Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)

ReportsController 'show' and 'destroy' now perform a check to see if
the User is authorized to see the Host associated with the Report. In
case it's not, it returns 404, as to not give hints whether a Report...

Refs #3809 - Remove cops for empty lines

fixes #7586, #7734, #7172 - user preferences for receiving mail notifications

Adds a framework for user-selectable mail notifications. The work is
still done in ActionMailer classes and launch by rake in cron, however a
wrapper called MailNotification is used to provide RBAC and make the...

Fixes #5734 - API for external groups management

fixes #3892 - process REMOTE_USER_GROUP_N and REMOTE_USER_GROUP_#, add user to groups based on external user groups.

fixes #812 - new permissions model, user group role and nest support, role filters for better granularity

• Daniel Lobato <elobatocs@gmail.com>
• Joseph Magen <jmagen@redhat.com>
• Tom McKay <thomasmckay@redhat.com>
• Greg Sutcliffe <gsutclif@redhat.com>...