Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
Refs #3809 - Remove cops for empty lines
fixes #7586, #7734, #7172 - user preferences for receiving mail notifications
Adds a framework for user-selectable mail notifications. The work isstill done in ActionMailer classes and launch by rake in cron, however awrapper called MailNotification is used to provide RBAC and make the...
Fixes #5734 - API for external groups management
fixes #3892 - process REMOTE_USER_GROUP_N and REMOTE_USER_GROUP_#, add user to groups based on external user groups.
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity