Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)

ReportsController 'show' and 'destroy' now perform a check to see if
the User is authorized to see the Host associated with the Report. In
case it's not, it returns 404, as to not give hints whether a Report...

Refs #3809 - Remove cops for empty lines

Refs #3809 - Remove useless assignments

Fixes #7733 - Remove hosts.yml fixtures and use FactoryGirl instead

fixes #3272 - allow 'admin' account to be removed and replaced

fixes #2969 - remove all legacy api code in UI controllers, add deprecation response

Fixes #2414 - Move puppet report processing code to the report processor

This creates a API route for POST:/api/reports which matches the GET
format for reports. Tests are updated, with the report model tests
moving to the puppet-foreman module (along with the report fixtures).

fixes #2151 - use DN environment variable instead of CN

nginx is unable to pass bits of the X.509 subject, only the entire DN, so
support that as a lowest common denominator.

fixes #2121, #2069 - restrict importers and ENC to puppetmasters and users

CVE-2013-0171: report and fact importers parse YAML directly from the remote
host without authentication. Untrusted YAML can instantiate objects and be
used to exploit Foreman.

CVE-2013-0174: external nodes (ENC) output is available to any source and...

auto create admin-user when missing in API requests

add getter for admin user User.admin which auto creates admin when missing

fixes #1446 - expire idle web sessions

WIP rails3 migration

Feature #882 - add api call to reports page to get the index section

Signed-off-by: Corey Osman <corey@logicminds.biz>
Signed-off-by: Ohad Levy <ohadlevy@gmail.com>

fixes #847 - Retrieve last report information per host via the api

this adds two URLS to the API:

/hosts/fqdn/reports/last
/reports/last

both supports JSON output which provides all of the report information.

fixes #445 - ensure that all anonymous actions are accessible

Fixes #366 - Redmine authorization port

This is a major feature which provides RBAC authorization within Foreman
a mental note to myself - never ever work on large commits

Fixes #405 and Fixes #349 - Adds support to 2.6.x reports

NOTE: Its recommended to Backup your DB prior to using this patch.

Fixes #261 - parameters now use a single reference_id

This implementation uses STI but the table looks the same for all
variants. This is a little strange but it seems to work.

Also removed obsolete controllers and tests
Added more tests

Fixes #249 - Remove AS from reports

Added a searchbar for hostname, reporting period and the type of report.

Fixes #170 - implement usergroups

Added migration
Added tests
Added MVC files
Added the routes as well
Added the program logic and additional views
Added RESTful actions for update and create
Added validations to ensure that usergroup.name and user.login do not collide...

fix broken tests

Commented failing test due to unimplemented validation in OperatingSystem.

added some explanations in reports_controller_test, fact_values_test, users_controller_test, fact_value_controller_test, user_test, about why there is some missing tests. Refactored the auth_source_ldap_controller.

added rr gem to testing. Commented a couple of lines of Report controller test, seems to be a bug in the controller, need to ask about this

Several corrections and improvements. See full description for more detail.

1. Corrected a bug in domain model. In countFact method there was a mistaken search, with the domain name.
2. Finished the domain test
3. Corrected a bug in host_mailer model. In summary method when the conditions hash is declared, in order was a mistaken search with the hosts names....

commented two Logger.new lines, they were creating log files.

reports controller test is stand-by. puppetclasses controller test finished.

erased a debugger line... sorry

unknown failure in the create test from reports controller... help!

Fixes #9 and introduce a basic reporting viewing over http