foremancommunity-templatesforeman_api
Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
fixes #10586 - make the 401 status comparison actually match.
(cherry picked from commit 3196ebaa009ca1d79e1330d36a0362b7ca04aade)
fixes #10509 - add toggle for LDAP usergroup updating
(cherry picked from commit 19bf6b096c03b999a02c82b61dfe0694cbb21a9a)
Conflicts: app/models/auth_sources/auth_source_ldap.rb
Fixes #9506 - Add granular permissions to config groups
(cherry picked from commit 6825f8de6debe3854e03d171f6de5b630bfc85b9)
fixes #10342 - adding :host_parameters_attributes to except list in template_used()
(cherry picked from commit d4e53f27fefffc4a1b2b0f25f2d35accf5d4de6e)
Fixes #9687 - respect custom controller permissions
(cherry picked from commit a63aa7cbac0f81955ac9ebcf010bfcf45f5b07c1)
fixes #9773 - correctly render template URL
(cherry picked from commit f7174439285708c3010605230fec16797f3a0763)
Fixes #9884 - refresh deleted external usergroups
(cherry picked from commit e780381933a7838af4be9a550942ef0f22608fd4)
Fixes #9878 - refresh external usergroup on API manipulation
(cherry picked from commit 22d2b02fefc54228631008181c3d0db0b2360d28)
Fixes #8593 - remove N+1 queries on puppetclass index page
(cherry picked from commit 0e5fefb087492c926e32417039528d0a105d51a0)
View revisions
Also available in: Atom