foremancommunity-templatesforeman_api
Fixes #11579 - Reports show/destroy restricted by host authorization (CVE-2015-5233)
ReportsController 'show' and 'destroy' now perform a check to see ifthe User is authorized to see the Host associated with the Report. Incase it's not, it returns 404, as to not give hints whether a Report...
fixes #10509 - add toggle for LDAP usergroup updating
(cherry picked from commit 19bf6b096c03b999a02c82b61dfe0694cbb21a9a)
Conflicts: app/models/auth_sources/auth_source_ldap.rb
Fixes #9878 - refresh external usergroup on API manipulation
(cherry picked from commit 22d2b02fefc54228631008181c3d0db0b2360d28)
Fixes #8812 - Pass model type so search_for is called on Host
At least on version 1.6.1, the absence of this second parameter leads to aruntime crash when it's time to validate if the current user (non-admin) isallowed to perform a power operation on given a host via the APIv2....
Fixes #9921 - specify requirements on apidoc params for NICs
(cherry picked from commit e404a0fa999b995fea3b7222611fa852b26fb6f8)
Fixes #7378 - fixed API lookup keys filters
(cherry picked from commit bc68c48da5b718084c3e531e61e48124e8e00d36)
refs #9877 - s/variable/class parameter/ on param :override
(cherry picked from commit 00c41428f08d427eb41c041e9bf8bb2eeac26bfc)
fixes #9877 - Add descriptions to smart_class_parameters in api/v2
(cherry picked from commit f43531494ef29c26081ece9c6ab1caea8c9fa08e)
fixes #9823 - Add description to smart variables
(cherry picked from commit b8239e44dfdd9bf924758f2dd179018a9b9f4d4a)
Fixes #9723 - missing owner_type in host api docs
(cherry picked from commit 55be35e9699765bb5fb137db518b06411be20939)
View revisions
Also available in: Atom