Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
Refs #3809 - Remove cops for empty lines
Refs #3809 - Remove useless assignments
Fixes #7733 - Remove hosts.yml fixtures and use FactoryGirl instead
fixes #3515 - API handles not found objects with 404
fixes #1834 to get foreman running under ruby 1.9.3
host routes api changes squashed
set apiadmin user in headers before api controller tests
This commit adds most of the functionality required for API v1
The overall goal was to extract the existing JSON responseoverall controllers, and to move them to a seperate name space.