Fixes #19789 - fix Layout/SpaceAroundOperators cop

Fixes #21098 - Use positional args in functional test requests

Fixes #15402 - Moved puppet to separate api controller

fixes #16557 - move tests into modern Rails layout

Models, controllers, mailers and helpers are now in test/ subdirs
matching app/ subdirs. Service, miscellaneous and old test/lib/ tests
are now in test/unit/ separated from models, which obsoletes the custom...

Fixes #16633 - AuthSourceLDAP uses *_authenticators filters

Prior to this, non-admin users who were granted *_authenticators
permissions were not able to use them, as the controllers were looking
for *_auth_source_ldaps permissions instead.

refs #15846 - hide API deprecation warnings in tests

Fixes #16219 - Interfaces API works with scoped view_hosts

Before this commit, parent_scope called 'merge' on a scope that may
contain conditions that do not make sense on 'resource_class'.

In this case, when a user with a filter :view_hosts and search
'hostgroup_fullname = foo' tried to view...

Fixes #16397 - set nested template_combo. objects to optional

Fixes #16461 - expose override in filter API

Fixes #15846 - Renamed use_puppet_default to omit in LookupValue

Fixes #16380 - Eager load hosts attributes
Since Rails 4, in order to load delegated attributes,
we need to use 'eager_load' instead of 'includes'

Fixes #16415 - Accept unwrapped hash with 'layout' attribute

Fixes #14771 - Show corresponding os list for arch

Fixes #12634 - New HW Model flag pxe_loader

Implementation of

https://github.com/theforeman/rfcs/blob/master/text/0001-PXE-Booting-UEFI.md

In short, new host/hostgroup flag PXE loader is added to specify TFTP
DHCP filename and Foreman now orchestrates all PXE-capable templates...

Fixes #16061 - auto ip assignment for non-primary interfaces

Squashed commit with a test case and the changes Timo suggested thanks
for the help also tried to decrease complexity of my change.

Fixes #15833 - remove duplicities in smart params listings

fixes #3917 - replace protected_attrs with strong parameters

Filtering of attributes has moved from the protected_attributes gem to
strong parameters in controller concerns, to be in line with current
Rails recommendations.

Concerns are shared between UI and both API controllers and list the...

Fixes #15653 - CVE-2016-5390 fix permissions for host API

Non-admin users with the view_hosts permission containing a filter are
able to access API routes beneath "hosts" such as GET
/api/v2/hosts/secrethost/interfaces without the filter being taken into...

Refs #13164 - Consistent parameters authorization in api

Fixes #15336 - Enables proper deletion of Orgs

Prior to this commit if you had an Org/Location with a host and tried to
the delete the Org. You would end up with an error that looks like

<Org> is used by <Host> (RuntimeError)

Basic error is these 2 areas...

fixes #14665 - support IPv6 via API

fixes #9110 - add freeip route to API

Fixes #15268 - limit user taxonomies using my scopes

Fixes CVE-2016-4475

Fixes #14546 - ability to restrict *_external_variables
Fixes #14535 - corrects permissions for smart class parameters

Fixes #15174 - make sure to return 404 when taxonomy not found

Refs #3809 - Turning on some rubocop cops

Fixes #14877 - Adds glossary to dashboard API

Fixes #14701: Mention image password in API docs and tests

Setting the image password is well supported but not documented.

Fixes #14927 - correct override value requirment

override value should only be required when use_puppet_default is false

refs #14691 - user editing self should not change User.current

Rather than changing the behaviour of #to_label to return persisted
data, the User.current object should not be modified with unsaved data
from the form submission or API update.

User.current is used for authz as well as for display purposes, so...

Fixes #14190 - consistent api output and search options

Fixes #14261 - User API should return correct admin status

Fixes #14330 - Provide option in hammer to change display type for
libvirt compute resource

Fixes #5816 - allow editing and displaying self via API

Fixes #14264 - improve primary interface selection

fixes #14239 - when creating host from API, set first interface as primary if none set

fixes #13980 - don't merge NIC compute attrs on New Host form

Removes merging of NIC's compute attributes when refreshing interfaces
on compute profile or resource selections on the New Host form. Instead,
overwrite NIC attributes from the profile (as it did before 85e82d0) as...

fixes #14155 - fix leaks between tests with random ordering

- A test for the Rabl use_controller_name_as_json_root extension was
leaking as the old value was only reset in `setup` methods. When the
test was last in the test case, the configuration wasn't reset....

Fixes #3582 - Parameters on subnets

fixes #13941 - expect deprecation warnings in tests

When testing deprecated routes, parameters etc, expect the deprecation
warnings to both test that it's logged and to prevent the logging from
cluttering test output.

fixes #14000 - respect custom controller permissions

Allows controller_permission method to override the permission suffix
used in resource_scope, originally from a63aa7c and removed in bb39df2.

fixes #13971 - pass IDs to model.find and .exists?

AR objects should not be passed to .exists? or .find, the ID should be
given instead. Passing AR objects is deprecated in Rails 4.2.

Fixes #13896 - Rename Anonymous role to Default role

fixes #13938 - remove reports fixtures

Under Rails 4.2, the rendering of the config_reports#show page was
failing as the reports fixtures referenced hosts that didn't exist.
Presence of host_id is validated under normal circumstances.

fixes #13828 - CVE-2016-2100 - only showing relevant bookmarks

fixes #13852 - add user_data to images api docs

Fixes #6241 - Validations for associations with proxies

Fixes #6342 - merge compute profile when attributes in api host#create

API v2 host#craete call now merges user specified compute attributes
with compute profile. UI functionality remains untouched.

Fixes #13257 - nested locations can be created via api

Fixes #13557 - Rubocop enforce specifying a timezone

Rubocop can enforce what timezone to store in the database ,
so we can ensure everything is stored using UTC and we don't
miss these things in code reviews. When objects are displayed,
they must use the time provided by set_timezone in the...

Fixes #13554 - Setting releated to taxonomies shouldn't be shown if they are disabled

fixes #12436 - as a user I want to deploy vSphere vms on a storage pool

fixes #13440 - rename Host#model_name to #hardware_model_name

Rails 4.2 defines a model_name instance method which is used in routing
and called from link_to. Rename our model_name methods to
hardware_model_name to prevent this overlapping and causing link_to...

fixes #12920 - allowing os parameters to be set via API

Fixes #12718 - smart proxy log table

This patch adds a table with logs fetched from Smart Proxy /logs new API. It
returns latest N log entries from a simple memory buffer. The table supports
filtering by level, custom filtering and it introduces several overview...

Fixes #12566 - host_parameters_attributes accepts nested flag

Fixes #13101 - Smart class parameters show puppetclass in api

Fixes #10357 - Realms for organizations and locations can be retrieved through API

Fixes #12965 - provisioning/config templates are shown under OS API

Fixes #12754 - adds permission name to 403 page

Fixes #7230, #12021 - Upgrade to Rails 4.1.5

This commits upgrades Rails to Rails 4.1.5. See a description of the
changes included here, and go to the pull request in GitHub to see more
detailed explanations:

• Update gems to a Rails 4 compatible version, including dependencies...

Fixes #12180 - lookup_value presence validation moved from lookup_key

Global parameters can have empty values so smart variables that are also global should be allowed to accept empty values too.
The validation on lookup_value to make sure it isn't empty is in the LookupKey class therefore affecting both VariableLookupKey and PuppetClassLookupKey....

fixes #12666 - add locked to attr_accessible for templates

Fixes #12506 - Show smart proxies version in about page

Fixes #11643 - [API] Add preview template to host

Fixes #7537 - Adds test connection button to LDAP form

Fixes #12201 - Made parent associations finder less dependent on association name

Fixes #12279 - add default order to roles

fixes #4151 - enable reports STI

Permits subclassing of ReportImporter and Report to import and store
new types of reports associated to hosts.

refs #12147 - compatible test updates for api fact value controller

Refs #12089 - tests for config templates controller param wrapping

Fixes #12004, #11999 - Remove reserved words from Environment friendly_id

Restores use of friendly_id, but removes 'new', 'edit' etc from the
reserved words list to ensure they can be used as identifiers.

Reverts the id-name parameterization to purely name, which fixes...

fixes #11996 - use preload to avoid multiple fact/host table joins

When retrieving fact_values as a non-admin user, the my_facts scope
performs a join to the hosts table. The .includes(:host) also performs
a join via eager loading, and when both are combined with a scoped...

Fixes #11764 - Taxonomy parameters can be accessed through API

fixes #11242 - Add operatingsystem_id to os_default_templates in API

fixes #11037 - Add ByIdName to environment model

Fixes #2267 - general rebuild of TFTP, DNS, DHCP

Fixes #3650, #11600 - Compute Resource availability_zones, flavors, security_groups API v2 endpoints

Fixes #10106 - Make tests run in parallel

Run rake parallel:test to run tests in several processes. The gem will
auto split the tests in as many cores as you have available.

Keep in mind running tests in parallel could highlight race conditions
we would've missed otherwise, so some tests might to be fixed to ensure...

Fixes #11693 - removed 'destroy' for smart class parameter from API controllers

Fixes #10782 - global host status

• OK
• WARN
• ERROR

Plugins can add their own substatuses. These are automatically...

Fixes #11426 - remove puppet class paremeters no longer possible during edit in UI

fixes #11649 - taxonomies api - add description to base.json.rabl

Adding the 'description' to the base.json.rabl so that it is displayed
when a user performs commands like 'organization list' from hammer-cli-katello.

E.g.

hammer> organization list
---|----------------------|----------------------|---------------...

fixes #10832 - separating lookup keys into puppet and variable

Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)

ReportsController 'show' and 'destroy' now perform a check to see if
the User is authorized to see the Host associated with the Report. In
case it's not, it returns 404, as to not give hints whether a Report...

Fixes #4419 - rearranging smart class parameters edit form

Fixes #10248 - cloning volume information for virtual machines

Fixes #10550 - Settings API will not update when value parameter is missing

Fixes #11089 - Adapt tests to Rails 4

This commit contains all changes to tests in branch
https://github.com/theforeman/foreman/pull/2055 that I found to be
retrocompatible with Rails 3. The more of these we can get in, the less
code we will have to review for Rails 4, and the more relevant it will...

Fixes #11078 - Substitute find_all_by by where to comply with Rails 4

This commit takes away all instances up to this point of find_all_by to
improve Rails 4 compatibility. They are substituted by .where calls.

Fixes #10356 - changed the POST/PUT RABL template to be the same as the GET template

HTTP response code standardized to 201 on create.

Fixes #10963 - partition table can't access os ids

Refs #10720 - Use API v2 response for vm_compute_attributes

Fixes #6976 - Build default PXE menu should be POST request

Fixes #7096 - Adds STI to templates

This commit converts Ptables to be just another type of Template so it
gets the same features as ConfigTemplate. ConfigTemplate was renamed to
ProvisioningTemplate to reflect UI and the name under it's commonly known.

fixes #10720 - Adds API to get host vm attributes

This exposes an API to fetch a host's vm_compute_attributes,
such as vmware cpus and memory. It lives at a separate endpoint
because it involves a fetch for data from the compute resource,
and may have different performance characteristics than the database.

Fixes #10715 - api build_pxe_default returns non-JSON message

The fix adds a new method `render_message` for responding with a status
text.

fixes #9031 - Add routes to view template_combinations per hostgroup / environment

fixes #10482 - get external user group members only once during refresh

fixes #9812 - Adds validation on override value, ensure match returns error if blank