Project

General

Profile

Download (2.61 KB) Statistics
| Branch: | Tag: | Revision:

foreman/test/functional/api/v1/reports_controller_test.rb @ be0b9bee

# Date Author Comment
be0b9bee 09/15/2015 09:33 AM Daniel Lobato Garcia

Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)

ReportsController 'show' and 'destroy' now perform a check to see if
the User is authorized to see the Host associated with the Report. In
case it's not, it returns 404, as to not give hints whether a Report...
abd8f1d1 02/18/2015 03:54 AM Daniel Lobato Garcia

Refs #3809 - Remove cops for empty lines
2312cccf 11/19/2014 06:03 AM Daniel Lobato Garcia

Refs #3809 - Remove useless assignments
e14b5758 10/21/2014 09:18 AM Greg Sutcliffe

Fixes #7733 - Remove hosts.yml fixtures and use FactoryGirl instead
46338cd7 01/17/2014 09:24 AM Daniel Lobato Garcia

fixes #3515 - API handles not found objects with 404
71291a46 12/20/2012 04:18 AM Dmitri Dolguikh

fixes #1834 to get foreman running under ruby 1.9.3
25d4ca6d 12/11/2012 03:57 AM Joseph Magen

host routes api changes squashed
8ab96869 11/22/2012 10:15 AM Joseph Magen

set apiadmin user in headers before api controller tests
d076d573 11/21/2012 08:10 AM Joseph Magen

This commit adds most of the functionality required for API v1

The overall goal was to extract the existing JSON response
overall controllers, and to move them to a seperate name space.

  • documentation was added to all requests (available under /apidoc)...