form doesn't show it when you change family to CoreOS, only after it's
submitted.

(cherry picked from commit 96934ca4ae5329df363f577a9be2cd73c5495e29)

fixes #9873 - generate unique alert mails for each user group member

To create distinct mails, new Mailer instances are required instead of using
the same one - else, the last message changes the previous ones. The recipient
list is now determined in the ReportImporter, and the MailNotification helps...

Fixes #7533 - auto resize pie chart labels to prevent overflow

(cherry picked from commit 5d0a54a51491a21390d4c8196089debb11fcf924)

Fixes #9594 - adds admin field to the hostgroup rabl

(cherry picked from commit 5aa4be78af26afbd087c7b752325e15bd4f0e8b2)

Fixes #10535 - building a token instead of creating it until host is saved

(cherry picked from commit c2ff4bd6874155459a51af070abb381fd59be262)

i18n - extracting new, updating rails, pulling from tx

fixes #10482 - get external user group members only once during refresh

(cherry picked from commit 0fd7412faaa76787bf15ed1901ffc9eb4d6353fa)

Fixes #10355 - Prevent turbolinks loading puppetclass import

(cherry picked from commit df8887a9d70a7cdea75928cf0656a00f76c63bd3)

fixes #10509 - add toggle for LDAP usergroup updating

(cherry picked from commit 19bf6b096c03b999a02c82b61dfe0694cbb21a9a)

Conflicts:
app/models/auth_sources/auth_source_ldap.rb

fixes #10493 - disable usergroup sync on login when $login is used

(cherry picked from commit 7891164bffb6746b13dde15a2d38f3371d0abab7)

Conflicts:
app/models/auth_sources/auth_source_ldap.rb

Fixes #9170 - wrong nic order in libvirt domain

(cherry picked from commit 8aeac1b7b89fab21e0b92f54eb460fcc04415e07)

Fixes #9634 - creating a host with an interface and without os returns a validation message

(cherry picked from commit 93dbb7e77dc3502a5cfa6888a13212bed7e178f6)

Fixes #10379 - disables cloning if unattended mode is disabled

(cherry picked from commit 0f5c60f29626d02e91405db27bb057df34c7db39)

Fixes #9966 - More debug messages for matching nics from fog

(cherry picked from commit c796609085caeee03be4ec378b5311fd61ba6684)

Fixes #10212 - validate DNS name uniqueness of interfaces

(cherry picked from commit 60fdfb3851cad0ff347788c1f796d709693a8f27)

fixes #10275 - Add secure cookie when in ssl (CVE-2015-3155)

(cherry picked from commit 0b03b9bdb0579559c2286b457999245ee9c218bc)

fixes #10403 - resync names of unmanaged hosts to their primary NIC

MoveHostNicsToInterfaces previously ignored unmanaged hosts, but they
need migrating too. Updated the existing migration to migrate both,
then for existing hosts, add a new migration to ensure all primary NIC...

Fixes #10307 - editing host with 'unattended: false' no longer results in error

(cherry picked from commit ae274f95193c3147ad563da075d0a36fb1bcff20)

fixes #10298 - handle destroyed but present interfaces

When deleting a host and DHCP orchestration is removing reservations for NICs,
it generates a dhcp_record that contains next-server data. Determining the
next-server IP causes the primary interface to be fetched for DNS resolution,...

fixes #10441 - sort time and count-based columns in descending order

(cherry picked from commit 40d0c98894cfde448392f805c748bd4b95342f7b)

Fixes #8333 - correct matcher values with multi-key matchers

(cherry picked from commit a3d8204a4d7d2eb7355c149d602aa43e8de8aff4)

Fixes #10412 - display interface tooltip after type change

(cherry picked from commit 87800278486afe6ab48df0564249863f2527ddc6)

Conflicts:
app/assets/javascripts/host_edit.js

Fixes #7458 - allow searching hosts by their ip and mac addresses

(cherry picked from commit e473d4d39f0d42747819d4ef098d9247690f540c)

fixes #10343 - only log cache deletion failures when saving settings

(cherry picked from commit 83bd400ce6d69c8f946ff5ed31012ab073fcf1b1)

Conflicts:
test/unit/setting_test.rb

Fixes #7515 - Prevent label line breaks in add bookmark modal

(cherry picked from commit 245180fdcfd42b59f1863170e8af0b6f6c907a55)

Fixes #10305 - complete handling for cloudinit-like in vsphere feature

(cherry picked from commit 5d47a167cc2f2ea2bd9cbc88c30045f36949b636)

fixes #10030 - use override method to display templates in folders

(cherry picked from commit 0af12f79a6e6c3a3ecf72d39df89a2edd7e9b39b)

Fixes #10230 - Host clone uses create_hosts permission

Non-admin users are not able to clone hosts. This is a regression, in
the past the create_hosts permission has been used for this, but it no
longer works. Checking the controller route only fixes the regression....

Fixes #9506 - Add granular permissions to config groups

(cherry picked from commit 6825f8de6debe3854e03d171f6de5b630bfc85b9)

fixes #10342 - adding :host_parameters_attributes to except list in template_used()

(cherry picked from commit d4e53f27fefffc4a1b2b0f25f2d35accf5d4de6e)

Fixes #9687 - respect custom controller permissions

(cherry picked from commit a63aa7cbac0f81955ac9ebcf010bfcf45f5b07c1)

fixes #7743 - ensure name is unique in scope of major and minor

(cherry picked from commit 59b230959ab24b3573eb87616805bf3218a2cb13)

refs #5554 - revert string change, save unnecessary retranslation

(cherry picked from commit 4098e93bc45176ffd8f659d28d0db1f8cb1d7734)

fixes #9240 - in case of hash with indifferent access, serialize as hash

(cherry picked from commit 3059cea1c207718217f07b9cdc706bc516f5db1b)

Fixes #5554 - fixed hostgroup and fqdn validations in multiple matchers

(cherry picked from commit eb414b8bbdc7897f396d184996fac402b3277cef)

fixes #9773 - correctly render template URL

(cherry picked from commit f7174439285708c3010605230fec16797f3a0763)

fixes #10269 - host template preview now opens in a new tab

(cherry picked from commit 77340df814adbae9ea0d66f718b8731872e33631)

fixes #8817 - look up reports with all joins from host scoped_search

This changes the optimisation in d50c799 which caused errors for users with
host filters referencing tables other than hosts.

When retrieving all reports joined with authorised hosts, the nested joins need...

Fixes #9391 - Added validation code to NIC, so it validates that host's location/org is compatible with the one set on NIC's subnet

(cherry picked from commit 8f695d94a2f32fea3363cc017fc59baf6ca15b17)

fixes #9617 - rescue from empty vmware clusters

(cherry picked from commit d76ca3043ca1bac1229667e342da149e3cd6f304)

Fixes #9884 - refresh deleted external usergroups

(cherry picked from commit e780381933a7838af4be9a550942ef0f22608fd4)

Fixes #9878 - refresh external usergroup on API manipulation

(cherry picked from commit 22d2b02fefc54228631008181c3d0db0b2360d28)

Fixes #4787 - prevent unneeded AJAX requests on popover clicks

(cherry picked from commit 71b46a7296d01553a471833d34e3b55d0413545d)

fixes #5909 - return r/w resources from authorized scope

(cherry picked from commit 0d80512c3293895750ffda82489b719c38ec5612)

Fixes #8593 - remove N+1 queries on puppetclass index page

(cherry picked from commit 0e5fefb087492c926e32417039528d0a105d51a0)

i18n - extracting new, updating rails, pulling from tx

Fixes #10186 - find host NICs on vsphere using Network Distributed PortGroup

(cherry picked from commit 4e21396fdf68fa21f3beac1cd460dcfe5c700c38)

fixes #10168 - delegate fqdn/shortname to primary interface

(cherry picked from commit 4d5b979541902c2163d98ca8fd53d230445b60ac)

Fixes #10111 - Use a dummy primary interface for unmanaged hosts

Unmanaged hosts require a host interface due to delegation of networking
attributes, and some others like 'name'. Since unmanaged hosts do not
necessarily have an interface associated (unless created through puppet...

Fixes #10153 - pull in host_edit_interfaces.js also in hostgroups

(cherry picked from commit 8844f307df3b18ca26ce41f19e5ad6c769dacd36)

fixes #10020 - add next-server/filename attrs to provision NIC DHCP record

A host's DHCP record used to be constructed with PXE attributes in
Orchestration::DHCP, but moved to Nic::Managed during 43c4bd7. Nic::Managed
didn't add PXE attributes, so this commit adds these when provision? is set....

i18n - extracting new, updating rails, pulling from tx

Fixes #10093 - VMware#create_vm calls clone_vm

Apply '.with_indifferent_access' to the args passed in to create_vm,
ensuring symbol test for args[:image_id] succeeds when args["image_id"]
is present.

(cherry picked from commit 140cfe262eac838e76eb27517bd0271beab9be15)

fixes #10087 - Pass nic_type to vm_clone

(cherry picked from commit f25e9797d6ae1e2dfebf268934ffd7d17536efbf)

Fixes #10025 - move generic taxonomies code to base class

(cherry picked from commit bf75590c49c05dd780df388908598c85fc8f53bd)

refs #8817 - Revert "fixes #5841 - use inner query when retrieving reports for subset of authorised hosts"

This reverts commit ecdb85a84915954f312889ba51a9b35de86cd38c.

templates - sync from community-templates

(cherry picked from commit 7f55c8958e28c6fc1802e30b2767670c167702dc)

Fixes #9947 - restrict user taxonomies if none is set

(cherry picked from commit abe910f2a46f4ecc1f349263d0b4751ed46ff200)

Fixes #7615 - filter ignore current context

(cherry picked from commit 76fca93b0093e9b4174d1a888ffca9f3fcb886c9)

refs #4521 - extract string, fix capitalisation

(cherry picked from commit a31c0e15d200e438939b37b2fc393841084f9801)

refs #4521 - Openstack Compute Resource: Boot from Volume on new Host

(cherry picked from commit 3f56eab265fdec913f988a119d78771d345c5428)

Fixes #9362 - Corrected CoreOS mediapath

(cherry picked from commit 9f858eb43200809f931321821880f1ae9ca9db54)

Fixes #8812 - Pass model type so search_for is called on Host

At least on version 1.6.1, the absence of this second parameter leads to a
runtime crash when it's time to validate if the current user (non-admin) is
allowed to perform a power operation on given a host via the APIv2....

Fixes #10002 - Add attribute ancestry to taxonomies API v2

(cherry picked from commit 1f47202ce4e70fd036437f1d81646b6b811bf02d)

fixes #9778 - return r/w host when finding and associating to CRs

(cherry picked from commit cd4c4ad907fdadae66576f64831204711748bef3)

Fixes #9921 - specify requirements on apidoc params for NICs

(cherry picked from commit e404a0fa999b995fea3b7222611fa852b26fb6f8)

Fixes #9926 - do not always set LDAP encryption method

(cherry picked from commit 5d5e0bb601ad75a514168a263a6a360c496cb2af)

Fixes #8890 - Allow selection of plaintext "encryption" method for root password

(cherry picked from commit 331ff165939399787022e77ad17778e2ac39c148)

Fixes #9618 - make identifier uniq per host

(cherry picked from commit f2d5f95539b5070f5c7aba37196c45346140357d)

i18n - extracting new, updating rails, pulling from tx

Fixes #7378 - fixed API lookup keys filters

(cherry picked from commit bc68c48da5b718084c3e531e61e48124e8e00d36)

templates - sync from community-templates

(cherry picked from commit da8cfe4f1843f654d8b232418207de3b66f632be)

refs #9877 - s/variable/class parameter/ on param :override

(cherry picked from commit 00c41428f08d427eb41c041e9bf8bb2eeac26bfc)

fixes #6568 - showing ovirt template version if applicable

(cherry picked from commit a647442376aceae2e539791790eb8f308b56cd3a)

Fixes #9885 - pass verify_mode to net/ldap

(cherry picked from commit fc3faf6f4e8c1f0efd62e8c58687b3d30c69b67e)

Fixes #8601 - Cloudinit userdata in VMware

(cherry picked from commit 5b1f7529284e9e62d9f8f08977b543d4a7b93f21)

fixes #7407 - puppet class parameters should be cloned in #clone

(cherry picked from commit 7691ab4a56a49118f6cf97ca7f6de1c932b99e2a)

fixes #9877 - Add descriptions to smart_class_parameters in api/v2

(cherry picked from commit f43531494ef29c26081ece9c6ab1caea8c9fa08e)

Fixes #9836 - use provider type in host helpers

(cherry picked from commit c2f60b5702320f4be3125d9fed8a30a2ec7a3994)

Fixes #9869 - propagate LDAP errors

(cherry picked from commit e1e7d0686b7ab3c329e2b9884b7731a3005c9276)

fixes #9775 - always load Encryptable when key's missing, log runtime warning

a59972c3 causes Encryptable to be loaded before the encryption_key.rb
initialiser and the majority of the class was skipped as the key was undefined.

Now Encryptable always loads, but logs at runtime if the key is unavailable,...

fixes #9823 - Add description to smart variables

(cherry picked from commit b8239e44dfdd9bf924758f2dd179018a9b9f4d4a)

fixes #9469 - redirect to reports#index on destroy

(cherry picked from commit 0b1dafbbef20e185a9e4fdda626796db4a6168bd)