[maven-release-plugin][skip ci] prepare release 9.32.1

* Added validation to the ScriptActionExecuter class to enforce the existing constraints on parameter script-ref (Repo has the constraint to only allow scripts in Data Dictionary / Scripts and AGS has the constraint to only allow scripts in Data Dictionary / Records Management / Records Management Scripts") by validating if the given scriptRef is in the allowed valued of the constraint set on that param
* Added a new unit test for AGS to make sure that rmscript action still works as expected when the script is in the correct folder and fails when not
* Added new case in ActionServiceImpl2Test#testExecuteScript to assert that the transaction fails when we execute the action with an invalid script
* Moved test testActionResult from ActionServiceImplTest to class ActionServiceImpl2Test - Before it ran with a script not in Data Dictionary so with the added validation it started to fail. I moved the unit test do avoid duplicating the code to create the script in the correct location.

(cherry picked from commit ac4a1643e1)

core/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-community-repo</artifactId>
-      <version>9.29-SNAPSHOT</version>
+      <version>9.32.1</version>
    </parent>
 
    <dependencies>

data-model/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <properties>

packaging/distribution/pom.xml

@@ -9,6 +9,6 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 </project>

packaging/docker-alfresco/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <properties>

packaging/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <profiles>

packaging/tests/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <modules>

packaging/tests/tas-cmis/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <developers>

packaging/tests/tas-email/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <developers>

packaging/tests/tas-integration/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <developers>

packaging/tests/tas-restapi/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <developers>

packaging/tests/tas-webdav/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <developers>

packaging/war/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <properties>

pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>alfresco-community-repo</artifactId>
-    <version>9.29-SNAPSHOT</version>
+    <version>9.32.1</version>
     <packaging>pom</packaging>
     <name>Alfresco Community Repo Parent</name>
 
@@ -59,7 +59,7 @@
         <dependency.jackson-databind.version>2.12.3</dependency.jackson-databind.version>
         <dependency.cxf.version>3.4.4</dependency.cxf.version>
         <dependency.opencmis.version>1.0.0</dependency.opencmis.version>
-        <dependency.webscripts.version>8.19</dependency.webscripts.version>
+        <dependency.webscripts.version>8.22</dependency.webscripts.version>
         <dependency.bouncycastle.version>1.69</dependency.bouncycastle.version>
         <dependency.mockito-core.version>3.9.0</dependency.mockito-core.version>
         <dependency.org-json.version>20210307</dependency.org-json.version>
@@ -117,7 +117,7 @@
         <connection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</connection>
         <developerConnection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</developerConnection>
         <url>https://github.com/Alfresco/alfresco-community-repo</url>
-        <tag>HEAD</tag>
+        <tag>9.32.1</tag>
     </scm>
 
     <distributionManagement>

remote-api/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <dependencies>

repository/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>9.29-SNAPSHOT</version>
+        <version>9.32.1</version>
     </parent>
 
     <dependencies>

repository/src/main/java/org/alfresco/repo/action/executer/ScriptActionExecuter.java

@@ -35,6 +35,9 @@ import org.alfresco.repo.admin.SysAdminParams;
 import org.alfresco.repo.jscript.ScriptAction;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.action.Action;
+import org.alfresco.service.cmr.action.ActionDefinition;
+import org.alfresco.service.cmr.action.ActionService;
+import org.alfresco.service.cmr.action.ParameterConstraint;
 import org.alfresco.service.cmr.action.ParameterDefinition;
 import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
 import org.alfresco.service.cmr.repository.NodeRef;
@@ -126,6 +129,10 @@ public class ScriptActionExecuter extends ActionExecuterAbstractBase
         if (nodeService.exists(actionedUponNodeRef))
         {
             NodeRef scriptRef = (NodeRef)action.getParameterValue(PARAM_SCRIPTREF);
+            if(!isValidScriptRef(action))
+            {
+                throw new IllegalStateException("Invalid script ref path: " + scriptRef);
+            }
             NodeRef spaceRef = this.serviceRegistry.getRuleService().getOwningNodeRef(action);
             if (spaceRef == null)
             {
@@ -222,4 +229,19 @@ public class ScriptActionExecuter extends ActionExecuterAbstractBase
 
         return companyHomeRef;
     }
+    
+    private boolean isValidScriptRef(Action action)
+    {
+        NodeRef scriptRef = (NodeRef) action.getParameterValue(PARAM_SCRIPTREF);
+        ActionService actionService = this.serviceRegistry.getActionService();
+        ActionDefinition actDef = actionService.getActionDefinition(action.getActionDefinitionName());
+        ParameterDefinition parameterDef = actDef.getParameterDefintion(PARAM_SCRIPTREF);
+        String paramConstraintName = parameterDef.getParameterConstraintName();
+        if (paramConstraintName != null)
+        {
+            ParameterConstraint paramConstraint = actionService.getParameterConstraint(paramConstraintName);
+            return paramConstraint.isValidValue(scriptRef.toString());
+        }
+        return true;
+    }
 }

repository/src/main/resources/alfresco/repository.properties

@@ -3,7 +3,7 @@
 repository.name=Main Repository
 
 # Schema number
-version.schema=14100
+version.schema=14110
 
 # Directory configuration
 

repository/src/test/java/org/alfresco/repo/action/ActionServiceImpl2Test.java

@@ -26,8 +26,8 @@
 
 package org.alfresco.repo.action;
 
-import static java.lang.Thread.sleep;
 import static junit.framework.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
@@ -39,6 +39,7 @@ import java.util.List;
 import java.util.Map;
 
 import org.alfresco.model.ContentModel;
+import org.alfresco.repo.action.executer.ActionExecuter;
 import org.alfresco.repo.action.executer.ContentMetadataExtracter;
 import org.alfresco.repo.action.executer.CounterIncrementActionExecuter;
 import org.alfresco.repo.action.executer.ScriptActionExecuter;
@@ -259,7 +260,7 @@ public class ActionServiceImpl2Test
     public void testExecuteScript() throws Exception
     {
         final NodeRef scriptToBeExecuted = addTempScript("changeFileNameTest.js",
-                "document.properties.name = \"Changed\" + \"_\" + document.properties.name;\ndocument.save();");
+                "document.properties.name = \"Changed_\" + document.properties.name;\ndocument.save();");
         assertNotNull("Failed to add the test script.", scriptToBeExecuted);
 
         // add a test file to the Site in order to change its name
@@ -310,6 +311,73 @@ public class ActionServiceImpl2Test
                 return null;
             }
         });
+        
+        //Execute script not in Data Dictionary > Scripts
+        AuthenticationUtil.setFullyAuthenticatedUser(testSiteAndMemberInfo.siteManager);
+        NodeRef companyHomeRef = wellKnownNodes.getCompanyHome();
+        NodeRef sharedFolderRef = nodeService.getChildByName(companyHomeRef, ContentModel.ASSOC_CONTAINS,
+                "Shared");
+        final NodeRef invalidScriptRef = addTempScript("changeFileNameTest.js",
+                "document.properties.name = \"Invalid_Change.pdf\";\ndocument.save();",sharedFolderRef);
+        assertNotNull("Failed to add the test script.", scriptToBeExecuted);
+        transactionHelper.doInTransaction(new RetryingTransactionCallback<Void>()
+        {
+            public Void execute() throws Throwable
+            {
+                // Create the action
+                Action action = actionService.createAction(ScriptActionExecuter.NAME);
+                action.setParameterValue(ScriptActionExecuter.PARAM_SCRIPTREF, invalidScriptRef);
+
+                try
+                {
+                    // Execute the action
+                    actionService.executeAction(action, testNode);
+                }
+                catch (Throwable th)
+                {
+                    // do nothing
+                }
+                assertFalse("Scripts outside of Data Dictionary Scripts folder should not be executed",
+                        ("Invalid_Change.pdf".equals(nodeService.getProperty(testNode, ContentModel.PROP_NAME))));
+
+                return null;
+            }
+        });
+    }
+    
+    @Test
+    public void testActionResult() throws Exception
+    {
+        AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
+        transactionHelper.doInTransaction(new RetryingTransactionCallback<Void>()
+        {
+            public Void execute() throws Throwable
+            {
+                try
+                {
+                    // Create the script node reference
+                    NodeRef script = addTempScript("test-action-result-script.js", "\"VALUE\";");
+
+                    // Create the action
+                    Action action = actionService.createAction(ScriptActionExecuter.NAME);
+                    action.setParameterValue(ScriptActionExecuter.PARAM_SCRIPTREF, script);
+
+                    // Execute the action
+                    actionService.executeAction(action, testNode);
+
+                    // Get the result
+                    String result = (String) action.getParameterValue(ActionExecuter.PARAM_RESULT);
+                    assertNotNull(result);
+                    assertEquals("VALUE", result);
+                }
+                finally
+                {
+                    AuthenticationUtil.clearCurrentSecurityContext();
+                }
+
+                return null;
+            }
+        });
     }
 
     @Test
@@ -369,6 +437,32 @@ public class ActionServiceImpl2Test
         });
     }
 
+    private NodeRef addTempScript(final String scriptFileName, final String javaScript, final NodeRef parentRef)
+    {
+        AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
+        return transactionHelper.doInTransaction(new RetryingTransactionCallback<NodeRef>()
+        {
+            public NodeRef execute() throws Throwable
+            {
+
+                // Create the script node reference
+                NodeRef script = nodeService.createNode(parentRef, ContentModel.ASSOC_CONTAINS,
+                        QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, scriptFileName),
+                        ContentModel.TYPE_CONTENT).getChildRef();
+
+                nodeService.setProperty(script, ContentModel.PROP_NAME, scriptFileName);
+
+                ContentWriter contentWriter = contentService.getWriter(script, ContentModel.PROP_CONTENT, true);
+                contentWriter.setMimetype(MimetypeMap.MIMETYPE_JAVASCRIPT);
+                contentWriter.setEncoding("UTF-8");
+                contentWriter.putContent(javaScript);
+
+                tempNodes.addNodeRef(script);              
+                return script;
+            }
+        });
+    }
+
     private NodeRef addTempScript(final String scriptFileName, final String javaScript)
     {
         AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
@@ -386,20 +480,7 @@ public class ActionServiceImpl2Test
                 NodeRef scriptsRef = nodeService.getChildByName(dataDictionaryRef, ContentModel.ASSOC_CONTAINS,
                         "Scripts");
 
-                // Create the script node reference
-                NodeRef script = nodeService.createNode(scriptsRef, ContentModel.ASSOC_CONTAINS,
-                        QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, scriptFileName),
-                        ContentModel.TYPE_CONTENT).getChildRef();
-
-                nodeService.setProperty(script, ContentModel.PROP_NAME, scriptFileName);
-
-                ContentWriter contentWriter = contentService.getWriter(script, ContentModel.PROP_CONTENT, true);
-                contentWriter.setMimetype(MimetypeMap.MIMETYPE_JAVASCRIPT);
-                contentWriter.setEncoding("UTF-8");
-                contentWriter.putContent(javaScript);
-
-                tempNodes.addNodeRef(script);              
-                return script;
+                return addTempScript(scriptFileName, javaScript, scriptsRef);
             }
         });
     }

repository/src/test/java/org/alfresco/repo/action/ActionServiceImplTest.java

@@ -805,46 +805,6 @@ public class ActionServiceImplTest extends BaseAlfrescoSpringTest
         assertEquals(action4, savedAction2.getAction(2));
     }
     
-    /**
-     * Test the action result parameter
-     */
-    @Test
-    public void testActionResult()
-    {
-        // We need to run this test as Administrator. The ScriptAction has to run as a full user (instead of as System)
-        // so that we can setup the Person object in the ScriptNode
-        AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
-        try
-        {
-            // Create the script node reference
-            NodeRef script = this.nodeService.createNode(
-                    this.folder,
-                    ContentModel.ASSOC_CONTAINS,
-                    QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "testScript.js"),
-                    ContentModel.TYPE_CONTENT).getChildRef();
-            this.nodeService.setProperty(script, ContentModel.PROP_NAME, "testScript.js");
-            ContentWriter contentWriter = this.contentService.getWriter(script, ContentModel.PROP_CONTENT, true);
-            contentWriter.setMimetype("text/plain");
-            contentWriter.setEncoding("UTF-8");
-            contentWriter.putContent("\"VALUE\";");
-
-            // Create the action
-            Action action1 = this.actionService.createAction(ScriptActionExecuter.NAME);
-            action1.setParameterValue(ScriptActionExecuter.PARAM_SCRIPTREF, script);
-
-            // Execute the action
-            this.actionService.executeAction(action1, this.nodeRef);
-
-            // Get the result
-            String result = (String)action1.getParameterValue(ActionExecuter.PARAM_RESULT);
-            assertNotNull(result);
-            assertEquals("VALUE", result);
-        }
-        finally
-        {
-            AuthenticationUtil.clearCurrentSecurityContext();
-        }
-    }
     
     /** ===================================================================================
      *  Test asynchronous actions