fixes #5612 - use correct permissions for authz in parameters API
fixes #5506 - added scoped search to SmartProxy for UI and API v2
fixes #5436 - provisioning templates are world accessible
fixes #4597 - map host disassociate actions to permission
fixes #4204 - add config groups feature - assign multiple config groups to a host or hostgroup
fixes #3914 - set current taxonomies on login from user defaults
fixes #4895 - Adds CSRF protection check to the API if a session user is present
fixes #4863 - API V2 - add puppetclasses format style=list and module_name to base.json.rabl
fixes #4462 - extending the /users/login handling to process REMOTE_USER through intercept
Fixes #4976 - ensure the process is really running inside a rake task
fixes #1809 - foreman realm integration
fixes #1966 - improved UI errors for proxy
Fixes #4851: a SmartProxy.with_features scope replaces feature-specific scopes generated during class loading
fixes #4776 - support session[:expires_at] for api requests
There are situations where the UI needs to invoke requestson the API controllers; therefore, we need to ensure thatthe session expiration accounts for them. This is a commonfor plugins, such as Katello, which leverage the...
fixes #4457 - Session fixation, new session IDs are not generated on login (CVE-2014-0090)
fixes #4314 - ignore default scope ordering on host search by puppet class
fixes #4581 Implement available_networks API for VMware
fixes #4201 - update operating system by label, use description or fallname otherwise
fixes #3001 - Facts searchable by both host id and name
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
fixes #4393 - rename ancestry label to title
fixes #3751 - new/edit submit buttons now have id
fixes #3876 - API find_resource by name even if name starts with integer
fixes #4349 - API v2 - add location and organization child nodes to user, domain, subnet, etc show json templates
fixes #4198 - API v2 - add child nodes to show responses. Ex. architecture should show operating systems node
fixes #4222 Add capability to compute resource API to retrieve cluster,network,storage info on oVirt
fixes #3912 - add inheritance for locations / organizations
fixes #3939 - add option to 'inherit from parent' for hostgroup attributes
fixes #4268 - don't search for host with nil IP on hostname spoofing
fixes #3845 - user login session ending clears chosen organization
fixes #3596 - validation error when user with hostgroup subscription creates a new hostgroup
fixes #3519 - taxonomies include authorization module
fixes #3725, #4167 - root password validations, remove default password
fixes #3553 - add "except" option to prevent puppet class import to select types of import
fixes #2866 - Changing a hostgroup name doesn't update associated Smart Variable matchers
fixes #3960 - wrap APIv2 errors in an "error" node
fixes #3920 - prevent 500 ScopedSearch errors on the API, raise UI errors correctly
fixes #359 - hostname spoofing for unattended installation templates
fixes #3760 - API v2 define metadata @total for each controller
fixes #2231 - hostgroup deletion is restricted to hostgroups without children
Fixes #4022: Make api puppetrun a PUT for REST standards
fixes #3515 - API handles not found objects with 404
Fixes #4020 - enable @static to work on all OS template types
fixes #3178 - add feature for compute profiles for hostgroups and hosts
refs #3928 - use updated test fixture
fixes #3928 - API v2 - update os_default_templates for operating system
refs #3930 - ensure a user can actually update itself.
fixes #3930 - refactoring of edit_self implementation.
fixes #3752 - move data population from migrations into seed script
fixes #3280 - authenticate returns true for API requests when login:false
fixes #3693 - API v2 - accept GET json format of object in PUT/POST requests to add/remove has_many associations
fixes #3491 - API v2 rabl templates base, main, show for each controller
fixes #2983 - Add autosign#index to API v1 and v2 and remove from UI controller
fixes #3646 - API v2 change default root name for api json single object response to no root node but make it configurable
fixes #3137 - API v2 - show error if optional nested object does not exist for nested route
fixes #3018 - API v2 metadata for pagination, search, order in index collection json response
fixes #3011 - default root node name for api collections json response to :results but make it configurable
fixes #3736 - users API uses login name as an identifying attribute
fixes #3510 - plugin interface for registering a plugin, updated menu system
fixes #2763 - correcting doco links
fixes #3603 - replaced a relation with a collection in 'where' conditions
fixes #3017 - split APIv2 controllers from v1 parents
fixes #3312 - support /users/extlogin as a login page based on REMOTE_USER
Fixes #3569, #3210 - Use port from foreman_url for templates
fixes #3597 - removing rr gem, make tests consistent by using just mocha
fixes #3566 - exposes orchestration tasks via the API at /api/orchestration/id/tasks
fixes #3577 - do not treat `params[:dryrun]` with value `false` as true
fixes #2951 - Host API documentation lacks compute_resource_id
fixes #1830 - auto assign puppet proxy if its not defined upon facts/reports event
fixes #3140 - API to allow importing of puppet classes
Fixes #3293 add FactoryGirl to tests
fixes #3239 - pxelinux spoofing on postgres now works
fixes #3136 - host cloning should auto-suggest a new IP address
fixes #3111 - v2 API calls to /api/[class]/[object]/parameters/[parameter] return wrong object
refs #3141 - added tests around Foreman::Controller::SmartProxyAuth
Fixes #3128 - add json format back to images_controller
fixes #1244 - add smart proxy feature refresh link + API call
fixes #2810 - more restful API v2 JSON responses in puppetclasses
NOTE: breaking changes to API v2 api/lookup_keys does not exist, replaced by api/smart_variables and api/smart_class_parameters
fixes #3101 - list available images for CRs, add iam_role field to images API
Fixes #2984 - API v1/v2 StatisticsController and remove JSON from UI controller
fixes #3089 - Updating settings causes settings page to load again within the page
fixes #2764 - settings defined in settings.yaml file are now read-only
fixes #2400 migration to remove orphaned records and add foreign keys constraints to database tables
fixes #2969 - remove all legacy api code in UI controllers, add deprecation response
fixes #2996 - VM show screen syntax error on ruby 1.8
fixes #1853 - Users now have a new filter to subscribe to new hostgroups
fixes #3046 - add NIC CRUD, power and boot operations API
Fixes #2414 - Move puppet report processing code to the report processor
This creates a API route for POST:/api/reports which matches the GETformat for reports. Tests are updated, with the report model testsmoving to the puppet-foreman module (along with the report fixtures).
fixes #2863 - restrict APIs to resources that a user is permitted to manage (CVE-2013-4182)
Refs #2414 - Remove Puppet from facts API and Settings
Reports are still in progress and will come in a later PRDB schema is updated to not need puppet/rails
fixes #2988 - merge authentication code, enables REMOTE_USER auth on new API controllers
fixes #2891 Openstack power control operations support
Compute resource helper Strings should be possible to translate
Compute resource permission to pause vms
Tests for Openstack VM pausing/resuming
VMs UI shows only available actions
I18n string issues. Vm power state cannot be properly translated yet...
fixes #2877: deletion of the organization or location in the context no longer breaks the session
fixes #2788 - changes to fixtures and tests in preparation for testing adding/removing puppetclasses
fixes #2788 - adding / removing puppet classes updates the change even if the form is not submitted
Fixes #2576 - Add optional update of Host.ip from built request
fixes #2693 - don't cause handle_ca error when no Puppet CA associated with host
fixes #1770 - Refactored rdeckfacts definition to use facts_hash
fixes #2142 add Smart Parameters and Smart Class Parameters to API v2
fixes #2782 - LDAP password overwritten as blank
