[maven-release-plugin][skip ci] prepare release 18.8

* MNT-22686 Add email template test
* Allow more complex action params

amps/ags/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-community-repo-amps</artifactId>
-      <version>17.155</version>
+      <version>18.8</version>
    </parent>
 
    <modules>

amps/ags/rm-automation/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>17.155</version>
+      <version>18.8</version>
    </parent>
 
    <modules>

amps/ags/rm-automation/rm-automation-community-rest-api/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-automation-community-repo</artifactId>
-      <version>17.155</version>
+      <version>18.8</version>
    </parent>
 
    <build>

amps/ags/rm-community/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-parent</artifactId>
-      <version>17.155</version>
+      <version>18.8</version>
    </parent>
 
    <modules>

amps/ags/rm-community/rm-community-repo/.env

@@ -1,3 +1,3 @@
-SOLR6_TAG=2.0.3
+SOLR6_TAG=2.0.5
 POSTGRES_TAG=14.4
 ACTIVEMQ_TAG=5.17.1-jre11-rockylinux8

amps/ags/rm-community/rm-community-repo/pom.xml

@@ -8,7 +8,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-      <version>17.155</version>
+      <version>18.8</version>
    </parent>
 
    <properties>

amps/ags/rm-community/rm-community-repo/test/resources/alfresco/version.properties

@@ -5,7 +5,7 @@
 # Version label
 version.major=7
 version.minor=3
-version.revision=0
+version.revision=1
 version.label=
 
 # Edition label

amps/ags/rm-community/rm-community-rest-api-explorer/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-governance-services-community-repo-parent</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <build>

amps/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <modules>

amps/share-services/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-amps</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <properties>

amps/share-services/src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.get.js

@@ -14,7 +14,7 @@ function main()
       maxResults: (args.maxResults !== null) ? parseInt(args.maxResults, 10) : DEFAULT_MAX_RESULTS,
       pageSize: (args.pageSize !== null) ? parseInt(args.pageSize, 10) : DEFAULT_PAGE_SIZE,
       startIndex: (args.startIndex !== null) ? parseInt(args.startIndex, 10) : 0,
-      facetFields: args.facetFields,
+      facetFields: args.facetFields !== null ? args.facetFields.replace( /(<([^>]+)>)/ig, '') : null,
       filters: args.filters,
       encodedFilters: args.encodedFilters,
       spell: (args.spellcheck !== null) ? (args.spellcheck == "true") : false

core/pom.xml

@@ -7,7 +7,7 @@
    <parent>
       <groupId>org.alfresco</groupId>
       <artifactId>alfresco-community-repo</artifactId>
-      <version>17.155</version>
+      <version>18.8</version>
    </parent>
 
    <dependencies>

data-model/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <properties>

data-model/src/main/java/org/alfresco/repo/search/impl/parsers/FTSQueryParser.java

@@ -346,7 +346,7 @@ public class FTSQueryParser
             }
             constraints.add(constraint);
         }
-        if (constraints.size() == 1)
+        if (constraints.size() == 1 && Occur.EXCLUDE != constraints.get(0).getOccur())
         {
             return constraints.get(0);
         }

data-model/src/main/java/org/alfresco/repo/search/impl/querymodel/impl/lucene/LuceneDisjunction.java

@@ -69,20 +69,21 @@ public class LuceneDisjunction<Q, S, E extends Throwable> extends BaseDisjunctio
                 @SuppressWarnings("unchecked")
                 LuceneQueryBuilderComponent<Q, S, E> luceneQueryBuilderComponent = (LuceneQueryBuilderComponent<Q, S, E>) constraint;
                 Q constraintQuery = luceneQueryBuilderComponent.addComponent(selectors, functionArgs, luceneContext, functionContext);
-                queriestoDisjoin.add(new Pair<>(constraint, constraintQuery));
+                queriestoDisjoin.add(new Pair<Constraint, Q>(constraint, constraintQuery));
                 if (constraintQuery != null)
                 {
                     switch (constraint.getOccur())
                     {
                     case DEFAULT:
+                    case MANDATORY:
                     case OPTIONAL:
                         expressionBuilder.addOptional(constraintQuery, constraint.getBoost());
                         break;
-                    case MANDATORY:
-                        expressionBuilder.addRequired(constraintQuery, constraint.getBoost());
-                        break;
                     case EXCLUDE:
-                        expressionBuilder.addExcluded(constraintQuery,  constraint.getBoost());
+                        QueryParserExpressionAdaptor<Q, E> subExpressionBuilder = luceneContext.getLuceneQueryParserAdaptor().getExpressionAdaptor();
+                        subExpressionBuilder.addRequired(luceneContext.getLuceneQueryParserAdaptor().getMatchAllNodesQuery());
+                        subExpressionBuilder.addExcluded(constraintQuery);
+                        expressionBuilder.addOptional(subExpressionBuilder.getQuery(),  constraint.getBoost());
                         break;
                     }
                 }

mmt/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <dependencies>

packaging/distribution/pom.xml

@@ -9,6 +9,6 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 </project>

packaging/docker-alfresco/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <properties>

packaging/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <modules>

packaging/tests/environment/.env

@@ -1,3 +1,3 @@
-SOLR6_TAG=2.0.3
+SOLR6_TAG=2.0.5
 POSTGRES_TAG=14.4
 ACTIVEMQ_TAG=5.17.1-jre11-rockylinux8

packaging/tests/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <modules>

packaging/tests/tas-cmis/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <organization>

packaging/tests/tas-email/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <developers>

packaging/tests/tas-integration/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <developers>

packaging/tests/tas-restapi/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <developers>

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/RestTest.java

@@ -5,6 +5,7 @@ import java.lang.reflect.Method;
 import org.alfresco.dataprep.WorkflowService;
 import org.alfresco.rest.core.RestProperties;
 import org.alfresco.rest.core.RestWrapper;
+import org.alfresco.rest.rules.RulesTestsUtils;
 import org.alfresco.utility.LogFactory;
 import org.alfresco.utility.TasProperties;
 import org.alfresco.utility.data.DataContent;
@@ -61,6 +62,9 @@ public abstract class RestTest extends AbstractTestNGSpringContextTests
     @Autowired
     protected WorkflowService workflow;
 
+    @Autowired
+    protected RulesTestsUtils rulesUtils;
+
     protected SiteModel testSite;
 
     @BeforeSuite(alwaysRun = true)

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/actions/access/AccessRestrictionUtil.java

@@ -1,15 +1,17 @@
 package org.alfresco.rest.actions.access;
 
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 import com.google.gson.Gson;
+
 import org.alfresco.rest.actions.access.pojo.Action;
 import org.alfresco.rest.actions.access.pojo.ActionCondition;
 import org.alfresco.rest.actions.access.pojo.Rule;
 import org.alfresco.utility.model.UserModel;
 
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
 public class AccessRestrictionUtil {
 
     public static final String MAIL_ACTION = "mail";
@@ -19,8 +21,8 @@ public class AccessRestrictionUtil {
             "Only admin or system user is allowed to define uses of or directly execute this action";
     private static final String ERROR_MESSAGE_FAILED_TO_SEND_EMAIL = "Failed to send email to:";
 
-    public static Map<String, String> createMailParameters(UserModel sender, UserModel recipient) {
-        Map<String, String> parameterValues = new HashMap<>();
+    public static Map<String, Serializable> createMailParameters(UserModel sender, UserModel recipient) {
+        Map<String, Serializable> parameterValues = new HashMap<>();
         parameterValues.put("from", sender.getEmailAddress());
         parameterValues.put("to", recipient.getEmailAddress());
         parameterValues.put("subject", "Test");
@@ -29,7 +31,7 @@ public class AccessRestrictionUtil {
         return parameterValues;
     }
 
-    public static Rule createRuleWithAction(String actionName, Map<String, String> parameterValues) {
+    public static Rule createRuleWithAction(String actionName, Map<String, Serializable> parameterValues) {
         Rule rule = new Rule();
         rule.setId("");
         rule.setTitle("Test rule title");
@@ -57,7 +59,7 @@ public class AccessRestrictionUtil {
         return rule;
     }
 
-    public static Action createActionWithParameters(String actionName, Map<String, String> parameterValues) {
+    public static Action createActionWithParameters(String actionName, Map<String, Serializable> parameterValues) {
         Action compositeAction = new Action();
         compositeAction.setActionDefinitionName("composite-action");
 
@@ -76,7 +78,7 @@ public class AccessRestrictionUtil {
     }
 
 
-    public static Action createAction(String actionName, Map<String, String> parameterValues) {
+    public static Action createAction(String actionName, Map<String, Serializable> parameterValues) {
         Action action = new Action();
         action.setActionDefinitionName(actionName);
         action.setParameterValues(parameterValues);

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/actions/access/FormProcAdminAccessRestrictionTest.java

@@ -1,5 +1,15 @@
 package org.alfresco.rest.actions.access;
 
+import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED;
+import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_FIELD;
+import static org.alfresco.rest.actions.access.AccessRestrictionUtil.MAIL_ACTION;
+import static org.alfresco.rest.actions.access.AccessRestrictionUtil.createMailParameters;
+import static org.alfresco.rest.actions.access.AccessRestrictionUtil.getExpectedEmailSendFailureMessage;
+import static org.hamcrest.Matchers.containsString;
+
+import java.io.Serializable;
+import java.util.Map;
+
 import org.alfresco.rest.RestTest;
 import org.alfresco.rest.core.RestRequest;
 import org.alfresco.rest.core.RestResponse;
@@ -13,15 +23,6 @@ import org.testng.annotations.BeforeClass;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
-import java.util.Map;
-
-import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED;
-import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_FIELD;
-import static org.alfresco.rest.actions.access.AccessRestrictionUtil.MAIL_ACTION;
-import static org.alfresco.rest.actions.access.AccessRestrictionUtil.createMailParameters;
-import static org.alfresco.rest.actions.access.AccessRestrictionUtil.getExpectedEmailSendFailureMessage;
-import static org.hamcrest.Matchers.containsString;
-
 public class FormProcAdminAccessRestrictionTest extends RestTest {
 
     private static final String ACTION_FORM_PROCESSOR_ENDPOINT = "alfresco/service/api/action/%s/formprocessor";
@@ -75,7 +76,7 @@ public class FormProcAdminAccessRestrictionTest extends RestTest {
                 .assertThat().body(ERROR_MESSAGE_FIELD, containsString(getExpectedEmailSendFailureMessage(testUser)));
     }
 
-    private String generateBody(Map<String, String> mailParameters) {
+    private String generateBody(Map<String, Serializable> mailParameters) {
         JSONObject json = new JSONObject();
         mailParameters.forEach((key, value) -> json.put(PROPERTY_PREFIX + key, value));
 

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/actions/access/pojo/Action.java

@@ -1,5 +1,6 @@
 package org.alfresco.rest.actions.access.pojo;
 
+import java.io.Serializable;
 import java.util.List;
 import java.util.Map;
 
@@ -8,7 +9,7 @@ public class Action {
     private String actionedUponNode;
     private List<ActionCondition> conditions;
     private List<Action> actions;
-    private Map<String, String> parameterValues;
+    private Map<String, Serializable> parameterValues;
 
     private boolean executeAsynchronously;
 
@@ -47,11 +48,11 @@ public class Action {
         this.actions = actions;
     }
 
-    public Map<String, String> getParameterValues() {
+    public Map<String, Serializable> getParameterValues() {
         return parameterValues;
     }
 
-    public void setParameterValues(Map<String, String> parameterValues) {
+    public void setParameterValues(Map<String, Serializable> parameterValues) {
         this.parameterValues = parameterValues;
     }
 }

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/actions/email/EmailTemplateTest.java

@@ -0,0 +1,95 @@
+package org.alfresco.rest.actions.email;
+
+import static org.hamcrest.Matchers.notNullValue;
+import static org.hamcrest.Matchers.nullValue;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+import javax.json.JsonObject;
+
+import org.alfresco.rest.RestTest;
+import org.alfresco.rest.core.JsonBodyGenerator;
+import org.alfresco.rest.core.RestWrapper;
+import org.alfresco.rest.model.RestNodeModel;
+import org.alfresco.utility.model.FolderModel;
+import org.alfresco.utility.model.UserModel;
+import org.alfresco.utility.Utility;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+
+public class EmailTemplateTest extends RestTest {
+
+    public static final String MAIL_ACTION = "mail";
+
+    private UserModel adminUser;
+    private UserModel testUser;
+    private FolderModel testFolder;
+
+    @Autowired
+    protected RestWrapper restClient;
+
+    @BeforeClass(alwaysRun = true)
+    public void dataPreparation() throws Exception {
+        adminUser = dataUser.getAdminUser();
+
+        testUser = dataUser.createRandomTestUser();
+        testSite = dataSite.usingUser(testUser)
+                           .createPublicRandomSite();
+        testFolder = dataContent.usingUser(testUser)
+                                .usingSite(testSite)
+                                .createFolder();
+    }
+
+    @Test
+    public void adminCanSendEmailUsingTemplateWithModelAsString() throws Exception
+    {
+        String templateId = uploadEmailTemplate("simpleEmailTemplate.ftl");
+
+        // Create the model for use with email template
+        JsonObject args = JsonBodyGenerator.defineJSON()
+                                           .add("args", JsonBodyGenerator.defineJSON()
+                                                                         .add("name", "testname")
+                                                                         .build())
+                                           .build();
+        String emailModel = args.toString();
+
+        // Send an email using the template
+        restClient.authenticateUser(adminUser)
+                  .withCoreAPI()
+                  .usingActions()
+                  .executeAction(MAIL_ACTION, testFolder, createMailWithTemplateParameters(adminUser, testUser, templateId, emailModel));
+
+        restClient.onResponse()
+                  .assertThat().statusCode(HttpStatus.ACCEPTED.value())
+                  .assertThat().body("entry.id", notNullValue());
+    }
+
+    private String uploadEmailTemplate(String templateName)
+    {
+        restClient.authenticateUser(adminUser)
+                  .configureRequestSpec()
+                  .addMultiPart("filedata", Utility.getResourceTestDataFile(templateName));
+
+        RestNodeModel template = restClient.authenticateUser(adminUser).withCoreAPI().usingResource(testFolder).createNode();
+        restClient.assertStatusCodeIs(HttpStatus.CREATED);
+
+        return template.getId();
+    }
+
+    private static Map<String, Serializable> createMailWithTemplateParameters(UserModel sender, UserModel recipient, String templateId, Serializable model)
+    {
+        Map<String, Serializable> parameterValues = new HashMap<>();
+
+        parameterValues.put("from", sender.getEmailAddress());
+        parameterValues.put("to", recipient.getEmailAddress());
+        parameterValues.put("subject", "Test");
+        parameterValues.put("template", "workspace://SpacesStore/" + templateId);
+        parameterValues.put("template_model", model);
+
+        return parameterValues;
+    }
+}

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/CreateRulesTests.java

@@ -28,25 +28,23 @@ package org.alfresco.rest.rules;
 import static java.util.stream.Collectors.toList;
 
 import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED;
+import static org.alfresco.rest.actions.access.AccessRestrictionUtil.MAIL_ACTION;
+import static org.alfresco.rest.rules.RulesTestsUtils.CHECKIN_ACTION;
+import static org.alfresco.rest.rules.RulesTestsUtils.COPY_ACTION;
 import static org.alfresco.rest.rules.RulesTestsUtils.ID;
 import static org.alfresco.rest.rules.RulesTestsUtils.INVERTED;
 import static org.alfresco.rest.rules.RulesTestsUtils.IS_SHARED;
 import static org.alfresco.rest.rules.RulesTestsUtils.RULE_NAME_DEFAULT;
-import static org.alfresco.rest.rules.RulesTestsUtils.createAddAudioAspectAction;
-import static org.alfresco.rest.rules.RulesTestsUtils.createCompositeCondition;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModel;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithDefaultValues;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithModifiedValues;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleWithPrivateAction;
-import static org.alfresco.rest.rules.RulesTestsUtils.createSimpleCondition;
-import static org.alfresco.rest.rules.RulesTestsUtils.createVariousActions;
-import static org.alfresco.rest.rules.RulesTestsUtils.createVariousConditions;
+import static org.alfresco.rest.rules.RulesTestsUtils.RULE_SCRIPT_PARAM_ID;
+import static org.alfresco.rest.rules.RulesTestsUtils.SCRIPT_ACTION;
+import static org.alfresco.rest.rules.RulesTestsUtils.TEMPLATE_PARAM;
 import static org.alfresco.utility.constants.UserRole.SiteCollaborator;
 import static org.alfresco.utility.constants.UserRole.SiteConsumer;
 import static org.alfresco.utility.constants.UserRole.SiteContributor;
 import static org.alfresco.utility.constants.UserRole.SiteManager;
 import static org.alfresco.utility.model.FileModel.getRandomFileModel;
 import static org.alfresco.utility.model.FileType.TEXT_PLAIN;
+import static org.alfresco.utility.model.UserModel.getRandomUserModel;
 import static org.alfresco.utility.report.log.Step.STEP;
 import static org.junit.Assert.assertEquals;
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
@@ -54,21 +52,30 @@ import static org.springframework.http.HttpStatus.CREATED;
 import static org.springframework.http.HttpStatus.FORBIDDEN;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
 
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.IntStream;
 
+import javax.json.Json;
+import javax.json.JsonObject;
+
 import org.alfresco.rest.RestTest;
 import org.alfresco.rest.model.RestActionBodyExecTemplateModel;
+import org.alfresco.rest.model.RestActionConstraintModel;
 import org.alfresco.rest.model.RestCompositeConditionDefinitionModel;
 import org.alfresco.rest.model.RestRuleModel;
 import org.alfresco.rest.model.RestRuleModelsCollection;
 import org.alfresco.utility.constants.UserRole;
+import org.alfresco.utility.model.ContentModel;
 import org.alfresco.utility.model.FileModel;
 import org.alfresco.utility.model.FolderModel;
 import org.alfresco.utility.model.SiteModel;
 import org.alfresco.utility.model.TestGroup;
 import org.alfresco.utility.model.UserModel;
+import org.apache.chemistry.opencmis.client.api.CmisObject;
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 
@@ -98,12 +105,12 @@ public class CreateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void createRule()
     {
-        RestRuleModel ruleModel = createRuleModelWithModifiedValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithModifiedValues();
 
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                        .createSingleRule(ruleModel);
 
-        RestRuleModel expectedRuleModel = createRuleModelWithModifiedValues();
+        RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithModifiedValues();
         restClient.assertStatusCodeIs(CREATED);
         rule.assertThat().isEqualTo(expectedRuleModel, ID, IS_SHARED)
                 .assertThat().field(ID).isNotNull()
@@ -121,10 +128,10 @@ public class CreateRulesTests extends RestTest
         RestRuleModel ruleModel = new RestRuleModel();
         ruleModel.setName("ruleName");
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(nonExistentFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(nonExistentFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(NOT_FOUND);
-        restClient.assertLastError().containsSummary("fake-id was not found");
+        restClient.assertLastError().containsSummary("Folder with id fake-id was not found");
     }
 
     /** Check creating a rule in a non-existent rule set returns an error. */
@@ -135,19 +142,19 @@ public class CreateRulesTests extends RestTest
         RestRuleModel ruleModel = new RestRuleModel();
         ruleModel.setName("ruleName");
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingRuleSet("fake-id").createSingleRule(ruleModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingRuleSet("fake-id").createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(NOT_FOUND);
-        restClient.assertLastError().containsSummary("fake-id was not found");
+        restClient.assertLastError().containsSummary("Rule set with id fake-id was not found");
     }
 
     /** Try to create a rule without a name and check the error. */
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void createRuleWithEmptyName()
     {
-        RestRuleModel ruleModel = createRuleModel("");
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("");
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
         restClient.assertLastError().containsSummary("Rule name is a mandatory parameter");
@@ -157,11 +164,11 @@ public class CreateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void duplicateRuleNameIsAcceptable()
     {
-        RestRuleModel ruleModel = createRuleModel("duplicateRuleName");
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("duplicateRuleName");
 
         STEP("Create two identical rules");
-        RestRuleModel ruleA = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
-        RestRuleModel ruleB = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleA = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleB = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         // Check that the names are the same but the ids are different.
         ruleA.assertThat().field("name").is(ruleB.getName());
@@ -169,6 +176,7 @@ public class CreateRulesTests extends RestTest
     }
 
     /** Check that a user without permission to view the folder cannot create a rule in it. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void requireReadPermissionToCreateRule()
     {
         STEP("Create a user and use them to create a private site containing a folder");
@@ -180,13 +188,14 @@ public class CreateRulesTests extends RestTest
         RestRuleModel ruleModel = new RestRuleModel();
         ruleModel.setName("ruleName");
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(FORBIDDEN);
         restClient.assertLastError().containsSummary("Insufficient permissions to manage rules");
     }
 
-    /** Check that a Collaborator cannot create a rule in a private folder. */
+    /** Check that a Collaborator cannot create a rule in a folder in a private site. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void siteCollaboratorCannotCreateRule()
     {
         testRolePermissionsWith(SiteCollaborator);
@@ -196,6 +205,7 @@ public class CreateRulesTests extends RestTest
     }
 
     /** Check that a Contributor cannot create a rule in a private folder. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void siteContributorCannotCreateRule()
     {
         testRolePermissionsWith(SiteContributor);
@@ -204,7 +214,8 @@ public class CreateRulesTests extends RestTest
         restClient.assertLastError().containsSummary("Insufficient permissions to manage rules");
     }
 
-    /** Check that a Consumer cannot create a rule in a private folder. */
+    /** Check that a Consumer cannot create a rule in a folder in a private site. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void siteConsumerCannotCreateRule()
     {
         testRolePermissionsWith(SiteConsumer);
@@ -213,7 +224,8 @@ public class CreateRulesTests extends RestTest
         restClient.assertLastError().containsSummary("Insufficient permissions to manage rules");
     }
 
-    /** Check that a siteManager can create a rule in a private folder. */
+    /** Check that a siteManager can create a rule in a folder in a private site. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void siteManagerCanCreateRule()
     {
         testRolePermissionsWith(SiteManager)
@@ -232,7 +244,7 @@ public class CreateRulesTests extends RestTest
         RestRuleModel ruleModel = new RestRuleModel();
         ruleModel.setName("ruleName");
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(fileModel).usingDefaultRuleSet().createSingleRule(ruleModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(fileModel).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
         restClient.assertLastError().containsSummary("folder is expected");
@@ -244,9 +256,9 @@ public class CreateRulesTests extends RestTest
     {
         STEP("Create a list of rules in one POST request");
         List<String> ruleNames = List.of("ruleA", "ruleB", "ruleC");
-        List<RestRuleModel> ruleModels = ruleNames.stream().map(RulesTestsUtils::createRuleModel).collect(toList());
+        List<RestRuleModel> ruleModels = ruleNames.stream().map(rulesUtils::createRuleModel).collect(toList());
 
-        RestRuleModelsCollection rules = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModelsCollection rules = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                                    .createListOfRules(ruleModels);
 
         restClient.assertStatusCodeIs(CREATED);
@@ -263,13 +275,13 @@ public class CreateRulesTests extends RestTest
     public void createRulesWithOneError()
     {
         STEP("Try to create a three rules but the middle one has an error.");
-        RestRuleModel ruleA = createRuleModel("ruleA");
-        RestRuleModel ruleB = createRuleModel("");
+        RestRuleModel ruleA = rulesUtils.createRuleModel("ruleA");
+        RestRuleModel ruleB = rulesUtils.createRuleModel("");
         // Don't set a name for Rule B.
-        RestRuleModel ruleC = createRuleModel("ruleC");
+        RestRuleModel ruleC = rulesUtils.createRuleModel("ruleC");
         List<RestRuleModel> ruleModels = List.of(ruleA, ruleB, ruleC);
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().createListOfRules(ruleModels);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createListOfRules(ruleModels);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
         restClient.assertLastError().containsSummary("Rule name is a mandatory parameter");
@@ -279,10 +291,10 @@ public class CreateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void createRuleWithoutDescription()
     {
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         UserModel admin = dataUser.getAdminUser();
 
-        RestRuleModel rule = restClient.authenticateUser(admin).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
             .createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(CREATED);
@@ -295,10 +307,10 @@ public class CreateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void createRuleWithoutTriggers()
     {
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         UserModel admin = dataUser.getAdminUser();
 
-        RestRuleModel rule = restClient.authenticateUser(admin).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
             .createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(CREATED);
@@ -311,10 +323,10 @@ public class CreateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void createRuleWithoutErrorScript()
     {
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         UserModel admin = dataUser.getAdminUser();
 
-        RestRuleModel rule = restClient.authenticateUser(admin).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
             .createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(CREATED);
@@ -327,11 +339,11 @@ public class CreateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
     public void createRuleWithSharedFlag()
     {
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         ruleModel.setIsShared(true);
         UserModel admin = dataUser.getAdminUser();
 
-        RestRuleModel rule = restClient.authenticateUser(admin).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
             .createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(CREATED);
@@ -344,9 +356,9 @@ public class CreateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void createRuleAndIncludeFieldsInResponse()
     {
-        RestRuleModel ruleModel = createRuleModel("ruleName");
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("ruleName");
 
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                        .include("isShared")
                                        .createSingleRule(ruleModel);
 
@@ -354,7 +366,7 @@ public class CreateRulesTests extends RestTest
         rule.assertThat().field("isShared").isNotNull();
     }
 
-    public RestRuleModel testRolePermissionsWith(UserRole userRole)
+    private RestRuleModel testRolePermissionsWith(UserRole userRole)
     {
         STEP("Create a user and use them to create a private site containing a folder");
         SiteModel privateSite = dataSite.usingUser(user).createPrivateRandomSite();
@@ -363,9 +375,115 @@ public class CreateRulesTests extends RestTest
         STEP(String.format("Add a user with '%s' role in the private site's folder", userRole.toString()));
         UserModel userWithRole = dataUser.createRandomTestUser();
         dataUser.addUserToSite(userWithRole, privateSite, userRole);
-        RestRuleModel ruleModel = createRuleModel("testRule", List.of(createAddAudioAspectAction()));
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("testRule", List.of(rulesUtils.createAddAudioAspectAction()));
 
-        return restClient.authenticateUser(userWithRole).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        return restClient.authenticateUser(userWithRole).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+    }
+
+    /** Check that the folder's owner can create rules, even if it is in a private site they aren't a member of. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkOwnerCanCreateRule()
+    {
+        STEP("Use admin to create a private site.");
+        SiteModel privateSite = dataSite.usingUser(dataUser.getAdminUser()).createPrivateRandomSite();
+
+        STEP("Add the user to the site, let them create a folder and then evict them from the site again.");
+        dataUser.addUserToSite(user, privateSite, SiteManager);
+        FolderModel folder = dataContent.usingUser(user).usingSite(privateSite).createFolder();
+        dataUser.removeUserFromSite(user, privateSite);
+
+        STEP("Check the folder owner can create a rule.");
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(CREATED);
+    }
+
+    /** Check that an administrator can create a rule in a private site even if they aren't a member. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkAdminCanCreateRule()
+    {
+        STEP("Use a user to create a private site with a folder.");
+        SiteModel privateSite = dataSite.usingUser(user).createPrivateRandomSite();
+        FolderModel folder = dataContent.usingUser(user).usingSite(privateSite).createFolder();
+
+        STEP("Check admin can create a rule.");
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(CREATED);
+    }
+
+    /** Check that a coordinator can create rules in folders outside sites. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkCoordinatorCanCreateRule()
+    {
+        STEP("Create a folder in the user's file space.");
+        FolderModel folder = dataContent.usingUser(user).usingUserHome().createFolder();
+
+        STEP("Create another user as a coordinator for this folder.");
+        UserModel coordinator = dataUser.createRandomTestUser("Rules");
+        /*
+        Update folder node properties to add a coordinator
+        { "permissions": { "isInheritanceEnabled": true, "locallySet": { "authorityId": "coordinator.getUsername()",
+         "name": "Coordinator", "accessStatus":"ALLOWED" } } }
+        */
+        String putBody = getAddPermissionsBody(coordinator.getUsername(), "Coordinator");
+        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).updateNode(putBody);
+
+        STEP("Check the coordinator can create a rule.");
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        restClient.authenticateUser(coordinator).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(CREATED);
+    }
+
+    /** Check that an editor cannot create rules in folders outside sites. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkEditorCannotCreateRule()
+    {
+        STEP("Create a folder in the user's file space.");
+        FolderModel folder = dataContent.usingUser(user).usingUserHome().createFolder();
+
+        STEP("Create another user as a editor for this folder.");
+        UserModel editor = dataUser.createRandomTestUser();
+        /*
+        Update folder node properties to add an editor
+        { "permissions": { "isInheritanceEnabled": true, "locallySet": { "authorityId": "editor.getUsername()",
+         "name": "Coordinator", "accessStatus":"ALLOWED" } } }
+        */
+        String putBody = getAddPermissionsBody(editor.getUsername(), "Editor");
+        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).updateNode(putBody);
+
+        STEP("Check the editor can create a rule.");
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        restClient.authenticateUser(editor).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(FORBIDDEN);
+    }
+
+    /** Check that a collaborator cannot create rules in folders outside sites. */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkCollaboratorCannotCreateRule()
+    {
+        STEP("Create a folder in the user's file space.");
+        FolderModel folder = dataContent.usingUser(user).usingUserHome().createFolder();
+
+        STEP("Create another user as a collaborator for this folder.");
+        UserModel collaborator = dataUser.createRandomTestUser();
+        /*
+        Update folder node properties to add a collaborator
+        { "permissions": { "isInheritanceEnabled": true, "locallySet": { "authorityId": "collaborator.getUsername()",
+         "name": "Coordinator", "accessStatus":"ALLOWED" } } }
+        */
+        String putBody = getAddPermissionsBody(collaborator.getUsername(), "Collaborator");
+        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).updateNode(putBody);
+
+        STEP("Check the collaborator can create a rule.");
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        restClient.authenticateUser(collaborator).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(FORBIDDEN);
     }
 
     /**
@@ -376,11 +494,11 @@ public class CreateRulesTests extends RestTest
     {
         final UserModel admin = dataUser.getAdminUser();
 
-        final RestRuleModel rule = restClient.authenticateUser(admin).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
-                .createSingleRule(createVariousActions());
+        final RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                .createSingleRule(rulesUtils.createRuleWithVariousActions());
 
-        RestRuleModel expectedRuleModel = createRuleModelWithDefaultValues();
-        expectedRuleModel.setActions(createVariousActions().getActions());
+        RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithDefaultValues();
+        expectedRuleModel.setActions(rulesUtils.createRuleWithVariousActions().getActions());
         expectedRuleModel.setTriggers(List.of("inbound"));
 
         restClient.assertStatusCodeIs(CREATED);
@@ -388,23 +506,80 @@ public class CreateRulesTests extends RestTest
                 .assertThat().field(IS_SHARED).isNull();
     }
 
+    /**
+     * Check get an error when creating a rule with action with empty parameter value.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithEmptyActionParameterValueShouldFail()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel checkinAction = rulesUtils.createCustomActionModel(CHECKIN_ACTION, Map.of("description", ""));
+        ruleModel.setActions(List.of(checkinAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST).assertLastError().containsSummary("Action parameter should not have empty or null value");
+    }
+
+    /**
+     * Check can create a rule with action without any parameters when action definition states all of them are optional.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithoutParameterWhenTheyAreOptional()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel checkinAction = rulesUtils.createCustomActionModel(CHECKIN_ACTION, null);
+        ruleModel.setActions(List.of(checkinAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(CREATED);
+    }
+
     /** Check that a normal user cannot create rules that use private actions. */
-    @Test
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void createRuleWithActions_userCannotUsePrivateAction()
     {
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
-                  .createSingleRule(createRuleWithPrivateAction());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(rulesUtils.createRuleWithPrivateAction());
 
         restClient.assertStatusCodeIs(FORBIDDEN)
                   .assertLastError().containsSummary(ERROR_MESSAGE_ACCESS_RESTRICTED);
     }
 
     /** Check that an administrator can create rules that use private actions. */
-    @Test
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void createRuleWithActions_adminCanUsePrivateAction()
     {
-        restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
-                  .createSingleRule(createRuleWithPrivateAction());
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(rulesUtils.createRuleWithPrivateAction());
+
+        restClient.assertStatusCodeIs(CREATED);
+    }
+
+    /**
+     * Check that an administrator can create rules with email (private) action with reference to an email template.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithActions_adminCanUseMailActionWithTemplate()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel mailAction = new RestActionBodyExecTemplateModel();
+        mailAction.setActionDefinitionId(MAIL_ACTION);
+        final Map<String, Serializable> params = new HashMap<>();
+        final UserModel sender = getRandomUserModel();
+        final UserModel recipient = getRandomUserModel();
+        params.put("from", sender.getEmailAddress());
+        params.put("to", recipient.getEmailAddress());
+        params.put("subject", "Test");
+        final RestActionConstraintModel constraint = rulesUtils.getConstraintsForActionParam(user, MAIL_ACTION, TEMPLATE_PARAM);
+        String templateScriptRef = constraint.getConstraintValues().stream().findFirst().get().getValue();
+        params.put(TEMPLATE_PARAM, templateScriptRef);
+        mailAction.setParams(params);
+        ruleModel.setActions(List.of(mailAction));
+
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                .createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(CREATED);
     }
@@ -415,10 +590,10 @@ public class CreateRulesTests extends RestTest
     @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void createRuleWithoutActionsShouldFail()
     {
-        final RestRuleModel ruleModel = createRuleModelWithDefaultValues();
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         ruleModel.setActions(null);
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
@@ -431,18 +606,290 @@ public class CreateRulesTests extends RestTest
     @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void createRuleWithInvalidActionsShouldFail()
     {
-        final RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        final RestActionBodyExecTemplateModel invalidAction = new RestActionBodyExecTemplateModel();
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         final String actionDefinitionId = "invalid-definition-value";
-        invalidAction.setActionDefinitionId(actionDefinitionId);
-        invalidAction.setParams(Map.of("dummy-key", "dummy-value"));
+        final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(actionDefinitionId, Map.of("dummy-key", "dummy-value"));
         ruleModel.setActions(List.of(invalidAction));
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", actionDefinitionId));
+    }
+
+    /**
+     * Check we get error when attempt to create a rule with an action tha is not applicable to rules.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithNotApplicableActionShouldFail()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel invalidAction =
+                rulesUtils.createCustomActionModel(RulesTestsUtils.DELETE_RENDITION_ACTION, Map.of("dummy-key", "dummy-value"));
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", RulesTestsUtils.DELETE_RENDITION_ACTION));
+    }
+
+    /**
+     * Check we get error when attempt to create a rule with missing action parameters.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithMissingActionParametersShouldFail()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel invalidAction =
+                rulesUtils.createCustomActionModel(RulesTestsUtils.COPY_ACTION, Collections.emptyMap());
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary(
+                String.format("Action parameters should not be null or empty for this action. See Action Definition for action of: %s",
+                        COPY_ACTION));
+    }
+
+    /**
+     * Check we get error when attempt to create a rule with parameter not fulfilling constraint.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithActionParameterNotFulfillingConstraint()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final String actionDefinitionId = SCRIPT_ACTION;
+        final String scriptRef = RULE_SCRIPT_PARAM_ID;
+        final String scriptNodeId = "dummy-script-node-id";
+        final RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel(actionDefinitionId, Map.of(scriptRef, scriptNodeId));
+        ruleModel.setActions(List.of(scriptAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        final String acScriptsConstraint = "ac-scripts";
+        restClient.assertLastError().containsSummary(
+                String.format("Action parameter: %s has invalid value (%s). Look up possible values for constraint name %s",
+                        scriptRef, scriptNodeId, acScriptsConstraint));
+    }
+
+    /**
+     * Check we get error when attempt to create a rule with action parameter that should not be passed.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithInvalidActionParameterShouldFail()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final String invalidParameterKey = "invalidParameterKey";
+        final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
+                RulesTestsUtils.ADD_FEATURES_ACTION, Map.of(invalidParameterKey, "dummyValue"));
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary(
+                String.format("Action of definition id: %s must not contain parameter of name: %s", RulesTestsUtils.ADD_FEATURES_ACTION, invalidParameterKey));
+    }
+
+    /**
+     * Check we get error when attempt to create a rule with missing mandatory action parameter.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithoutMandatoryActionParametersShouldFail()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(COPY_ACTION, Map.of("deep-copy",false));
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary("Missing action's mandatory parameter: destination-folder");
+    }
+
+    /**
+     * Check we get error when attempting to create a rule that copies files to a non-existent folder.
+     */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void createRuleThatUsesNonExistentNode()
+    {
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
+                COPY_ACTION, Map.of("destination-folder", "non-existent-node"));
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(ruleModel);
+
         restClient.assertStatusCodeIs(NOT_FOUND);
-        restClient.assertLastError().containsSummary(actionDefinitionId);
+        restClient.assertLastError().containsSummary("The entity with id: non-existent-node was not found");
+    }
+
+    /**
+     * Check we get error when attempting to create a rule that references a folder that the user does not have read permission for.
+     */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void createRuleThatUsesNodeWithoutReadPermission()
+    {
+        SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
+        FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
+
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
+                COPY_ACTION, Map.of("destination-folder", privateFolder.getNodeRef()));
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(NOT_FOUND);
+        restClient.assertLastError().containsSummary("The entity with id: " + privateFolder.getNodeRef() + " was not found");
+    }
+
+    /**
+     * Check we get error when attempting to create a rule that copies files to a folder that a user only has read permission for.
+     */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void createRuleThatWritesToNodeWithoutPermission()
+    {
+        SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
+        FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
+        dataUser.usingAdmin().addUserToSite(user, privateSite, SiteConsumer);
+
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
+                COPY_ACTION, Map.of("destination-folder", privateFolder.getNodeRef()));
+
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(FORBIDDEN);
+        restClient.assertLastError().containsSummary("No proper permissions for node: " + privateFolder.getNodeRef());
+    }
+
+    /**
+     * Check we get error when attempting to create a rule that moves files to a node which is not a folder
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleThatMovesToNodeWhichIsNotAFolderShouldFail()
+    {
+        final FileModel fileModel = dataContent.usingUser(user).usingSite(site).createContent(getRandomFileModel(TEXT_PLAIN));
+
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel invalidAction = rulesUtils.createCustomActionModel(
+                RulesTestsUtils.MOVE_ACTION, Map.of("destination-folder", fileModel.getNodeRef()));
+        ruleModel.setActions(List.of(invalidAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary("Node is not a folder " + fileModel.getNodeRef());
+    }
+
+
+    /**
+     * Check we get error when attempting to create a rule with mail action defined with non-existing mail template.
+     */
+    @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
+    public void createRuleWithMailActionReferringToNonExistingTemplate()
+    {
+        final RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        final RestActionBodyExecTemplateModel mailAction = new RestActionBodyExecTemplateModel();
+        mailAction.setActionDefinitionId(MAIL_ACTION);
+        final Map<String, Serializable> params = new HashMap<>();
+        final UserModel sender = getRandomUserModel();
+        final UserModel recipient = getRandomUserModel();
+        params.put("from", sender.getEmailAddress());
+        params.put("to", recipient.getEmailAddress());
+        params.put("subject", "Test");
+        final String mailTemplate = "non-existing-node-id";
+        params.put(TEMPLATE_PARAM, mailTemplate);
+        mailAction.setParams(params);
+        ruleModel.setActions(List.of(mailAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary("Action parameter: template has invalid value (" + mailTemplate +
+                "). Look up possible values for constraint name ac-email-templates");
+    }
+
+    /**
+     * Check the user can create a rule with a script.
+     */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkCanUseScriptInRule()
+    {
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel(
+                SCRIPT_ACTION, Map.of(RULE_SCRIPT_PARAM_ID, rulesUtils.getReviewAndApproveWorkflowNode()));
+        ruleModel.setActions(List.of(scriptAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(CREATED);
+    }
+
+    /**
+     * Check the script has to be stored in the scripts directory in the data dictionary.
+     */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkCantUseNodeOutsideScriptsDirectory()
+    {
+        STEP("Copy script to location outside data dictionary.");
+        FolderModel folderOutsideDataDictionary = dataContent.usingUser(user).usingSite(site).createFolder();
+        String sourceNodeId = rulesUtils.getReviewAndApproveWorkflowNode();
+        ContentModel sourceNode = new ContentModel("/Data Dictionary/Scripts/start-pooled-review-workflow.js");
+        sourceNode.setNodeRef("/workspace://SpacesStore/" + sourceNodeId);
+        CmisObject scriptOutsideDataDictionary = dataContent.getContentActions().copyTo(dataUser.getAdminUser().getUsername(),
+                dataUser.getAdminUser().getPassword(),
+                sourceNode.getCmisLocation(),
+                folderOutsideDataDictionary.getCmisLocation());
+        String scriptId = scriptOutsideDataDictionary.getId().substring(0, scriptOutsideDataDictionary.getId().indexOf(";"));
+
+        STEP("Try to use this script in rule.");
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        RestActionBodyExecTemplateModel scriptAction = rulesUtils.createCustomActionModel(
+                SCRIPT_ACTION, Map.of(RULE_SCRIPT_PARAM_ID, scriptId));
+        ruleModel.setActions(List.of(scriptAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST)
+                  .assertLastError().containsSummary("script-ref has invalid value");
+    }
+
+    /**
+     * Check a real category needs to be supplied when linking to a category.
+     */
+    @Test (groups = { TestGroup.REST_API, TestGroup.RULES })
+    public void checkLinkToCategoryNeedsRealCategory()
+    {
+        STEP("Attempt to link to a category with a folder node, rather than a category node.");
+        String nonCategoryNodeRef = ruleFolder.getNodeRef();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        RestActionBodyExecTemplateModel categoryAction = rulesUtils.createCustomActionModel(
+                RulesTestsUtils.LINK_CATEGORY_ACTION, Map.of("category-value", nonCategoryNodeRef));
+        ruleModel.setActions(List.of(categoryAction));
+
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                  .createSingleRule(ruleModel);
+
+        restClient.assertStatusCodeIs(BAD_REQUEST);
     }
 
     /**
@@ -451,14 +898,14 @@ public class CreateRulesTests extends RestTest
     @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void createRuleWithConditions()
     {
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        ruleModel.setConditions(createVariousConditions());
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        ruleModel.setConditions(rulesUtils.createVariousConditions());
 
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
             .createSingleRule(ruleModel);
 
-        RestRuleModel expectedRuleModel = createRuleModelWithDefaultValues();
-        expectedRuleModel.setConditions(createVariousConditions());
+        RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithDefaultValues();
+        expectedRuleModel.setConditions(rulesUtils.createVariousConditions());
         expectedRuleModel.setTriggers(List.of("inbound"));
         restClient.assertStatusCodeIs(CREATED);
         rule.assertThat().isEqualTo(expectedRuleModel, ID, IS_SHARED);
@@ -470,13 +917,13 @@ public class CreateRulesTests extends RestTest
     @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void createRuleWithConditions_emptyConditionList()
     {
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        ruleModel.setConditions(createCompositeCondition(null));
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        ruleModel.setConditions(rulesUtils.createCompositeCondition(null));
 
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
             .createSingleRule(ruleModel);
 
-        RestRuleModel expectedRuleModel = createRuleModelWithDefaultValues();
+        RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithDefaultValues();
         expectedRuleModel.setTriggers(List.of("inbound"));
         restClient.assertStatusCodeIs(CREATED);
         rule.assertThat().isEqualTo(expectedRuleModel, ID, IS_SHARED);
@@ -490,17 +937,29 @@ public class CreateRulesTests extends RestTest
     {
         STEP("Try to create a rule with non existing category in conditions.");
         String fakeCategoryId = "bdba5f9f-fake-id22-803b-349bcfd06fd1";
-        RestCompositeConditionDefinitionModel conditions = createCompositeCondition(List.of(
-            createCompositeCondition(!INVERTED, List.of(
-                createSimpleCondition("category", "equals", fakeCategoryId)
+        RestCompositeConditionDefinitionModel conditions = rulesUtils.createCompositeCondition(List.of(
+            rulesUtils.createCompositeCondition(!INVERTED, List.of(
+                    rulesUtils.createSimpleCondition("category", "equals", fakeCategoryId)
             ))
         ));
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         ruleModel.setConditions(conditions);
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
         restClient.assertLastError().containsSummary("Category in condition is invalid");
     }
+
+    private String getAddPermissionsBody(String username, String role)
+    {
+        JsonObject userPermission = Json.createObjectBuilder().add("permissions",
+                Json.createObjectBuilder()
+                        .add("isInheritanceEnabled", true)
+                        .add("locallySet", Json.createObjectBuilder()
+                                .add("authorityId", username)
+                                .add("name", role).add("accessStatus", "ALLOWED")))
+                .build();
+        return userPermission.toString();
+    }
 }

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/DeleteRulesTests.java

@@ -27,7 +27,6 @@ package org.alfresco.rest.rules;
 
 import static java.util.stream.Collectors.toList;
 
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModel;
 import static org.alfresco.utility.constants.UserRole.SiteCollaborator;
 import static org.alfresco.utility.constants.UserRole.SiteContributor;
 import static org.alfresco.utility.constants.UserRole.SiteManager;
@@ -83,20 +82,20 @@ public class DeleteRulesTests extends RestTest
         final FolderModel ruleFolder = dataContent.usingUser(user).usingSite(site).createFolder();
         final List<RestRuleModel> createdRules = Stream.of("ruleA", "ruleB", "ruleC")
                 .map(ruleName -> {
-                    RestRuleModel ruleModel = createRuleModel(ruleName);
-                    return restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                    RestRuleModel ruleModel = rulesUtils.createRuleModel(ruleName);
+                    return restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                             .createSingleRule(ruleModel);
                 })
                 .collect(toList());
 
         STEP("Attempt delete one rule");
         final RestRuleModel ruleA = createdRules.get(0);
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().deleteRule(ruleA.getId());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().deleteRule(ruleA.getId());
         restClient.assertStatusCodeIs(NO_CONTENT);
 
         STEP("Get and check the rules from the folder after deleting one of them");
         final RestRuleModelsCollection rulesAfterDeletion =
-                restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().getListOfRules();
+                restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().getListOfRules();
         restClient.assertStatusCodeIs(OK);
         rulesAfterDeletion.assertThat().entriesListCountIs(createdRules.size() - 1);
         Assert.assertTrue(rulesAfterDeletion.getEntries()
@@ -127,7 +126,7 @@ public class DeleteRulesTests extends RestTest
         nonExistingFolder.setNodeRef(FAKE_NODE_REF);
 
         STEP("Attempt delete the rule in non-existing folder");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(nonExistingFolder).usingDefaultRuleSet().deleteRule(testRule.getId());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(nonExistingFolder).usingDefaultRuleSet().deleteRule(testRule.getId());
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND);
     }
@@ -142,7 +141,7 @@ public class DeleteRulesTests extends RestTest
         final RestRuleModel testRule = createRule(ruleFolder);
 
         STEP("Attempt delete the rule in non-existing rule set");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingRuleSet(FAKE_NODE_REF).deleteRule(testRule.getId());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingRuleSet(FAKE_NODE_REF).deleteRule(testRule.getId());
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND);
     }
@@ -155,7 +154,7 @@ public class DeleteRulesTests extends RestTest
     {
         final FolderModel ruleFolder = dataContent.usingUser(user).usingSite(site).createFolder();
         STEP("Attempt delete non-existing rule");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().deleteRule(FAKE_NODE_REF);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().deleteRule(FAKE_NODE_REF);
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND);
     }
@@ -173,7 +172,7 @@ public class DeleteRulesTests extends RestTest
         final FolderModel anotherFolder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Attempt delete an existing rule from a wrong but existing (second) folder");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(anotherFolder).usingDefaultRuleSet().deleteRule(testRule.getId());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(anotherFolder).usingDefaultRuleSet().deleteRule(testRule.getId());
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND);
     }
@@ -187,13 +186,13 @@ public class DeleteRulesTests extends RestTest
         final UserModel privateUser = dataUser.createRandomTestUser();
         final SiteModel privateSite = dataSite.usingUser(privateUser).createPrivateRandomSite();
         final FolderModel privateFolder = dataContent.usingUser(privateUser).usingSite(privateSite).createFolder();
-        final RestRuleModel ruleModel = createRuleModel("Private site rule");
+        final RestRuleModel ruleModel = rulesUtils.createRuleModel("Private site rule");
         final RestRuleModel createdRule =
-                restClient.authenticateUser(privateUser).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet()
+                restClient.authenticateUser(privateUser).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet()
                         .createSingleRule(ruleModel);
 
         STEP("Try to delete the rule with another user");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().deleteRule(createdRule.getId());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().deleteRule(createdRule.getId());
 
         restClient.assertLastError().statusCodeIs(FORBIDDEN);
     }
@@ -213,7 +212,7 @@ public class DeleteRulesTests extends RestTest
         restClient.authenticateUser(user).withCoreAPI().usingSite(site).addPerson(siteCollaborator);
 
         STEP("Check the manager can delete the rule");
-        restClient.authenticateUser(siteCollaborator).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(siteCollaborator).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .deleteRule(testRule.getId());
 
         restClient.assertLastError().statusCodeIs(FORBIDDEN);
@@ -228,9 +227,9 @@ public class DeleteRulesTests extends RestTest
         final UserModel privateUser = dataUser.createRandomTestUser();
         final SiteModel privateSite = dataSite.usingUser(privateUser).createPrivateRandomSite();
         final FolderModel privateFolder = dataContent.usingUser(privateUser).usingSite(privateSite).createFolder();
-        final RestRuleModel ruleModel = createRuleModel("Private site rule");
+        final RestRuleModel ruleModel = rulesUtils.createRuleModel("Private site rule");
         final RestRuleModel createdRule =
-                restClient.authenticateUser(privateUser).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet()
+                restClient.authenticateUser(privateUser).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet()
                         .createSingleRule(ruleModel);
 
         STEP("Create a manager in the private site");
@@ -239,7 +238,7 @@ public class DeleteRulesTests extends RestTest
         restClient.authenticateUser(privateUser).withCoreAPI().usingSite(privateSite).addPerson(siteManager);
 
         STEP("Check the manager can delete the rule");
-        restClient.authenticateUser(siteManager).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(siteManager).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet()
                 .deleteRule(createdRule.getId());
 
         restClient.assertStatusCodeIs(NO_CONTENT);
@@ -248,7 +247,7 @@ public class DeleteRulesTests extends RestTest
     private RestRuleModel createRule(FolderModel ruleFolder)
     {
         STEP("Create a rule in the folder");
-        final RestRuleModel ruleModel = createRuleModel("Test rule");
-        return restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        final RestRuleModel ruleModel = rulesUtils.createRuleModel("Test rule");
+        return restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
     }
 }

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/ExecuteRulesTests.java

@@ -28,16 +28,9 @@ package org.alfresco.rest.rules;
 import static org.alfresco.rest.rules.RulesTestsUtils.AUDIO_ASPECT;
 import static org.alfresco.rest.rules.RulesTestsUtils.LOCKABLE_ASPECT;
 import static org.alfresco.rest.rules.RulesTestsUtils.RULE_NAME_DEFAULT;
-import static org.alfresco.rest.rules.RulesTestsUtils.assertThat;
-import static org.alfresco.rest.rules.RulesTestsUtils.createAddAspectAction;
-import static org.alfresco.rest.rules.RulesTestsUtils.createCustomActionModel;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleExecutionRequest;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModel;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithDefaultValues;
 import static org.alfresco.utility.report.log.Step.STEP;
 
 import java.util.List;
-import java.util.Map;
 
 import org.alfresco.dataprep.CMISUtil;
 import org.alfresco.rest.RestTest;
@@ -80,7 +73,7 @@ public class ExecuteRulesTests extends RestTest
         site = dataSite.usingUser(user).createPublicRandomSite();
     }
 
-    @BeforeMethod
+    @BeforeMethod(alwaysRun = true)
     public void setUp()
     {
         STEP("Create parent folder, rule folder and file in it");
@@ -90,11 +83,11 @@ public class ExecuteRulesTests extends RestTest
         childFolderFile = dataContent.usingUser(user).usingResource(childFolder).createContent(CMISUtil.DocumentType.TEXT_PLAIN);
 
         STEP("Create rules for parent and rule folders");
-        RestActionBodyExecTemplateModel addLockableAspectAction = createAddAspectAction(LOCKABLE_ASPECT);
-        RestRuleModel ruleModel = createRuleModel(RULE_NAME_DEFAULT, List.of(addLockableAspectAction));
+        RestActionBodyExecTemplateModel addLockableAspectAction = rulesUtils.createAddAspectAction(LOCKABLE_ASPECT);
+        RestRuleModel ruleModel = rulesUtils.createRuleModel(RULE_NAME_DEFAULT, List.of(addLockableAspectAction));
         ruleModel.setIsInheritable(true);
-        parentFolderRule = restClient.authenticateUser(user).withCoreAPI().usingNode(parentFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
-        childFolderRule = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).usingDefaultRuleSet().createSingleRule(createRuleModelWithDefaultValues());
+        parentFolderRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(parentFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        childFolderRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(childFolder).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
     }
 
     /**
@@ -106,17 +99,17 @@ public class ExecuteRulesTests extends RestTest
         STEP("Check if file aspects don't contain Audio one");
         RestNodeModel fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
 
         STEP("Execute rule");
-        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).executeRules(createRuleExecutionRequest());
+        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withPrivateAPI().usingNode(childFolder).executeRules(rulesUtils.createRuleExecutionRequest());
         restClient.assertStatusCodeIs(HttpStatus.CREATED);
         executionResult.assertThat().field("isEachSubFolderIncluded").is(false);
 
         STEP("Check if only Audio aspect was added");
         fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).containsAspects(AUDIO_ASPECT);
+        rulesUtils.assertThat(fileNode).containsAspects(AUDIO_ASPECT);
     }
 
     /**
@@ -128,18 +121,18 @@ public class ExecuteRulesTests extends RestTest
         STEP("Check if file aspects don't contain Audio and Lockable ones");
         RestNodeModel fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
 
         STEP("Execute rules including inherited rules");
-        RestRuleExecutionModel ruleExecutionRequest = createRuleExecutionRequest();
-        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).executeRules(ruleExecutionRequest);
+        RestRuleExecutionModel ruleExecutionRequest = rulesUtils.createRuleExecutionRequest();
+        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withPrivateAPI().usingNode(childFolder).executeRules(ruleExecutionRequest);
         restClient.assertStatusCodeIs(HttpStatus.CREATED);
         executionResult.assertThat().field("isEachSubFolderIncluded").is(false);
 
         STEP("Check if Audio and Lockable aspects were added");
         fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).containsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
+        rulesUtils.assertThat(fileNode).containsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
     }
 
     /**
@@ -151,31 +144,31 @@ public class ExecuteRulesTests extends RestTest
         STEP("Check if parent folder's file aspects don't contain Audio and Lockable ones");
         RestNodeModel fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(parentFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
 
         STEP("Check if child folder's file aspects don't contain Audio and Lockable ones");
         fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
 
         STEP("Execute rules on parent folder including sub-folders");
-        RestRuleExecutionModel ruleExecutionRequest = createRuleExecutionRequest();
+        RestRuleExecutionModel ruleExecutionRequest = rulesUtils.createRuleExecutionRequest();
         ruleExecutionRequest.setIsEachSubFolderIncluded(true);
-        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withCoreAPI().usingNode(parentFolder).executeRules(ruleExecutionRequest);
+        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withPrivateAPI().usingNode(parentFolder).executeRules(ruleExecutionRequest);
         restClient.assertStatusCodeIs(HttpStatus.CREATED);
         executionResult.assertThat().field("isEachSubFolderIncluded").is(true);
 
         STEP("Check if Lockable aspects was added to parent folder's file");
         fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(parentFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode)
+        rulesUtils.assertThat(fileNode)
             .containsAspects(LOCKABLE_ASPECT)
             .notContainsAspects(AUDIO_ASPECT);
 
         STEP("Check if Audio and Lockable aspects were added to child folder's file");
         fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode)
+        rulesUtils.assertThat(fileNode)
             .containsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
     }
 
@@ -186,24 +179,24 @@ public class ExecuteRulesTests extends RestTest
     public void executeRules_disabledRule()
     {
         STEP("Disable child rules");
-        RestRuleModel updatedChildRule = createRuleModelWithDefaultValues();
+        RestRuleModel updatedChildRule = rulesUtils.createRuleModelWithDefaultValues();
         updatedChildRule.setIsEnabled(false);
-        restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).usingDefaultRuleSet().updateRule(childFolderRule.getId(), updatedChildRule);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(childFolder).usingDefaultRuleSet().updateRule(childFolderRule.getId(), updatedChildRule);
 
         STEP("Check if file aspects don't contain Audio one");
         RestNodeModel fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
 
         STEP("Execute rule");
-        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).executeRules(createRuleExecutionRequest());
+        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withPrivateAPI().usingNode(childFolder).executeRules(rulesUtils.createRuleExecutionRequest());
         restClient.assertStatusCodeIs(HttpStatus.CREATED);
         executionResult.assertThat().field("isEachSubFolderIncluded").is(false);
 
         STEP("Check if Audio aspect is still missing");
         fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
     }
 
     /**
@@ -213,24 +206,24 @@ public class ExecuteRulesTests extends RestTest
     public void executeRules_notInheritableRule()
     {
         STEP("Set parent rule as not inheritable");
-        RestRuleModel updatedParentRule = createRuleModelWithDefaultValues();
+        RestRuleModel updatedParentRule = rulesUtils.createRuleModelWithDefaultValues();
         updatedParentRule.setIsInheritable(false);
-        restClient.authenticateUser(user).withCoreAPI().usingNode(parentFolder).usingDefaultRuleSet().updateRule(parentFolderRule.getId(), updatedParentRule);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(parentFolder).usingDefaultRuleSet().updateRule(parentFolderRule.getId(), updatedParentRule);
 
         STEP("Check if file aspects don't contain Audio and Lockable ones");
         RestNodeModel fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT, LOCKABLE_ASPECT);
 
         STEP("Execute child folder rules including inherited rules");
-        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).executeRules(createRuleExecutionRequest());
+        RestRuleExecutionModel executionResult = restClient.authenticateUser(user).withPrivateAPI().usingNode(childFolder).executeRules(rulesUtils.createRuleExecutionRequest());
         restClient.assertStatusCodeIs(HttpStatus.CREATED);
         executionResult.assertThat().field("isEachSubFolderIncluded").is(false);
 
         STEP("Check if Audio aspect is present and Lockable is still missing");
         fileNode = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolderFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode)
+        rulesUtils.assertThat(fileNode)
             .containsAspects(AUDIO_ASPECT)
             .notContainsAspects(LOCKABLE_ASPECT);
     }
@@ -245,10 +238,10 @@ public class ExecuteRulesTests extends RestTest
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
         dataContent.usingAdmin().usingResource(privateFolder).createContent(CMISUtil.DocumentType.TEXT_PLAIN);
-        restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(createRuleModelWithDefaultValues());
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
 
         STEP("Try to execute private folder's rules by user");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(privateFolder).executeRules(createRuleExecutionRequest());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(privateFolder).executeRules(rulesUtils.createRuleExecutionRequest());
         restClient.assertStatusCodeIs(HttpStatus.FORBIDDEN);
     }
 
@@ -263,11 +256,11 @@ public class ExecuteRulesTests extends RestTest
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
         dataContent.usingAdmin().usingResource(privateFolder).createContent(CMISUtil.DocumentType.TEXT_PLAIN);
-        restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(createRuleModelWithDefaultValues());
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
         dataUser.usingAdmin().addUserToSite(contributor, privateSite, UserRole.SiteContributor);
 
         STEP("Try to execute private folder's rules by contributor");
-        restClient.authenticateUser(contributor).withCoreAPI().usingNode(privateFolder).executeRules(createRuleExecutionRequest());
+        restClient.authenticateUser(contributor).withPrivateAPI().usingNode(privateFolder).executeRules(rulesUtils.createRuleExecutionRequest());
         restClient.assertStatusCodeIs(HttpStatus.FORBIDDEN);
     }
 
@@ -283,38 +276,23 @@ public class ExecuteRulesTests extends RestTest
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
         FileModel privateFile = dataContent.usingAdmin().usingResource(privateFolder).createContent(CMISUtil.DocumentType.TEXT_PLAIN);
-        restClient.authenticateUser(admin).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(createRuleModelWithDefaultValues());
+        restClient.authenticateUser(admin).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
         dataUser.usingAdmin().addUserToSite(collaborator, privateSite, UserRole.SiteCollaborator);
 
         STEP("Check if file aspects don't contain Audio one");
         RestNodeModel fileNode = restClient.authenticateUser(admin).withCoreAPI().usingNode(privateFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
+        rulesUtils.assertThat(fileNode).notContainsAspects(AUDIO_ASPECT);
 
         STEP("Execute private folder's rules by collaborator");
-        restClient.authenticateUser(collaborator).withCoreAPI().usingNode(privateFolder).executeRules(createRuleExecutionRequest());
+        restClient.authenticateUser(collaborator).withPrivateAPI().usingNode(privateFolder).executeRules(rulesUtils.createRuleExecutionRequest());
         restClient.assertStatusCodeIs(HttpStatus.CREATED);
 
         STEP("Check if Audio aspect is present");
         fileNode = restClient.authenticateUser(admin).withCoreAPI().usingNode(privateFile).getNode();
         restClient.assertStatusCodeIs(HttpStatus.OK);
-        assertThat(fileNode).containsAspects(AUDIO_ASPECT);
+        rulesUtils.assertThat(fileNode).containsAspects(AUDIO_ASPECT);
     }
 
-    /**
-     * Try to execute rule with broken action and receive 500.
-     */
-    @Test(groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.ACTIONS })
-    public void executeRules_brokenActionResultsWith500()
-    {
-        STEP("Update folder rule with broken action");
-        RestActionBodyExecTemplateModel brokenAction = createCustomActionModel("set-property-value", Map.of("aspect-name", AUDIO_ASPECT));
-        childFolderRule.setActions(List.of(brokenAction));
-        restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).usingDefaultRuleSet().updateRule(childFolderRule.getId(), childFolderRule);
-        restClient.assertStatusCodeIs(HttpStatus.OK);
-
-        STEP("Try to execute rule with broken action");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).executeRules(createRuleExecutionRequest());
-        restClient.assertStatusCodeIs(HttpStatus.INTERNAL_SERVER_ERROR);
-    }
+    //TODO: add test(s) that would cover handling executing broken rule and/or broken rule execution (ACS-3699)
 }

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetInheritedRulesTests.java

@@ -25,7 +25,6 @@
  */
 package org.alfresco.rest.rules;
 
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithModifiedValues;
 import static org.alfresco.utility.report.log.Step.STEP;
 import static org.testng.Assert.assertEquals;
 
@@ -72,22 +71,22 @@ public class GetInheritedRulesTests extends RestTest
         STEP("Create a parent and child folder, each with inheriting rules");
         FolderModel parent = dataContent.usingUser(user).usingSite(site).createFolder();
         FolderModel child = dataContent.usingUser(user).usingResource(parent).createFolder();
-        RestRuleModel parentRule = createRuleModelWithModifiedValues();
-        parentRule = restClient.authenticateUser(user).withCoreAPI().usingNode(parent).usingDefaultRuleSet().createSingleRule(parentRule);
-        RestRuleModel childRule = createRuleModelWithModifiedValues();
-        childRule = restClient.authenticateUser(user).withCoreAPI().usingNode(child).usingDefaultRuleSet().createSingleRule(childRule);
+        RestRuleModel parentRule = rulesUtils.createRuleModelWithDefaultValues();
+        parentRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(parent).usingDefaultRuleSet().createSingleRule(parentRule);
+        RestRuleModel childRule = rulesUtils.createRuleModelWithDefaultValues();
+        childRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(child).usingDefaultRuleSet().createSingleRule(childRule);
 
         STEP("Get the rules in the default rule set for the child folder");
-        RestRuleModelsCollection rules = restClient.authenticateUser(user).withCoreAPI().usingNode(child).usingDefaultRuleSet().getListOfRules();
+        RestRuleModelsCollection rules = restClient.authenticateUser(user).withPrivateAPI().usingNode(child).usingDefaultRuleSet().getListOfRules();
         rules.assertThat().entriesListContains("id", childRule.getId())
              .and().entriesListCountIs(1);
 
         STEP("Get the rules in the inherited rule set for the child folder");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(child).include("inclusionType").getListOfRuleSets();
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(child).include("inclusionType").getListOfRuleSets();
         String inheritedRuleSetId = ruleSets.getEntries().stream()
                                             .filter(ruleSet -> ruleSet.onModel().getInclusionType().equals("inherited"))
                                             .findFirst().get().onModel().getId();
-        RestRuleModelsCollection inheritedRules = restClient.authenticateUser(user).withCoreAPI().usingNode(child).usingRuleSet(inheritedRuleSetId).getListOfRules();
+        RestRuleModelsCollection inheritedRules = restClient.authenticateUser(user).withPrivateAPI().usingNode(child).usingRuleSet(inheritedRuleSetId).getListOfRules();
         inheritedRules.assertThat().entriesListContains("id", parentRule.getId())
                       .and().entriesListCountIs(1);
     }
@@ -111,23 +110,23 @@ public class GetInheritedRulesTests extends RestTest
         FolderModel folderB = dataContent.usingUser(user).usingResource(folderA).createFolder();
         FolderModel folderC = dataContent.usingUser(user).usingResource(folderB).createFolder();
         FolderModel folderD = dataContent.usingUser(user).usingResource(folderC).createFolder();
-        RestRuleModel ruleB = restClient.authenticateUser(user).withCoreAPI().usingNode(folderB).usingDefaultRuleSet().createSingleRule(createRuleModelWithModifiedValues());
-        RestRuleModel ruleC = restClient.authenticateUser(user).withCoreAPI().usingNode(folderC).usingDefaultRuleSet().createSingleRule(createRuleModelWithModifiedValues());
-        RestRuleModel ruleD = restClient.authenticateUser(user).withCoreAPI().usingNode(folderD).usingDefaultRuleSet().createSingleRule(createRuleModelWithModifiedValues());
+        RestRuleModel ruleB = restClient.authenticateUser(user).withPrivateAPI().usingNode(folderB).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
+        RestRuleModel ruleC = restClient.authenticateUser(user).withPrivateAPI().usingNode(folderC).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
+        RestRuleModel ruleD = restClient.authenticateUser(user).withPrivateAPI().usingNode(folderD).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
         STEP("Link folderA to ruleSetD");
         RestRuleSetLinkModel linkModel = new RestRuleSetLinkModel();
         linkModel.setId(folderD.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folderA).createRuleLink(linkModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folderA).createRuleLink(linkModel);
 
         STEP("Get the rule sets for the folderD");
-        List<RestRuleSetModel> ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(folderD).getListOfRuleSets().getEntries();
+        List<RestRuleSetModel> ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(folderD).getListOfRuleSets().getEntries();
 
         STEP("Check the rules for each rule set are as expected");
         List<RestRuleModel> expectedRuleIds = List.of(ruleD, ruleB, ruleC);
         IntStream.range(0, 2).forEach(index -> {
             String ruleSetId = ruleSets.get(index).onModel().getId();
             List<RestRuleModel> rules = restClient.authenticateUser(user)
-                                                  .withCoreAPI()
+                                                  .withPrivateAPI()
                                                   .usingNode(folderD)
                                                   .usingRuleSet(ruleSetId)
                                                   .getListOfRules()

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRuleSetsTests.java

@@ -26,9 +26,7 @@
 package org.alfresco.rest.rules;
 
 import static org.alfresco.rest.requests.RuleSettings.IS_INHERITANCE_ENABLED;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModel;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithDefaultValues;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithModifiedValues;
+import static org.alfresco.rest.rules.RulesTestsUtils.MOVE_ACTION;
 import static org.alfresco.utility.report.log.Step.STEP;
 import static org.junit.Assert.assertTrue;
 import static org.springframework.http.HttpStatus.FORBIDDEN;
@@ -46,6 +44,7 @@ import org.alfresco.rest.model.RestRuleSetModel;
 import org.alfresco.rest.model.RestRuleSetModelsCollection;
 import org.alfresco.rest.model.RestRuleSettingsModel;
 import org.alfresco.rest.requests.coreAPI.RestCoreAPI;
+import org.alfresco.rest.requests.privateAPI.RestPrivateAPI;
 import org.alfresco.utility.constants.UserRole;
 import org.alfresco.utility.model.FolderModel;
 import org.alfresco.utility.model.SiteModel;
@@ -83,16 +82,16 @@ public class GetRuleSetsTests extends RestTest
         notInheritingChildFolder = dataContent.usingUser(user).usingResource(ruleFolder).createFolder();
         RestRuleSettingsModel doesntInherit = new RestRuleSettingsModel();
         doesntInherit.setValue(false);
-        restClient.authenticateUser(user).withCoreAPI().usingNode(notInheritingChildFolder)
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(notInheritingChildFolder)
                   .usingIsInheritanceEnabledRuleSetting().updateSetting(doesntInherit);
 
         STEP("Create a rule in the folder.");
-        RestRuleModel ruleModel = createRuleModel("ruleName");
-        rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("ruleName");
+        rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                        .createSingleRule(ruleModel);
 
         STEP("Get the rule sets for the folder and find the rule set id");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                                                          .getListOfRuleSets();
         ruleSets.assertThat().entriesListCountIs(1);
         ruleSetId = ruleSets.getEntries().get(0).onModel().getId();
@@ -100,7 +99,7 @@ public class GetRuleSetsTests extends RestTest
         STEP("Use admin to create a private site containing a rule in a rule set that can be inherited.");
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
-        coreAPIForAdmin().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(createRuleModelWithModifiedValues());
+        privateAPIForAdmin().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithModifiedValues());
     }
 
     /** Check we can get an empty list of rule sets. */
@@ -111,7 +110,7 @@ public class GetRuleSetsTests extends RestTest
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Get the rule sets for the folder");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI()
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI()
                                                          .usingNode(folder).getListOfRuleSets();
 
         restClient.assertStatusCodeIs(OK);
@@ -123,7 +122,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetsList()
     {
         STEP("Get the rule sets for the folder");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                                                          .getListOfRuleSets();
 
         restClient.assertStatusCodeIs(OK);
@@ -139,7 +138,7 @@ public class GetRuleSetsTests extends RestTest
         STEP("Try to load rule sets for a non-existent folder.");
         FolderModel nonExistentFolder = FolderModel.getRandomFolderModel();
         nonExistentFolder.setNodeRef("fake-id");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(nonExistentFolder).getListOfRuleSets();
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(nonExistentFolder).getListOfRuleSets();
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -148,7 +147,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetsWithoutPermission()
     {
         STEP("Check a user cannot list rule sets without read access.");
-        coreAPIForUser().usingNode(privateFolder).getListOfRuleSets();
+        privateAPIForUser().usingNode(privateFolder).getListOfRuleSets();
         restClient.assertStatusCodeIs(FORBIDDEN);
     }
 
@@ -162,24 +161,24 @@ public class GetRuleSetsTests extends RestTest
         FolderModel childFolder = dataContent.usingUser(user).usingResource(parentFolder).createFolder();
         RestRuleSettingsModel enabled = new RestRuleSettingsModel();
         enabled.setValue(true);
-        coreAPIForUser().usingNode(parentFolder).usingRuleSetting(IS_INHERITANCE_ENABLED).updateSetting(enabled);
+        privateAPIForUser().usingNode(parentFolder).usingRuleSetting(IS_INHERITANCE_ENABLED).updateSetting(enabled);
 
         STEP("Link the parent folder to a private rule set.");
         RestRuleSetLinkModel linkModel = new RestRuleSetLinkModel();
         linkModel.setId(privateFolder.getNodeRef());
-        coreAPIForAdmin().usingNode(parentFolder).createRuleLink(linkModel);
+        privateAPIForAdmin().usingNode(parentFolder).createRuleLink(linkModel);
 
         STEP("Create a rule on the child folder.");
-        coreAPIForUser().usingNode(childFolder).usingDefaultRuleSet().createSingleRule(createRuleModelWithDefaultValues());
+        privateAPIForUser().usingNode(childFolder).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
 
         STEP("Check admin can view both rule sets.");
-        RestRuleSetModelsCollection adminViewOfRuleSets = coreAPIForAdmin().usingNode(childFolder).getListOfRuleSets();
+        RestRuleSetModelsCollection adminViewOfRuleSets = privateAPIForAdmin().usingNode(childFolder).getListOfRuleSets();
         restClient.assertStatusCodeIs(OK);
         RestRuleSetModel parentRuleSet = adminViewOfRuleSets.getEntries().get(0).onModel();
         RestRuleSetModel childRuleSet = adminViewOfRuleSets.getEntries().get(1).onModel();
 
         STEP("Check the normal user can only view the child rule set.");
-        RestRuleSetModelsCollection userViewOfRuleSets = coreAPIForUser().usingNode(childFolder).getListOfRuleSets();
+        RestRuleSetModelsCollection userViewOfRuleSets = privateAPIForUser().usingNode(childFolder).getListOfRuleSets();
         restClient.assertStatusCodeIs(OK);
         userViewOfRuleSets.assertThat().entriesListContains("id", childRuleSet.getId())
                           .and().entriesListDoesNotContain("id", parentRuleSet.getId());
@@ -190,7 +189,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetsAndOwningFolders()
     {
         STEP("Get the rule sets and owning folders");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI()
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI()
                                                  .usingNode(ruleFolder)
                                                  .include("owningFolder")
                                                  .getListOfRuleSets();
@@ -207,7 +206,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetsAndOwnedInclusionType()
     {
         STEP("Get the rule sets and inclusion type");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI()
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI()
                                                          .usingNode(ruleFolder)
                                                          .include("inclusionType")
                                                          .getListOfRuleSets();
@@ -224,7 +223,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetsAndInheritedInclusionType()
     {
         STEP("Get the rule sets and inclusion type");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI()
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI()
                                                          .usingNode(inheritingChildFolder)
                                                          .include("inclusionType")
                                                          .getListOfRuleSets();
@@ -241,7 +240,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetsWithoutInheriting()
     {
         STEP("Get the rule sets and inclusion type");
-        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI()
+        RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI()
                                                          .usingNode(notInheritingChildFolder)
                                                          .getListOfRuleSets();
 
@@ -254,7 +253,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetById()
     {
         STEP("Get the rule set using its rule set id");
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                                              .getRuleSet(ruleSetId);
 
         restClient.assertStatusCodeIs(OK);
@@ -272,7 +271,7 @@ public class GetRuleSetsTests extends RestTest
     public void getDefaultRuleSetById()
     {
         STEP("Get the default rule set for the folder");
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                                                          .getDefaultRuleSet();
 
         restClient.assertStatusCodeIs(OK);
@@ -286,7 +285,7 @@ public class GetRuleSetsTests extends RestTest
         STEP("Try to load a rule set for a non-existent folder.");
         FolderModel nonExistentFolder = FolderModel.getRandomFolderModel();
         nonExistentFolder.setNodeRef("fake-id");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(nonExistentFolder).getDefaultRuleSet();
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(nonExistentFolder).getDefaultRuleSet();
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -296,7 +295,7 @@ public class GetRuleSetsTests extends RestTest
     {
         STEP("Get the rule set using fake rule set id");
         String fakeRuleSetId = "fake-rule-set-id";
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).getRuleSet(fakeRuleSetId);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).getRuleSet(fakeRuleSetId);
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -305,7 +304,7 @@ public class GetRuleSetsTests extends RestTest
     public void getRuleSetAndOwningFolder()
     {
         STEP("Get the rule set and owning folder");
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI()
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI()
                                              .usingNode(ruleFolder)
                                              .include("owningFolder")
                                              .getRuleSet(ruleSetId);
@@ -343,33 +342,33 @@ public class GetRuleSetsTests extends RestTest
         dataContent.usingAdmin().usingResource(privateFolder).setInheritPermissions(false);
         // Create the grandchild with user and use admin to move it under the private folder.
         FolderModel publicGrandchild = dataContent.usingUser(user).usingSite(siteModel).createFolder();
-        coreAPIForAdmin().usingActions().executeAction("move", publicGrandchild, ImmutableMap.of("destination-folder", "workspace://SpacesStore/" + privateFolder.getNodeRef()));
+        coreAPIForAdmin().usingActions().executeAction(MOVE_ACTION, publicGrandchild, ImmutableMap.of("destination-folder", "workspace://SpacesStore/" + privateFolder.getNodeRef()));
         // Create the non-inheriting folder.
         FolderModel nonInheritingFolder = dataContent.usingUser(user).usingResource(folder).createFolder();
         RestRuleSettingsModel nonInheriting = new RestRuleSettingsModel();
         nonInheriting.setKey(IS_INHERITANCE_ENABLED);
         nonInheriting.setValue(false);
-        coreAPIForUser().usingNode(nonInheritingFolder).usingIsInheritanceEnabledRuleSetting().updateSetting(nonInheriting);
+        privateAPIForUser().usingNode(nonInheritingFolder).usingIsInheritanceEnabledRuleSetting().updateSetting(nonInheriting);
         // Create a child that will link to the rule and a child of that to inherit via the link.
         FolderModel linkingFolder = dataContent.usingUser(user).usingResource(nonInheritingFolder).createFolder();
         FolderModel descendantFolder = dataContent.usingUser(user).usingResource(linkingFolder).createFolder();
 
         STEP("Create an inheritable rule in the folder and get the rule set id.");
-        RestRuleModel ruleModel = createRuleModelWithModifiedValues();
-        coreAPIForUser().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
-        RestRuleSetModelsCollection ruleSets = coreAPIForUser().usingNode(folder).getListOfRuleSets();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithModifiedValues();
+        privateAPIForUser().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleSetModelsCollection ruleSets = privateAPIForUser().usingNode(folder).getListOfRuleSets();
         String ruleSetId = ruleSets.getEntries().get(0).onModel().getId();
 
         STEP("Create the link to the rule from the linking folder");
         RestRuleSetLinkModel ruleSetLink = new RestRuleSetLinkModel();
         ruleSetLink.setId(folder.getNodeRef());
-        coreAPIForUser().usingNode(linkingFolder).createRuleLink(ruleSetLink);
+        privateAPIForUser().usingNode(linkingFolder).createRuleLink(ruleSetLink);
 
         STEP("Remove the user from  the site");
         dataUser.removeUserFromSite(user, siteModel);
 
         STEP("Get the rule set and inheriting folders");
-        RestRuleSetModel ruleSet = coreAPIForUser().usingNode(folder)
+        RestRuleSetModel ruleSet = privateAPIForUser().usingNode(folder)
                                                    .include("inheritedBy")
                                                    .getRuleSet(ruleSetId);
 
@@ -397,17 +396,17 @@ public class GetRuleSetsTests extends RestTest
         dataUser.removeUserFromSite(user, siteModel);
 
         STEP("Create a rule in the folder and link to it from the other two.");
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        coreAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
-        RestRuleSetModelsCollection ruleSets = coreAPIForAdmin().usingNode(ruleFolder).getListOfRuleSets();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        privateAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleSetModelsCollection ruleSets = privateAPIForAdmin().usingNode(ruleFolder).getListOfRuleSets();
         String ruleSetId = ruleSets.getEntries().get(0).onModel().getId();
         RestRuleSetLinkModel ruleSetLink = new RestRuleSetLinkModel();
         ruleSetLink.setId(ruleFolder.getNodeRef());
-        coreAPIForUser().usingNode(publicFolder).createRuleLink(ruleSetLink);
-        coreAPIForAdmin().usingNode(privateFolder).createRuleLink(ruleSetLink);
+        privateAPIForUser().usingNode(publicFolder).createRuleLink(ruleSetLink);
+        privateAPIForAdmin().usingNode(privateFolder).createRuleLink(ruleSetLink);
 
         STEP("Get the rule set and linkedToBy field");
-        RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = privateAPIForUser().usingNode(ruleFolder)
                                                    .include("linkedToBy")
                                                    .getRuleSet(ruleSetId);
 
@@ -427,14 +426,14 @@ public class GetRuleSetsTests extends RestTest
         STEP("Create a folder with a rule set and a private child folder to inherit it");
         FolderModel ruleFolder = dataContent.usingUser(user).usingSite(siteModel).createFolder();
         dataContent.usingAdmin().usingResource(ruleFolder).createFolder();
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        coreAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        privateAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         STEP("Remove the user from  the site");
         dataUser.removeUserFromSite(user, siteModel);
 
         STEP("Get the rule set and isInherited field");
-        RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = privateAPIForUser().usingNode(ruleFolder)
                                                    .include("isInherited", "inheritedBy")
                                                    .getDefaultRuleSet();
 
@@ -451,18 +450,18 @@ public class GetRuleSetsTests extends RestTest
         STEP("Create a site and a folder with a rule");
         SiteModel siteModel = dataSite.usingUser(user).createPublicRandomSite();
         FolderModel ruleFolder = dataContent.usingUser(user).usingSite(siteModel).createFolder();
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        coreAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        privateAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         STEP("Create a second folder in the site that links to the rule set");
         FolderModel secondFolder = dataContent.usingUser(user).usingSite(siteModel).createFolder();
         dataContent.usingUser(user).usingResource(secondFolder).createFolder();
         RestRuleSetLinkModel ruleSetLink = new RestRuleSetLinkModel();
         ruleSetLink.setId(ruleFolder.getNodeRef());
-        coreAPIForUser().usingNode(secondFolder).createRuleLink(ruleSetLink);
+        privateAPIForUser().usingNode(secondFolder).createRuleLink(ruleSetLink);
 
         STEP("Get the rule set and isInherited field");
-        RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = privateAPIForUser().usingNode(ruleFolder)
                                                    .include("isInherited")
                                                    .getDefaultRuleSet();
 
@@ -479,17 +478,17 @@ public class GetRuleSetsTests extends RestTest
         STEP("Create a site and a folder with a rule");
         SiteModel siteModel = dataSite.usingUser(user).createPublicRandomSite();
         FolderModel ruleFolder = dataContent.usingUser(user).usingSite(siteModel).createFolder();
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        coreAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        privateAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         STEP("Create a second folder in the site that links to the rule set");
         FolderModel secondFolder = dataContent.usingUser(user).usingSite(siteModel).createFolder();
         RestRuleSetLinkModel ruleSetLink = new RestRuleSetLinkModel();
         ruleSetLink.setId(ruleFolder.getNodeRef());
-        coreAPIForUser().usingNode(secondFolder).createRuleLink(ruleSetLink);
+        privateAPIForUser().usingNode(secondFolder).createRuleLink(ruleSetLink);
 
         STEP("Get the rule set and isInherited field");
-        RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = privateAPIForUser().usingNode(ruleFolder)
                                                    .include("isInherited")
                                                    .getDefaultRuleSet();
 
@@ -508,20 +507,20 @@ public class GetRuleSetsTests extends RestTest
 
         STEP("Create a folder with a rule set");
         FolderModel ruleFolder = dataContent.usingUser(user).usingSite(siteModel).createFolder();
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        coreAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        privateAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         STEP("Create a private folder linking to the rule set");
         FolderModel linkingFolder = dataContent.usingAdmin().usingSite(siteModel).createFolder();
         RestRuleSetLinkModel linkModel = new RestRuleSetLinkModel();
         linkModel.setId(ruleFolder.getNodeRef());
-        coreAPIForAdmin().usingNode(linkingFolder).createRuleLink(linkModel);
+        privateAPIForAdmin().usingNode(linkingFolder).createRuleLink(linkModel);
 
         STEP("Remove the user from  the site");
         dataUser.removeUserFromSite(user, siteModel);
 
         STEP("Get the rule set and isLinkedTo field");
-        RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = privateAPIForUser().usingNode(ruleFolder)
                                                    .include("isLinkedTo", "linkedToBy", "owningFolder")
                                                    .getDefaultRuleSet();
 
@@ -540,12 +539,12 @@ public class GetRuleSetsTests extends RestTest
         STEP("Create a site, a folder with a rule and a child folder that inherits it");
         SiteModel siteModel = dataSite.usingUser(user).createPublicRandomSite();
         FolderModel ruleFolder = dataContent.usingUser(user).usingSite(siteModel).createFolder();
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        coreAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        privateAPIForUser().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
         dataContent.usingUser(user).usingResource(ruleFolder).createFolder();
 
         STEP("Get the rule set and isLinkedTo field");
-        RestRuleSetModel ruleSet = coreAPIForUser().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = privateAPIForUser().usingNode(ruleFolder)
                                                    .include("isLinkedTo")
                                                    .getDefaultRuleSet();
 
@@ -563,35 +562,40 @@ public class GetRuleSetsTests extends RestTest
         FolderModel childFolder = dataContent.usingUser(user).usingResource(parentFolder).createFolder();
         RestRuleSettingsModel enabled = new RestRuleSettingsModel();
         enabled.setValue(true);
-        coreAPIForUser().usingNode(parentFolder).usingRuleSetting(IS_INHERITANCE_ENABLED).updateSetting(enabled);
+        privateAPIForUser().usingNode(parentFolder).usingRuleSetting(IS_INHERITANCE_ENABLED).updateSetting(enabled);
 
         STEP("Link the parent folder to a private rule set.");
         RestRuleSetLinkModel linkModel = new RestRuleSetLinkModel();
         linkModel.setId(privateFolder.getNodeRef());
-        coreAPIForAdmin().usingNode(parentFolder).createRuleLink(linkModel);
+        privateAPIForAdmin().usingNode(parentFolder).createRuleLink(linkModel);
 
         STEP("Create a rule on the child folder.");
-        coreAPIForUser().usingNode(childFolder).usingDefaultRuleSet().createSingleRule(createRuleModelWithDefaultValues());
+        privateAPIForUser().usingNode(childFolder).usingDefaultRuleSet().createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
 
         STEP("Use the admin user to get both rule sets.");
-        RestRuleSetModelsCollection adminViewOfRuleSets = coreAPIForAdmin().usingNode(childFolder).getListOfRuleSets();
+        RestRuleSetModelsCollection adminViewOfRuleSets = privateAPIForAdmin().usingNode(childFolder).getListOfRuleSets();
         RestRuleSetModel parentRuleSet = adminViewOfRuleSets.getEntries().get(0).onModel();
         RestRuleSetModel childRuleSet = adminViewOfRuleSets.getEntries().get(1).onModel();
 
         STEP("Check the normal user can only view the child rule set.");
-        coreAPIForUser().usingNode(childFolder).getRuleSet(parentRuleSet.getId());
+        privateAPIForUser().usingNode(childFolder).getRuleSet(parentRuleSet.getId());
         restClient.assertStatusCodeIs(FORBIDDEN);
-        coreAPIForUser().usingNode(childFolder).getRuleSet(childRuleSet.getId());
+        privateAPIForUser().usingNode(childFolder).getRuleSet(childRuleSet.getId());
         restClient.assertStatusCodeIs(OK);
     }
 
-    private RestCoreAPI coreAPIForUser()
-    {
-        return restClient.authenticateUser(user).withCoreAPI();
-    }
-
     private RestCoreAPI coreAPIForAdmin()
     {
         return restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI();
     }
+
+    private RestPrivateAPI privateAPIForUser()
+    {
+        return restClient.authenticateUser(user).withPrivateAPI();
+    }
+
+    private RestPrivateAPI privateAPIForAdmin()
+    {
+        return restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI();
+    }
 }

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/GetRulesTests.java

@@ -27,14 +27,13 @@ package org.alfresco.rest.rules;
 
 import static java.util.stream.Collectors.toList;
 
-import static org.alfresco.rest.rules.RulesTestsUtils.*;
 import static org.alfresco.utility.constants.UserRole.SiteCollaborator;
 import static org.alfresco.utility.report.log.Step.STEP;
 import static org.junit.Assert.assertTrue;
+import static org.springframework.http.HttpStatus.CREATED;
 import static org.springframework.http.HttpStatus.FORBIDDEN;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
 import static org.springframework.http.HttpStatus.OK;
-import static org.springframework.http.HttpStatus.CREATED;
 
 import java.util.List;
 import java.util.stream.IntStream;
@@ -76,8 +75,8 @@ public class GetRulesTests extends RestTest
 
         STEP("Create rules in the folder");
         createdRules = Stream.of("ruleA", "ruleB").map(ruleName -> {
-            RestRuleModel ruleModel = createRuleModel(ruleName);
-            return restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+            RestRuleModel ruleModel = rulesUtils.createRuleModel(ruleName);
+            return restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
         }).collect(toList());
         createdRuleA = createdRules.get(0);
     }
@@ -90,7 +89,7 @@ public class GetRulesTests extends RestTest
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Get the rules that apply to the folder");
-        RestRuleModelsCollection rules = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingDefaultRuleSet().getListOfRules();
+        RestRuleModelsCollection rules = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().getListOfRules();
 
         restClient.assertStatusCodeIs(NOT_FOUND);
         assertTrue("Expected no rules to be present.", rules.isEmpty());
@@ -105,7 +104,7 @@ public class GetRulesTests extends RestTest
     public void getRulesList()
     {
         STEP("Get the rules that apply to the folder");
-        RestRuleModelsCollection rules = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().getListOfRules();
+        RestRuleModelsCollection rules = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().getListOfRules();
 
         restClient.assertStatusCodeIs(OK);
         rules.assertThat().entriesListCountIs(createdRules.size());
@@ -123,7 +122,7 @@ public class GetRulesTests extends RestTest
         STEP("Try to load rules for a non-existent folder.");
         FolderModel nonExistentFolder = FolderModel.getRandomFolderModel();
         nonExistentFolder.setNodeRef("fake-id");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(nonExistentFolder).usingDefaultRuleSet().getListOfRules();
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(nonExistentFolder).usingDefaultRuleSet().getListOfRules();
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -134,7 +133,7 @@ public class GetRulesTests extends RestTest
         STEP("Create a folder in existing site");
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
         STEP("Try to load rules for a non-existent rule set.");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingRuleSet("fake-id").getListOfRules();
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingRuleSet("fake-id").getListOfRules();
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -143,7 +142,7 @@ public class GetRulesTests extends RestTest
     public void getRulesListWithIncludedFields()
     {
         STEP("Get the rules that apply to the folder");
-        RestRuleModelsCollection rules = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModelsCollection rules = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                                    .include("isShared")
                                                    .getListOfRules();
 
@@ -169,7 +168,7 @@ public class GetRulesTests extends RestTest
     public void getSingleRule()
     {
         STEP("Load a particular rule");
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().getSingleRule(createdRuleA.getId());
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().getSingleRule(createdRuleA.getId());
 
         restClient.assertStatusCodeIs(OK);
 
@@ -183,14 +182,14 @@ public class GetRulesTests extends RestTest
     public void getRulesOtherFieldsModified()
     {
         STEP("Create a rule with all other fields default values modified");
-        RestRuleModel ruleModel = createRuleModelWithModifiedValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithModifiedValues();
         ruleModel.setTriggers(List.of("update"));
         UserModel admin = dataUser.getAdminUser();
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
-        RestRuleModel rule = restClient.authenticateUser(admin).withCoreAPI().usingNode(folder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(folder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
-        RestRuleModel expectedRuleModel = createRuleModelWithModifiedValues();
+        RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithModifiedValues();
         expectedRuleModel.setTriggers(List.of("update"));
 
         restClient.assertStatusCodeIs(CREATED);
@@ -205,13 +204,13 @@ public class GetRulesTests extends RestTest
     public void getRulesDefaultFields()
     {
         STEP("Create a rule with all other fields default values");
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
         UserModel admin = dataUser.getAdminUser();
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
-        RestRuleModel rule = restClient.authenticateUser(admin).withCoreAPI().usingNode(folder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(folder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
-        RestRuleModel expectedRuleModel = createRuleModelWithDefaultValues();
+        RestRuleModel expectedRuleModel = rulesUtils.createRuleModelWithDefaultValues();
         expectedRuleModel.setTriggers(List.of("inbound"));
 
         restClient.assertStatusCodeIs(CREATED);
@@ -229,7 +228,7 @@ public class GetRulesTests extends RestTest
         STEP("Try to load a rule from a non-existent folder.");
         FolderModel nonExistentFolder = FolderModel.getRandomFolderModel();
         nonExistentFolder.setNodeRef("fake-id");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(nonExistentFolder).usingDefaultRuleSet().getSingleRule("fake-rule-id");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(nonExistentFolder).usingDefaultRuleSet().getSingleRule("fake-rule-id");
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -240,7 +239,7 @@ public class GetRulesTests extends RestTest
         STEP("Create a folder in existing site");
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
         STEP("Try to load rules for a non-existent rule set.");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingRuleSet("fake-id").getSingleRule("fake-rule-id");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingRuleSet("fake-id").getSingleRule("fake-rule-id");
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -251,7 +250,7 @@ public class GetRulesTests extends RestTest
         STEP("Create a folder in existing site");
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
         STEP("Try to load a rule for a wrong but existing folder.");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(createdRuleA.getId());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(createdRuleA.getId());
         restClient.assertStatusCodeIs(NOT_FOUND);
     }
 
@@ -260,7 +259,7 @@ public class GetRulesTests extends RestTest
     public void getSingleRuleWithIncludedFields()
     {
         STEP("Load a particular rule");
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                        .include("isShared")
                                        .getSingleRule(createdRuleA.getId());
 
@@ -276,10 +275,10 @@ public class GetRulesTests extends RestTest
         FolderModel privateFolder = dataContent.usingUser(privateUser).usingSite(privateSite).createFolder();
         RestRuleModel ruleModel = new RestRuleModel();
         ruleModel.setName("Private site rule");
-        restClient.authenticateUser(privateUser).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        restClient.authenticateUser(privateUser).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         STEP("Try to get the rule with another user");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().getListOfRules();
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().getListOfRules();
 
         restClient.assertLastError()
                   .statusCodeIs(FORBIDDEN)
@@ -293,8 +292,8 @@ public class GetRulesTests extends RestTest
         UserModel privateUser = dataUser.createRandomTestUser();
         SiteModel privateSite = dataSite.usingUser(privateUser).createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingUser(privateUser).usingSite(privateSite).createFolder();
-        RestRuleModel ruleModel = createRuleModel("Private site rule");
-        restClient.authenticateUser(privateUser).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("Private site rule");
+        restClient.authenticateUser(privateUser).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         STEP("Create a collaborator in the private site");
         UserModel collaborator = dataUser.createRandomTestUser();
@@ -302,7 +301,7 @@ public class GetRulesTests extends RestTest
         restClient.authenticateUser(privateUser).withCoreAPI().usingSite(privateSite).addPerson(collaborator);
 
         STEP("Check the collaborator can view the rule");
-        RestRuleModelsCollection rules = restClient.authenticateUser(collaborator).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().getListOfRules();
+        RestRuleModelsCollection rules = restClient.authenticateUser(collaborator).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().getListOfRules();
 
         restClient.assertStatusCodeIs(OK);
         rules.assertThat().entriesListContains("name", "Private site rule");
@@ -315,20 +314,22 @@ public class GetRulesTests extends RestTest
     public void getRuleActions()
     {
         STEP("Create a rule with a few actions");
-        FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
-        final RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingDefaultRuleSet()
-                .createSingleRule(createVariousActions());
+        final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
+        final RestRuleModel ruleWithVariousActions = rulesUtils.createRuleWithVariousActions();
+        final UserModel admin = dataUser.getAdminUser();
+        final RestRuleModel rule = restClient.authenticateUser(admin).withPrivateAPI().usingNode(folder).usingDefaultRuleSet()
+                .createSingleRule(ruleWithVariousActions);
 
         STEP("Retrieve the created rule via the GET endpoint");
-        final RestRuleModel getRuleBody = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(rule.getId());
+        final RestRuleModel getRuleBody = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(rule.getId());
 
         STEP("Assert that actions are returned as expected from the GET endpoint");
         restClient.assertStatusCodeIs(OK);
         getRuleBody.assertThat().field(ACTIONS).contains("actionDefinitionId=copy")
-                   .assertThat().field(ACTIONS).contains("destination-folder=dummy-folder-node")
+                   .assertThat().field(ACTIONS).contains("destination-folder=" + rulesUtils.getCopyDestinationFolder().getNodeRef())
                    .assertThat().field(ACTIONS).contains("deep-copy=true")
                    .assertThat().field(ACTIONS).contains("actionDefinitionId=check-out")
-                   .assertThat().field(ACTIONS).contains("destination-folder=fake-folder-node")
+                   .assertThat().field(ACTIONS).contains("destination-folder=" + rulesUtils.getCheckOutDestinationFolder().getNodeRef())
                    .assertThat().field(ACTIONS).contains("assoc-name=cm:checkout");
     }
 
@@ -339,16 +340,16 @@ public class GetRulesTests extends RestTest
     public void getRulesConditions()
     {
         STEP("Create a rule with several conditions");
-        RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        ruleModel.setConditions(createVariousConditions());
+        RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+        ruleModel.setConditions(rulesUtils.createVariousConditions());
 
         FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingDefaultRuleSet()
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
         STEP("Retrieve the created rule via the GET endpoint");
-        final RestRuleModel getRuleBody = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(rule.getId());
+        final RestRuleModel getRuleBody = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().getSingleRule(rule.getId());
 
         STEP("Assert that conditions are retrieved using the GET endpoint");
         restClient.assertStatusCodeIs(OK);

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/ReorderRules.java

@@ -27,7 +27,6 @@ package org.alfresco.rest.rules;
 
 import static java.util.stream.Collectors.toList;
 
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithDefaultValues;
 import static org.alfresco.utility.report.log.Step.STEP;
 import static org.springframework.http.HttpStatus.FORBIDDEN;
 import static org.springframework.http.HttpStatus.OK;
@@ -71,7 +70,7 @@ public class ReorderRules extends RestTest
         List<RestRuleModel> rules = createRulesInFolder(folder, user);
 
         STEP("Get the default rule set for the folder including the ordered rule ids");
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI().usingNode(folder)
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder)
                                              .include("ruleIds").getDefaultRuleSet();
 
         List<String> expectedRuleIds = rules.stream().map(RestRuleModel::getId).collect(toList());
@@ -93,7 +92,7 @@ public class ReorderRules extends RestTest
         List<RestRuleModel> rules = createRulesInFolder(ruleFolder, dataUser.getAdminUser());
 
         STEP("Get the rule set with the ordered list of rules");
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                                              .include("ruleIds").getDefaultRuleSet();
 
         restClient.assertStatusCodeIs(OK);
@@ -114,7 +113,7 @@ public class ReorderRules extends RestTest
         RestRuleSetModel ruleSetBody = new RestRuleSetModel();
         ruleSetBody.setId("-default-");
         ruleSetBody.setRuleIds(reversedRuleIds);
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI().usingNode(folder)
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder)
                                              .include("ruleIds").updateRuleSet(ruleSetBody);
 
         restClient.assertStatusCodeIs(OK);
@@ -130,12 +129,12 @@ public class ReorderRules extends RestTest
         List<RestRuleModel> rules = createRulesInFolder(folder, user);
 
         STEP("Get the rule set with its id.");
-        RestRuleSetModel ruleSetResponse = restClient.authenticateUser(user).withCoreAPI().usingNode(folder)
+        RestRuleSetModel ruleSetResponse = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder)
                                                      .include("ruleIds").getDefaultRuleSet();
 
         STEP("Reverse the order of the rules within the rule set");
         ruleSetResponse.setRuleIds(Lists.reverse(ruleSetResponse.getRuleIds()));
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI().usingNode(folder)
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder)
                                              .include("ruleIds").updateRuleSet(ruleSetResponse);
 
         restClient.assertStatusCodeIs(OK);
@@ -161,7 +160,7 @@ public class ReorderRules extends RestTest
         RestRuleSetModel ruleSetBody = new RestRuleSetModel();
         ruleSetBody.setId("-default-");
         ruleSetBody.setRuleIds(reversedRuleIds);
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                   .include("ruleIds").updateRuleSet(ruleSetBody);
 
         restClient.assertStatusCodeIs(FORBIDDEN);
@@ -185,7 +184,7 @@ public class ReorderRules extends RestTest
         RestRuleSetModel ruleSetBody = new RestRuleSetModel();
         ruleSetBody.setId("-default-");
         ruleSetBody.setRuleIds(reversedRuleIds);
-        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                                              .include("ruleIds").updateRuleSet(ruleSetBody);
 
         restClient.assertStatusCodeIs(OK);
@@ -197,8 +196,8 @@ public class ReorderRules extends RestTest
     {
         return IntStream.range(0, 3).mapToObj(index ->
         {
-            RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-            return restClient.authenticateUser(user).withCoreAPI().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
+            RestRuleModel ruleModel = rulesUtils.createRuleModelWithDefaultValues();
+            return restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).usingDefaultRuleSet().createSingleRule(ruleModel);
         }).collect(toList());
     }
 }

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/RuleSetLinksTests.java

@@ -25,8 +25,6 @@
  */
 package org.alfresco.rest.rules;
 
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModel;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithDefaultValues;
 import static org.alfresco.utility.constants.UserRole.SiteConsumer;
 import static org.alfresco.utility.report.log.Step.STEP;
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
@@ -79,12 +77,12 @@ public class RuleSetLinksTests extends RestTest
         final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Create a rule in the rule folder.");
-        RestRuleModel ruleModel = createRuleModel("ruleName");
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("ruleName");
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
         STEP("Get the rule sets for the folder and find the rule set id");
-        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                 .getListOfRuleSets();
         ruleSets.assertThat().entriesListCountIs(1);
         final String ruleSetId = ruleSets.getEntries().get(0).onModel().getId();
@@ -92,7 +90,7 @@ public class RuleSetLinksTests extends RestTest
         STEP("Link to a rule folder");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(ruleFolder.getNodeRef());
-        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).createRuleLink(request);
+        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).createRuleLink(request);
 
         STEP("Assert link result");
         restClient.assertStatusCodeIs(CREATED);
@@ -101,7 +99,7 @@ public class RuleSetLinksTests extends RestTest
         ruleLink.assertThat().isEqualTo(expectedLink);
 
         STEP("Check if folder returns same rules");
-        final RestRuleModelsCollection linkedRules = restClient.authenticateUser(user).withCoreAPI()
+        final RestRuleModelsCollection linkedRules = restClient.authenticateUser(user).withPrivateAPI()
                 .usingNode(folder)
                 .usingDefaultRuleSet()
                 .getListOfRules();
@@ -109,7 +107,7 @@ public class RuleSetLinksTests extends RestTest
         linkedRules.getEntries().get(0).onModel().assertThat().isEqualTo(rule);
 
         STEP("Check if folder returns rule set with linked inclusionType");
-        final RestRuleSetModelsCollection linkedRuleSets = restClient.authenticateUser(user).withCoreAPI()
+        final RestRuleSetModelsCollection linkedRuleSets = restClient.authenticateUser(user).withPrivateAPI()
                 .usingNode(folder)
                 .include("inclusionType")
                 .getListOfRuleSets();
@@ -132,12 +130,12 @@ public class RuleSetLinksTests extends RestTest
         final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Create a rule in the rule folder.");
-        RestRuleModel ruleModel = createRuleModel("ruleName");
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("ruleName");
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
         STEP("Get the rule sets for the folder and find the rule set id");
-        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                 .getListOfRuleSets();
         ruleSets.assertThat().entriesListCountIs(1);
         final String ruleSetId = ruleSets.getEntries().get(0).onModel().getId();
@@ -145,7 +143,7 @@ public class RuleSetLinksTests extends RestTest
         STEP("Link to a rule set");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(ruleSetId);
-        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).createRuleLink(request);
+        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).createRuleLink(request);
 
         STEP("Assert link result");
         restClient.assertStatusCodeIs(CREATED);
@@ -154,7 +152,7 @@ public class RuleSetLinksTests extends RestTest
         ruleLink.assertThat().isEqualTo(expectedLink);
 
         STEP("Check if folder returns same rules");
-        final RestRuleModelsCollection linkedRules = restClient.authenticateUser(user).withCoreAPI()
+        final RestRuleModelsCollection linkedRules = restClient.authenticateUser(user).withPrivateAPI()
                 .usingNode(folder)
                 .usingDefaultRuleSet()
                 .getListOfRules();
@@ -162,7 +160,7 @@ public class RuleSetLinksTests extends RestTest
         linkedRules.getEntries().get(0).onModel().assertThat().isEqualTo(rule);
 
         STEP("Check if folder returns rule set with linked inclusionType");
-        final RestRuleSetModelsCollection likedRuleSets = restClient.authenticateUser(user).withCoreAPI()
+        final RestRuleSetModelsCollection likedRuleSets = restClient.authenticateUser(user).withPrivateAPI()
                 .usingNode(folder)
                 .include("inclusionType")
                 .getListOfRuleSets();
@@ -186,7 +184,7 @@ public class RuleSetLinksTests extends RestTest
         STEP("Link to non-existing rule set");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId("dummy-rule-set-id");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).createRuleLink(request);
 
         STEP("Assert link result is 404");
         restClient.assertStatusCodeIs(NOT_FOUND);
@@ -205,7 +203,7 @@ public class RuleSetLinksTests extends RestTest
         STEP("Link to a folder without rules");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(folder2.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder1).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder1).createRuleLink(request);
 
         STEP("Assert link result is 400");
         restClient.assertStatusCodeIs(BAD_REQUEST)
@@ -223,17 +221,17 @@ public class RuleSetLinksTests extends RestTest
         final FolderModel folder2 = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Create rules in both folders.");
-        RestRuleModel ruleModel1 = createRuleModel("ruleName1");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder1).usingDefaultRuleSet()
+        RestRuleModel ruleModel1 = rulesUtils.createRuleModel("ruleName1");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder1).usingDefaultRuleSet()
                 .createSingleRule(ruleModel1);
-        RestRuleModel ruleModel2 = createRuleModel("ruleName2");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder2).usingDefaultRuleSet()
+        RestRuleModel ruleModel2 = rulesUtils.createRuleModel("ruleName2");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder2).usingDefaultRuleSet()
                 .createSingleRule(ruleModel2);
 
         STEP("Link from a folder with rules");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(folder2.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder1).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder1).createRuleLink(request);
 
         STEP("Assert link result is 400");
         restClient.assertStatusCodeIs(BAD_REQUEST)
@@ -254,7 +252,7 @@ public class RuleSetLinksTests extends RestTest
         STEP("Link to a file node");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(fileContent.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).createRuleLink(request);
 
         STEP("Assert link result is 400");
         restClient.assertStatusCodeIs(BAD_REQUEST)
@@ -272,12 +270,12 @@ public class RuleSetLinksTests extends RestTest
         final FolderModel childFolder = dataContent.usingUser(user).usingSite(site).usingResource(parentFolder).createFolder();
 
         STEP("Create a rule in the parent folder.");
-        RestRuleModel ruleModel = createRuleModel("ruleName");
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(parentFolder).usingDefaultRuleSet()
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("ruleName");
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(parentFolder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
         STEP("Get the rule sets for the folder and find the rule set id");
-        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(parentFolder)
+        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(parentFolder)
                 .getListOfRuleSets();
         ruleSets.assertThat().entriesListCountIs(1);
         final String ruleSetId = ruleSets.getEntries().get(0).onModel().getId();
@@ -285,7 +283,7 @@ public class RuleSetLinksTests extends RestTest
         STEP("Link to the parent folder");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(parentFolder.getNodeRef());
-        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withCoreAPI().usingNode(childFolder).createRuleLink(request);
+        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withPrivateAPI().usingNode(childFolder).createRuleLink(request);
 
         STEP("Assert link result");
         restClient.assertStatusCodeIs(CREATED);
@@ -294,7 +292,7 @@ public class RuleSetLinksTests extends RestTest
         ruleLink.assertThat().isEqualTo(expectedLink);
 
         STEP("Check if child folder returns same rules");
-        final RestRuleModelsCollection linkedRules = restClient.authenticateUser(user).withCoreAPI()
+        final RestRuleModelsCollection linkedRules = restClient.authenticateUser(user).withPrivateAPI()
                 .usingNode(childFolder)
                 .usingDefaultRuleSet()
                 .getListOfRules();
@@ -302,7 +300,7 @@ public class RuleSetLinksTests extends RestTest
         linkedRules.getEntries().get(0).onModel().assertThat().isEqualTo(rule);
 
         STEP("Check if child folder returns rule set with linked inclusionType");
-        final RestRuleSetModelsCollection linkedRuleSets = restClient.authenticateUser(user).withCoreAPI()
+        final RestRuleSetModelsCollection linkedRuleSets = restClient.authenticateUser(user).withPrivateAPI()
                 .usingNode(childFolder)
                 .include("inclusionType")
                 .getListOfRuleSets();
@@ -323,14 +321,14 @@ public class RuleSetLinksTests extends RestTest
         STEP("Use admin to create a private site with a folder containing a rule.");
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
-        restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet()
-                  .createSingleRule(createRuleModelWithDefaultValues());
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet()
+                  .createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
 
         STEP("Use a normal user to try to link to the rule.");
         FolderModel publicFolder = dataContent.usingUser(user).usingSite(site).createFolder();
         RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(privateFolder.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(publicFolder).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(publicFolder).createRuleLink(request);
 
         restClient.assertStatusCodeIs(FORBIDDEN);
     }
@@ -344,8 +342,8 @@ public class RuleSetLinksTests extends RestTest
         STEP("Use admin to create a private site with a folder containing a rule.");
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
-        restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet()
-                  .createSingleRule(createRuleModelWithDefaultValues());
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet()
+                  .createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
 
         STEP("Add the normal user as a consumer.");
         dataUser.usingAdmin().addUserToSite(user, privateSite, SiteConsumer);
@@ -354,7 +352,7 @@ public class RuleSetLinksTests extends RestTest
         FolderModel publicFolder = dataContent.usingUser(user).usingSite(site).createFolder();
         RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(privateFolder.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(publicFolder).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(publicFolder).createRuleLink(request);
 
         restClient.assertStatusCodeIs(CREATED);
     }
@@ -372,12 +370,12 @@ public class RuleSetLinksTests extends RestTest
         final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Create a rule in the rule folder.");
-        RestRuleModel ruleModel = createRuleModel("ruleName");
-        RestRuleModel rule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel ruleModel = rulesUtils.createRuleModel("ruleName");
+        RestRuleModel rule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
 
         STEP("Get the rule sets for the folder and find the rule set id");
-        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        final RestRuleSetModelsCollection ruleSets = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                 .getListOfRuleSets();
         ruleSets.assertThat().entriesListCountIs(1);
         final String ruleSetId = ruleSets.getEntries().get(0).onModel().getId();
@@ -385,23 +383,23 @@ public class RuleSetLinksTests extends RestTest
         STEP("Link to a rule folder");
         final RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(ruleFolder.getNodeRef());
-        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withCoreAPI().usingNode(folder).createRuleLink(request);
+        final RestRuleSetLinkModel ruleLink = restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).createRuleLink(request);
 
         STEP("Unlink the rule set");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).unlinkRuleSet(ruleSetId);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).unlinkRuleSet(ruleSetId);
 
         STEP("Assert unlink result");
         restClient.assertStatusCodeIs(NO_CONTENT);
 
         STEP("GET the rule set and isLinkedTo field.");
-        RestRuleSetModel ruleSet =  restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder)
+        RestRuleSetModel ruleSet =  restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder)
                 .include("isLinkedTo", "linkedToBy", "owningFolder")
                 .getDefaultRuleSet();
 
         STEP("Assert linkedTo is false.");
         restClient.assertStatusCodeIs(OK);
         ruleSet.assertThat().field("isLinkedTo").is(false)
-                .assertThat().field("linkedToBy").isEmpty();;
+                .assertThat().field("linkedToBy").isEmpty();
     }
 
     /**
@@ -416,7 +414,7 @@ public class RuleSetLinksTests extends RestTest
         final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Attempt to unlink the rule set");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).unlinkRuleSet(folder.getNodeRef());
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).unlinkRuleSet(folder.getNodeRef());
 
         STEP("Assert unlink result");
         restClient.assertStatusCodeIs(BAD_REQUEST)
@@ -436,11 +434,11 @@ public class RuleSetLinksTests extends RestTest
         final FolderModel folder = dataContent.usingUser(user).usingSite(site).createFolder();
 
         STEP("Attempt to unlink the rule set");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(folder).unlinkRuleSet("non-existent-id");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(folder).unlinkRuleSet("non-existent-id");
 
         STEP("Assert unlink result");
         restClient.assertStatusCodeIs(NOT_FOUND)
-                .assertLastError().containsSummary("The entity with id:");
+                .assertLastError().containsSummary("Rule set with id non-existent-id was not found");
     }
 
     /**
@@ -452,8 +450,8 @@ public class RuleSetLinksTests extends RestTest
         STEP("Use admin to create a private site with a folder containing a rule.");
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
-        restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet()
-                  .createSingleRule(createRuleModelWithDefaultValues());
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet()
+                  .createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
 
         STEP("Add the user as a consumer.");
         dataUser.usingAdmin().addUserToSite(user, privateSite, SiteConsumer);
@@ -462,14 +460,14 @@ public class RuleSetLinksTests extends RestTest
         FolderModel publicFolder = dataContent.usingUser(user).usingSite(site).createFolder();
         RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(privateFolder.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(publicFolder).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(publicFolder).createRuleLink(request);
         restClient.assertStatusCodeIs(CREATED);
 
         STEP("Remove the user from the private site.");
         dataUser.usingAdmin().removeUserFromSite(user, privateSite);
 
         STEP("Use the user to try to unlink from the rule set.");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(publicFolder).unlinkRuleSet("-default-");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(publicFolder).unlinkRuleSet("-default-");
 
         restClient.assertStatusCodeIs(FORBIDDEN);
     }
@@ -483,8 +481,8 @@ public class RuleSetLinksTests extends RestTest
         STEP("Use admin to create a private site with a folder containing a rule.");
         SiteModel privateSite = dataSite.usingAdmin().createPrivateRandomSite();
         FolderModel privateFolder = dataContent.usingAdmin().usingSite(privateSite).createFolder();
-        restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet()
-                  .createSingleRule(createRuleModelWithDefaultValues());
+        restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet()
+                  .createSingleRule(rulesUtils.createRuleModelWithDefaultValues());
 
         STEP("Add the user as a consumer.");
         dataUser.usingAdmin().addUserToSite(user, privateSite, SiteConsumer);
@@ -493,11 +491,11 @@ public class RuleSetLinksTests extends RestTest
         FolderModel publicFolder = dataContent.usingUser(user).usingSite(site).createFolder();
         RestRuleSetLinkModel request = new RestRuleSetLinkModel();
         request.setId(privateFolder.getNodeRef());
-        restClient.authenticateUser(user).withCoreAPI().usingNode(publicFolder).createRuleLink(request);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(publicFolder).createRuleLink(request);
         restClient.assertStatusCodeIs(CREATED);
 
         STEP("Use the consumer to try to unlink from the rule set.");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(publicFolder).unlinkRuleSet("-default-");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(publicFolder).unlinkRuleSet("-default-");
 
         restClient.assertStatusCodeIs(NO_CONTENT);
     }

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/RulesTestsUtils.java

@@ -34,13 +34,27 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 
+import org.alfresco.rest.core.RestWrapper;
 import org.alfresco.rest.model.RestActionBodyExecTemplateModel;
+import org.alfresco.rest.model.RestActionConstraintDataModel;
+import org.alfresco.rest.model.RestActionConstraintModel;
+import org.alfresco.rest.model.RestActionDefinitionModel;
 import org.alfresco.rest.model.RestCompositeConditionDefinitionModel;
 import org.alfresco.rest.model.RestNodeModel;
+import org.alfresco.rest.model.RestParameterDefinitionModel;
 import org.alfresco.rest.model.RestRuleExecutionModel;
 import org.alfresco.rest.model.RestRuleModel;
 import org.alfresco.rest.model.RestSimpleConditionDefinitionModel;
+import org.alfresco.utility.data.DataContent;
+import org.alfresco.utility.data.DataSite;
+import org.alfresco.utility.data.DataUserAIS;
+import org.alfresco.utility.model.FolderModel;
+import org.alfresco.utility.model.SiteModel;
+import org.alfresco.utility.model.UserModel;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
+@Service
 public class RulesTestsUtils
 {
     static final String RULE_NAME_DEFAULT = "ruleName";
@@ -49,7 +63,7 @@ public class RulesTestsUtils
     static final boolean RULE_CASCADE_DEFAULT = true;
     static final boolean RULE_ASYNC_DEFAULT = true;
     static final boolean RULE_SHARED_DEFAULT = false;
-    static final String RULE_ERROR_SCRIPT_DEFAULT = "error-script";
+    static final String RULE_ERROR_SCRIPT_LABEL = "Start Pooled Review and Approve Workflow";
     static final String INBOUND = "inbound";
     static final String UPDATE = "update";
     static final String OUTBOUND = "outbound";
@@ -60,8 +74,116 @@ public class RulesTestsUtils
     static final String IS_SHARED = "isShared";
     static final String AUDIO_ASPECT = "audio:audio";
     static final String LOCKABLE_ASPECT = "cm:lockable";
+    static final String TEMPLATE_PARAM = "template";
+    static final String RULE_SCRIPT_PARAM_ID = "script-ref";
+    static final String CHECKIN_ACTION = "check-in";
+    static final String LINK_CATEGORY_ACTION = "link-category";
+    static final String DELETE_RENDITION_ACTION = "delete-rendition";
+    static final String COPY_ACTION = "copy";
+    static final String ADD_FEATURES_ACTION = "add-features";
+    static final String MOVE_ACTION = "move";
+    static final String SCRIPT_ACTION = "script";
 
-    public static RestRuleModel createRuleModelWithModifiedValues()
+    @Autowired
+    private RestWrapper restClient;
+    @Autowired
+    private DataUserAIS dataUser;
+    @Autowired
+    private DataSite dataSite;
+    @Autowired
+    private DataContent dataContent;
+
+    /** Public site used by these helper methods. This is populated by the getter and should not be accessed directly. */
+    private SiteModel publicSite;
+    /** Script node used by these helper methods. This is populated by the getter and should not be accessed directly. */
+    private String reviewAndApproveWorkflowNode;
+    /** Destination folder for copy action used by these helper methods. This is populated by the getter and should not be accessed directly. */
+    private FolderModel copyDestinationFolder;
+    /** Destination folder for check out action used by these helper methods. This is populated by the getter and should not be accessed directly. */
+    private FolderModel checkOutDestinationFolder;
+
+    /**
+     * Get the constraint value for a given action parameter label.
+     *
+     * @param user The user to use to obtain the information.
+     * @param actionId The id of the action definition.
+     * @param paramId The id of the parameter for the action.
+     * @param constraintLabel The label of the desired value of the parameter.
+     * @return The value to use for the parameter.
+     */
+    public String findConstraintValue(UserModel user, String actionId, String paramId, String constraintLabel)
+    {
+        RestActionConstraintModel constraintDef = getConstraintsForActionParam(user, actionId, paramId);
+        RestActionConstraintDataModel constraintDataModel = constraintDef.getConstraintValues().stream().filter(constraintValue -> constraintValue.getLabel().equals(constraintLabel)).findFirst().get();
+        return constraintDataModel.getValue();
+    }
+
+    /**
+     * Get all constraint values for a given action parameter.
+     *
+     * @param user The user to use to obtain the information.
+     * @param actionId The id of the action definition.
+     * @param paramId The id of the parameter for the action.
+     * @return The value to use for the parameter.
+     */
+    public RestActionConstraintModel getConstraintsForActionParam(UserModel user, String actionId, String paramId)
+    {
+        RestActionDefinitionModel actionDef = restClient.authenticateUser(user).withCoreAPI().usingActions().getActionDefinitionById(actionId);
+        RestParameterDefinitionModel paramDef = actionDef.getParameterDefinitions().stream().filter(param -> param.getName().equals(paramId)).findFirst().get();
+        if (paramDef.getParameterConstraintName() == null)
+        {
+            throw new IllegalArgumentException("Supplied parameter " + paramId + " for action " + actionId + " does not have a defined constraint.");
+        }
+        String constraintName = paramDef.getParameterConstraintName();
+        return restClient.authenticateUser(user).withCoreAPI().usingActions().getActionConstraintByName(constraintName);
+    }
+
+    /**
+     * Get the review and approve workflow node (throwing an exception if this utility class has not been initialised).
+     *
+     * @return The node ref of the script node.
+     */
+    public String getReviewAndApproveWorkflowNode()
+    {
+        if (reviewAndApproveWorkflowNode == null)
+        {
+            UserModel admin = dataUser.getAdminUser();
+            reviewAndApproveWorkflowNode = findConstraintValue(admin, SCRIPT_ACTION, RULE_SCRIPT_PARAM_ID, RULE_ERROR_SCRIPT_LABEL);
+        }
+        return reviewAndApproveWorkflowNode;
+    }
+
+    public SiteModel getPublicSite()
+    {
+        if (publicSite == null)
+        {
+            UserModel admin = dataUser.getAdminUser();
+            publicSite = dataSite.usingUser(admin).createPublicRandomSite();
+        }
+        return publicSite;
+    }
+
+    public FolderModel getCopyDestinationFolder()
+    {
+        if (copyDestinationFolder == null)
+        {
+            UserModel admin = dataUser.getAdminUser();
+            copyDestinationFolder = dataContent.usingUser(admin).usingSite(getPublicSite()).createFolder();
+        }
+        return copyDestinationFolder;
+    }
+
+    public FolderModel getCheckOutDestinationFolder()
+    {
+        if (checkOutDestinationFolder == null)
+        {
+            UserModel admin = dataUser.getAdminUser();
+            checkOutDestinationFolder = dataContent.usingUser(admin).usingSite(getPublicSite()).createFolder();
+        }
+        return checkOutDestinationFolder;
+    }
+
+    public RestRuleModel createRuleModelWithModifiedValues()
     {
         return createRuleModelWithModifiedValues(List.of(createAddAudioAspectAction()));
     }
@@ -72,7 +194,7 @@ public class RulesTestsUtils
      * @param actions - rule's actions.
      * @return The created rule model.
      */
-    public static RestRuleModel createRuleModelWithModifiedValues(List<RestActionBodyExecTemplateModel> actions)
+    public RestRuleModel createRuleModelWithModifiedValues(List<RestActionBodyExecTemplateModel> actions)
     {
         RestRuleModel ruleModel = createRuleModel(RULE_NAME_DEFAULT, actions);
         ruleModel.setDescription(RULE_DESCRIPTION_DEFAULT);
@@ -81,17 +203,17 @@ public class RulesTestsUtils
         ruleModel.setIsAsynchronous(RULE_ASYNC_DEFAULT);
         ruleModel.setIsShared(RULE_SHARED_DEFAULT);
         ruleModel.setTriggers(RULE_TRIGGERS_DEFAULT);
-        ruleModel.setErrorScript(RULE_ERROR_SCRIPT_DEFAULT);
+        ruleModel.setErrorScript(getReviewAndApproveWorkflowNode());
 
         return ruleModel;
     }
 
-    public static RestRuleModel createRuleModelWithDefaultValues()
+    public RestRuleModel createRuleModelWithDefaultValues()
     {
         return createRuleModel(RULE_NAME_DEFAULT);
     }
 
-    public static RestRuleModel createRuleModel(String name)
+    public RestRuleModel createRuleModel(String name)
     {
         return createRuleModel(name, List.of(createAddAudioAspectAction()));
     }
@@ -103,7 +225,7 @@ public class RulesTestsUtils
      * @param actions Rule's actions.
      * @return The created rule model.
      */
-    public static RestRuleModel createRuleModel(String name, List<RestActionBodyExecTemplateModel> actions)
+    public RestRuleModel createRuleModel(String name, List<RestActionBodyExecTemplateModel> actions)
     {
         RestRuleModel ruleModel = new RestRuleModel();
         ruleModel.setIsEnabled(true);
@@ -117,17 +239,17 @@ public class RulesTestsUtils
      *
      * @return The created action model.
      */
-    public static RestActionBodyExecTemplateModel createAddAudioAspectAction()
+    public RestActionBodyExecTemplateModel createAddAudioAspectAction()
     {
         return createAddAspectAction(AUDIO_ASPECT);
     }
 
-    public static RestActionBodyExecTemplateModel createAddAspectAction(String aspect)
+    public RestActionBodyExecTemplateModel createAddAspectAction(String aspect)
     {
-        return createCustomActionModel("add-features", Map.of("aspect-name", aspect));
+        return createCustomActionModel(ADD_FEATURES_ACTION, Map.of("aspect-name", aspect));
     }
 
-    public static RestActionBodyExecTemplateModel createCustomActionModel(String actionDefinitionId, Map<String, Serializable> params)
+    public RestActionBodyExecTemplateModel createCustomActionModel(String actionDefinitionId, Map<String, Serializable> params)
     {
         RestActionBodyExecTemplateModel restActionModel = new RestActionBodyExecTemplateModel();
         restActionModel.setActionDefinitionId(actionDefinitionId);
@@ -135,7 +257,7 @@ public class RulesTestsUtils
         return restActionModel;
     }
 
-    public static RestCompositeConditionDefinitionModel createEmptyConditionModel()
+    public RestCompositeConditionDefinitionModel createEmptyConditionModel()
     {
         RestCompositeConditionDefinitionModel conditions = new RestCompositeConditionDefinitionModel();
         conditions.setInverted(!INVERTED);
@@ -143,7 +265,7 @@ public class RulesTestsUtils
         return conditions;
     }
 
-    public static RestCompositeConditionDefinitionModel createVariousConditions()
+    public RestCompositeConditionDefinitionModel createVariousConditions()
     {
         return createCompositeCondition(List.of(
             createCompositeCondition(!INVERTED, List.of(
@@ -162,26 +284,24 @@ public class RulesTestsUtils
         ));
     }
 
-    public static RestRuleModel createVariousActions()
+    public RestRuleModel createRuleWithVariousActions()
     {
         final Map<String, Serializable> copyParams =
-                Map.of("destination-folder", "dummy-folder-node", "deep-copy", true);
-        final RestActionBodyExecTemplateModel copyAction = createCustomActionModel("copy", copyParams);
+                Map.of("destination-folder", getCopyDestinationFolder().getNodeRef(), "deep-copy", true);
+        final RestActionBodyExecTemplateModel copyAction = createCustomActionModel(COPY_ACTION, copyParams);
         final Map<String, Serializable> checkOutParams =
-                Map.of("destination-folder", "fake-folder-node", "assoc-name", "cm:checkout", "assoc-type",
-                        "cm:contains");
+                Map.of("destination-folder", getCheckOutDestinationFolder().getNodeRef(), "assoc-name", "cm:checkout",
+                        "assoc-type", "cm:contains");
         final RestActionBodyExecTemplateModel checkOutAction = createCustomActionModel("check-out", checkOutParams);
-        final Map<String, Serializable> scriptParams = Map.of("script-ref", "dummy-script-node-id");
-        final RestActionBodyExecTemplateModel scriptAction = createCustomActionModel("script", scriptParams);
         // The counter action takes no parameters, so check we can omit the "params" entry.
         final RestActionBodyExecTemplateModel counterAction = createCustomActionModel("counter", null);
         final RestRuleModel ruleModel = createRuleModelWithDefaultValues();
-        ruleModel.setActions(Arrays.asList(copyAction, checkOutAction, scriptAction, counterAction));
+        ruleModel.setActions(Arrays.asList(copyAction, checkOutAction, counterAction));
 
         return ruleModel;
     }
 
-    public static RestRuleModel createRuleWithPrivateAction()
+    public RestRuleModel createRuleWithPrivateAction()
     {
         RestActionBodyExecTemplateModel mailAction = new RestActionBodyExecTemplateModel();
         mailAction.setActionDefinitionId(MAIL_ACTION);
@@ -191,7 +311,7 @@ public class RulesTestsUtils
         return ruleModel;
     }
 
-    public static RestSimpleConditionDefinitionModel createSimpleCondition(String field, String comparator, String parameter)
+    public RestSimpleConditionDefinitionModel createSimpleCondition(String field, String comparator, String parameter)
     {
         RestSimpleConditionDefinitionModel simpleCondition = new RestSimpleConditionDefinitionModel();
         simpleCondition.setField(field);
@@ -200,23 +320,23 @@ public class RulesTestsUtils
         return simpleCondition;
     }
 
-    public static RestCompositeConditionDefinitionModel createCompositeCondition(List<RestCompositeConditionDefinitionModel> compositeConditions)
+    public RestCompositeConditionDefinitionModel createCompositeCondition(List<RestCompositeConditionDefinitionModel> compositeConditions)
     {
         return createCompositeCondition(AND, !INVERTED, compositeConditions, null);
     }
 
-    public static RestCompositeConditionDefinitionModel createCompositeCondition(boolean inverted,
+    public RestCompositeConditionDefinitionModel createCompositeCondition(boolean inverted,
         List<RestSimpleConditionDefinitionModel> simpleConditions)
     {
         return createCompositeCondition(AND, inverted, null, simpleConditions);
     }
 
-    public static RestRuleExecutionModel createRuleExecutionRequest()
+    public RestRuleExecutionModel createRuleExecutionRequest()
     {
         return createRuleExecutionRequest(false);
     }
 
-    public static RestRuleExecutionModel createRuleExecutionRequest(boolean eachSubFolderIncluded)
+    public RestRuleExecutionModel createRuleExecutionRequest(boolean eachSubFolderIncluded)
     {
         RestRuleExecutionModel ruleExecutionBody = new RestRuleExecutionModel();
         ruleExecutionBody.setIsEachSubFolderIncluded(eachSubFolderIncluded);
@@ -224,7 +344,7 @@ public class RulesTestsUtils
         return ruleExecutionBody;
     }
 
-    private static RestCompositeConditionDefinitionModel createCompositeCondition(String booleanMode, boolean inverted,
+    private RestCompositeConditionDefinitionModel createCompositeCondition(String booleanMode, boolean inverted,
         List<RestCompositeConditionDefinitionModel> compositeConditions, List<RestSimpleConditionDefinitionModel> simpleConditions)
     {
         RestCompositeConditionDefinitionModel compositeCondition = new RestCompositeConditionDefinitionModel();
@@ -236,12 +356,12 @@ public class RulesTestsUtils
         return compositeCondition;
     }
 
-    public static NodeAssertion assertThat(RestNodeModel node)
+    public NodeAssertion assertThat(RestNodeModel node)
     {
         return new NodeAssertion(node);
     }
 
-    public static class NodeAssertion
+    public class NodeAssertion
     {
         private final RestNodeModel node;
 

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/SetInheritanceTests.java

@@ -68,8 +68,8 @@ public class SetInheritanceTests extends RestTest
 
         STEP("Get the -isInheritanceEnabled- rule settings for the folder.");
         RestRuleSettingsModel ruleSettingsModel = restClient.authenticateUser(siteOwner)
-                                                            .withCoreAPI()
-                                                            .usingResource(folder)
+                                                            .withPrivateAPI()
+                                                            .usingNode(folder)
                                                             .usingIsInheritanceEnabledRuleSetting()
                                                             .retrieveSetting();
 
@@ -88,13 +88,13 @@ public class SetInheritanceTests extends RestTest
         FolderModel nonExistentFolder = FolderModel.getRandomFolderModel();
         nonExistentFolder.setNodeRef("fake-id");
         restClient.authenticateUser(siteOwner)
-                  .withCoreAPI()
-                  .usingResource(nonExistentFolder)
+                  .withPrivateAPI()
+                  .usingNode(nonExistentFolder)
                   .usingIsInheritanceEnabledRuleSetting()
                   .retrieveSetting();
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND)
-                  .containsSummary("The entity with id: fake-id was not found");
+                  .containsSummary("Folder with id fake-id was not found");
     }
 
     /** Check we get an error when trying to retrieve a non-existent setting. */
@@ -105,7 +105,7 @@ public class SetInheritanceTests extends RestTest
         FolderModel folder = dataContent.usingUser(siteOwner).usingSite(site).createFolder();
 
         STEP("Try to get a fake setting from the folder.");
-        restClient.authenticateUser(siteOwner).withCoreAPI().usingResource(folder).usingRuleSetting("-fakeRuleSetting-")
+        restClient.authenticateUser(siteOwner).withPrivateAPI().usingNode(folder).usingRuleSetting("-fakeRuleSetting-")
                   .retrieveSetting();
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND)
@@ -122,8 +122,8 @@ public class SetInheritanceTests extends RestTest
 
         STEP("Try to get the -isInheritanceEnabled- setting without permission.");
         restClient.authenticateUser(noPermissionUser)
-                  .withCoreAPI()
-                  .usingResource(folder)
+                  .withPrivateAPI()
+                  .usingNode(folder)
                   .usingIsInheritanceEnabledRuleSetting()
                   .retrieveSetting();
 
@@ -143,8 +143,8 @@ public class SetInheritanceTests extends RestTest
         updateBody.setValue(false);
 
         RestRuleSettingsModel ruleSettingsModel = restClient.authenticateUser(siteOwner)
-                                              .withCoreAPI()
-                                              .usingResource(folder)
+                                              .withPrivateAPI()
+                                              .usingNode(folder)
                                               .usingIsInheritanceEnabledRuleSetting()
                                               .updateSetting(updateBody);
 
@@ -166,7 +166,7 @@ public class SetInheritanceTests extends RestTest
         RestRuleSettingsModel updateBody = new RestRuleSettingsModel();
         updateBody.setValue("banana");
 
-        restClient.authenticateUser(siteOwner).withCoreAPI().usingResource(folder).usingIsInheritanceEnabledRuleSetting()
+        restClient.authenticateUser(siteOwner).withPrivateAPI().usingNode(folder).usingIsInheritanceEnabledRuleSetting()
                   .updateSetting(updateBody);
 
         restClient.assertLastError().statusCodeIs(BAD_REQUEST)
@@ -184,11 +184,11 @@ public class SetInheritanceTests extends RestTest
         RestRuleSettingsModel updateBody = new RestRuleSettingsModel();
         updateBody.setValue(true);
 
-        restClient.authenticateUser(siteOwner).withCoreAPI().usingResource(nonExistentFolder).usingIsInheritanceEnabledRuleSetting()
+        restClient.authenticateUser(siteOwner).withPrivateAPI().usingNode(nonExistentFolder).usingIsInheritanceEnabledRuleSetting()
                   .updateSetting(updateBody);
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND)
-                  .containsSummary("The entity with id: fake-id was not found");
+                  .containsSummary("Folder with id fake-id was not found");
     }
 
     /** Check we get an error when trying to set a non-existent setting. */
@@ -202,7 +202,7 @@ public class SetInheritanceTests extends RestTest
         RestRuleSettingsModel updateBody = new RestRuleSettingsModel();
         updateBody.setValue(true);
 
-        restClient.authenticateUser(siteOwner).withCoreAPI().usingResource(folder).usingRuleSetting("-fakeRuleSetting-")
+        restClient.authenticateUser(siteOwner).withPrivateAPI().usingNode(folder).usingRuleSetting("-fakeRuleSetting-")
                   .updateSetting(updateBody);
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND)
@@ -223,7 +223,7 @@ public class SetInheritanceTests extends RestTest
         RestRuleSettingsModel updateBody = new RestRuleSettingsModel();
         updateBody.setValue(true);
 
-        restClient.authenticateUser(collaborator).withCoreAPI().usingResource(folder).usingIsInheritanceEnabledRuleSetting()
+        restClient.authenticateUser(collaborator).withPrivateAPI().usingNode(folder).usingIsInheritanceEnabledRuleSetting()
                   .updateSetting(updateBody);
 
         restClient.assertLastError().statusCodeIs(FORBIDDEN)

packaging/tests/tas-restapi/src/test/java/org/alfresco/rest/rules/UpdateRulesTests.java

@@ -26,6 +26,8 @@
 package org.alfresco.rest.rules;
 
 import static org.alfresco.rest.actions.access.AccessRestrictionUtil.ERROR_MESSAGE_ACCESS_RESTRICTED;
+import static org.alfresco.rest.rules.RulesTestsUtils.ADD_FEATURES_ACTION;
+import static org.alfresco.rest.rules.RulesTestsUtils.COPY_ACTION;
 import static org.alfresco.rest.rules.RulesTestsUtils.ID;
 import static org.alfresco.rest.rules.RulesTestsUtils.INBOUND;
 import static org.alfresco.rest.rules.RulesTestsUtils.INVERTED;
@@ -33,19 +35,10 @@ import static org.alfresco.rest.rules.RulesTestsUtils.IS_SHARED;
 import static org.alfresco.rest.rules.RulesTestsUtils.RULE_ASYNC_DEFAULT;
 import static org.alfresco.rest.rules.RulesTestsUtils.RULE_CASCADE_DEFAULT;
 import static org.alfresco.rest.rules.RulesTestsUtils.RULE_ENABLED_DEFAULT;
-import static org.alfresco.rest.rules.RulesTestsUtils.createCompositeCondition;
-import static org.alfresco.rest.rules.RulesTestsUtils.createCustomActionModel;
-import static org.alfresco.rest.rules.RulesTestsUtils.createAddAudioAspectAction;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModel;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleModelWithModifiedValues;
-import static org.alfresco.rest.rules.RulesTestsUtils.createRuleWithPrivateAction;
-import static org.alfresco.rest.rules.RulesTestsUtils.createSimpleCondition;
-import static org.alfresco.rest.rules.RulesTestsUtils.createVariousConditions;
 import static org.alfresco.utility.constants.UserRole.SiteCollaborator;
 import static org.alfresco.utility.report.log.Step.STEP;
 import static org.springframework.http.HttpStatus.BAD_REQUEST;
 import static org.springframework.http.HttpStatus.FORBIDDEN;
-import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
 import static org.springframework.http.HttpStatus.OK;
 
@@ -96,8 +89,8 @@ public class UpdateRulesTests extends RestTest
         RestRuleModel rule = createAndSaveRule("Rule name");
 
         STEP("Try to update the rule.");
-        RestRuleModel updatedRuleModel = createRuleModel("Updated rule name");
-        RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel updatedRuleModel = rulesUtils.createRuleModel("Updated rule name");
+        RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                        .updateRule(rule.getId(), updatedRuleModel);
 
         restClient.assertStatusCodeIs(OK);
@@ -118,11 +111,11 @@ public class UpdateRulesTests extends RestTest
 
         RestRuleModel updatedRuleModel = new RestRuleModel();
         updatedRuleModel.setName("Updated rule name");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(nonExistentFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(nonExistentFolder).usingDefaultRuleSet()
                   .updateRule(rule.getId(), updatedRuleModel);
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND)
-                                    .containsSummary("fake-id was not found");
+                                    .containsSummary("Folder with id fake-id was not found");
     }
 
     /** Check we get a 404 if trying to update a rule in a rule set that doesn't exist. */
@@ -134,11 +127,11 @@ public class UpdateRulesTests extends RestTest
         STEP("Try to update a rule in a non-existent rule set.");
         RestRuleModel updatedRuleModel = new RestRuleModel();
         updatedRuleModel.setName("Updated rule name");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingRuleSet("fake-id")
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingRuleSet("fake-id")
                   .updateRule(rule.getId(), updatedRuleModel);
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND)
-                  .containsSummary("fake-id was not found");
+                  .containsSummary("Rule set with id fake-id was not found");
     }
 
     /** Check we get a 404 if trying to update a rule that doesn't exist. */
@@ -148,7 +141,7 @@ public class UpdateRulesTests extends RestTest
         STEP("Try to update a rule that doesn't exist.");
         RestRuleModel updatedRuleModel = new RestRuleModel();
         updatedRuleModel.setName("Updated rule name");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                   .updateRule("fake-id", updatedRuleModel);
 
         restClient.assertLastError().statusCodeIs(NOT_FOUND)
@@ -169,7 +162,7 @@ public class UpdateRulesTests extends RestTest
         dataUser.addUserToSite(collaborator, privateSite, SiteCollaborator);
         RestRuleModel ruleModel = new RestRuleModel();
         ruleModel.setName("ruleName");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(privateFolder).usingDefaultRuleSet().createSingleRule(ruleModel);
 
         restClient.assertStatusCodeIs(FORBIDDEN);
         restClient.assertLastError().containsSummary("Insufficient permissions to manage rules");
@@ -182,8 +175,8 @@ public class UpdateRulesTests extends RestTest
         RestRuleModel rule = createAndSaveRule("Rule name");
 
         STEP("Try to update the rule to have no name.");
-        RestRuleModel updatedRuleModel = createRuleModel("");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet().updateRule(rule.getId(), updatedRuleModel);
+        RestRuleModel updatedRuleModel = rulesUtils.createRuleModel("");
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet().updateRule(rule.getId(), updatedRuleModel);
 
         restClient.assertLastError().statusCodeIs(BAD_REQUEST)
                                     .containsSummary("Rule name is a mandatory parameter");
@@ -196,9 +189,9 @@ public class UpdateRulesTests extends RestTest
         RestRuleModel rule = createAndSaveRule("Rule name");
 
         STEP("Try to update the rule id and check it isn't changed.");
-        RestRuleModel updatedRuleModel = createRuleModel("Rule name");
+        RestRuleModel updatedRuleModel = rulesUtils.createRuleModel("Rule name");
         updatedRuleModel.setId("new-rule-id");
-        RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                               .updateRule(rule.getId(), updatedRuleModel);
 
         updatedRule.assertThat().field(ID).is(rule.getId());
@@ -211,8 +204,8 @@ public class UpdateRulesTests extends RestTest
         RestRuleModel rule = createAndSaveRule("Rule name");
 
         STEP("Try to update the rule.");
-        RestRuleModel updatedRuleModel = createRuleModel("Updated rule name");
-        RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel updatedRuleModel = rulesUtils.createRuleModel("Updated rule name");
+        RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                               .include(IS_SHARED)
                                               .updateRule(rule.getId(), updatedRuleModel);
 
@@ -229,7 +222,7 @@ public class UpdateRulesTests extends RestTest
 
         STEP("Try to update the rule - set no actions.");
         rule.setActions(null);
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .include(IS_SHARED)
                 .updateRule(rule.getId(), rule);
 
@@ -251,12 +244,12 @@ public class UpdateRulesTests extends RestTest
         invalidAction.setActionDefinitionId(actionDefinitionId);
         invalidAction.setParams(Map.of("dummy-key", "dummy-value"));
         rule.setActions(List.of(invalidAction));
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .include(IS_SHARED)
                 .updateRule(rule.getId(), rule);
 
-        restClient.assertStatusCodeIs(NOT_FOUND);
-        restClient.assertLastError().containsSummary(actionDefinitionId);
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary(String.format("Invalid rule action definition requested %s", actionDefinitionId));
     }
 
     /** Check we can use the POST response to create the new rule. */
@@ -266,19 +259,19 @@ public class UpdateRulesTests extends RestTest
         FolderModel destination = dataContent.usingUser(user).usingSite(site).createFolder();
 
         RestActionBodyExecTemplateModel copyAction = new RestActionBodyExecTemplateModel();
-        copyAction.setActionDefinitionId("copy");
+        copyAction.setActionDefinitionId(COPY_ACTION);
         copyAction.setParams(ImmutableMap.of("destination-folder", destination.getNodeRef()));
         RestRuleModel rule = createAndSaveRule("Rule name", List.of(copyAction));
 
         STEP("Try to update the rule.");
         rule.setName("Updated rule name");
-        RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                               .include(IS_SHARED)
                                               .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
         updatedRule.assertThat().field("name").is("Updated rule name")
-                   .assertThat().field("actions.actionDefinitionId").is(List.of("copy"))
+                   .assertThat().field("actions.actionDefinitionId").is(List.of(COPY_ACTION))
                    .assertThat().field("actions.params").is(List.of(ImmutableMap.of("destination-folder", destination.getNodeRef())));
     }
 
@@ -286,7 +279,7 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleFields()
     {
-        final RestRuleModel rule = createAndSaveRule(createRuleModelWithModifiedValues());
+        final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues());
 
         STEP("Try to update the rule fields.");
         rule.setName("Updated rule name");
@@ -296,9 +289,8 @@ public class UpdateRulesTests extends RestTest
         rule.setIsEnabled(!RULE_ENABLED_DEFAULT);
         rule.setIsInheritable(!RULE_CASCADE_DEFAULT);
         rule.setIsAsynchronous(!RULE_ASYNC_DEFAULT);
-        final String updatedErrorScript = "updated-error-script";
-        rule.setErrorScript(updatedErrorScript);
-        final RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        rule.setErrorScript(null);
+        final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
@@ -310,12 +302,12 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleAddConditions()
     {
-        final RestRuleModel rule = createAndSaveRule(createRuleModelWithModifiedValues());
+        final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues());
 
         STEP("Try to update the rule and add conditions.");
-        rule.setConditions(createVariousConditions());
+        rule.setConditions(rulesUtils.createVariousConditions());
 
-        final RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
@@ -327,12 +319,12 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleAddNullConditions()
     {
-        final RestRuleModel rule = createAndSaveRule(createRuleModelWithModifiedValues());
+        final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues());
 
         STEP("Try to update the rule and add null conditions.");
         rule.setConditions(null);
 
-        final RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
@@ -344,16 +336,16 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleModifyConditions()
     {
-        final RestRuleModel ruleModelWithInitialValues = createRuleModelWithModifiedValues();
-        ruleModelWithInitialValues.setConditions(createVariousConditions());
+        final RestRuleModel ruleModelWithInitialValues = rulesUtils.createRuleModelWithModifiedValues();
+        ruleModelWithInitialValues.setConditions(rulesUtils.createVariousConditions());
         final RestRuleModel rule = createAndSaveRule(ruleModelWithInitialValues);
 
         STEP("Try to update the rule and modify conditions.");
-        final RestCompositeConditionDefinitionModel compositeCondition = createCompositeCondition(
-                List.of(createCompositeCondition(false, List.of(createSimpleCondition("tag", "equals", "sample_tag")))));
+        final RestCompositeConditionDefinitionModel compositeCondition = rulesUtils.createCompositeCondition(
+                List.of(rulesUtils.createCompositeCondition(false, List.of(rulesUtils.createSimpleCondition("tag", "equals", "sample_tag")))));
         rule.setConditions(compositeCondition);
 
-        final RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
@@ -365,14 +357,14 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleRemoveAllConditions()
     {
-        final RestRuleModel ruleModelWithInitialValues = createRuleModelWithModifiedValues();
-        ruleModelWithInitialValues.setConditions(createVariousConditions());
+        final RestRuleModel ruleModelWithInitialValues = rulesUtils.createRuleModelWithModifiedValues();
+        ruleModelWithInitialValues.setConditions(rulesUtils.createVariousConditions());
         final RestRuleModel rule = createAndSaveRule(ruleModelWithInitialValues);
 
         STEP("Try to update the rule and remove all conditions.");
         rule.setConditions(null);
 
-        final RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
@@ -384,16 +376,16 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleWithInvalidCategoryInConditionAndFail()
     {
-        final RestRuleModel ruleModelWithInitialValues = createRuleModelWithModifiedValues();
-        ruleModelWithInitialValues.setConditions(createVariousConditions());
+        final RestRuleModel ruleModelWithInitialValues = rulesUtils.createRuleModelWithModifiedValues();
+        ruleModelWithInitialValues.setConditions(rulesUtils.createVariousConditions());
         final RestRuleModel rule = createAndSaveRule(ruleModelWithInitialValues);
 
         STEP("Try to update the rule with invalid condition.");
-        final RestCompositeConditionDefinitionModel conditions = createCompositeCondition(
-                List.of(createCompositeCondition(!INVERTED, List.of(createSimpleCondition("category", "equals", "fake-category-id")))));
+        final RestCompositeConditionDefinitionModel conditions = rulesUtils.createCompositeCondition(
+                List.of(rulesUtils.createCompositeCondition(!INVERTED, List.of(rulesUtils.createSimpleCondition("category", "equals", "fake-category-id")))));
         rule.setConditions(conditions);
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
@@ -404,16 +396,16 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleWithConditionWithoutComparatorAndFail()
     {
-        final RestRuleModel ruleModelWithInitialValues = createRuleModelWithModifiedValues();
-        ruleModelWithInitialValues.setConditions(createVariousConditions());
+        final RestRuleModel ruleModelWithInitialValues = rulesUtils.createRuleModelWithModifiedValues();
+        ruleModelWithInitialValues.setConditions(rulesUtils.createVariousConditions());
         final RestRuleModel rule = createAndSaveRule(ruleModelWithInitialValues);
 
         STEP("Try to update the rule with invalid condition (null comparator when required non-null).");
-        final RestCompositeConditionDefinitionModel conditions = createCompositeCondition(
-                List.of(createCompositeCondition(!INVERTED, List.of(createSimpleCondition("size", null, "65500")))));
+        final RestCompositeConditionDefinitionModel conditions = rulesUtils.createCompositeCondition(
+                List.of(rulesUtils.createCompositeCondition(!INVERTED, List.of(rulesUtils.createSimpleCondition("size", null, "65500")))));
         rule.setConditions(conditions);
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
@@ -424,16 +416,16 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleWithConditionWithoutFieldAndFail()
     {
-        final RestRuleModel ruleModelWithInitialValues = createRuleModelWithModifiedValues();
-        ruleModelWithInitialValues.setConditions(createVariousConditions());
+        final RestRuleModel ruleModelWithInitialValues = rulesUtils.createRuleModelWithModifiedValues();
+        ruleModelWithInitialValues.setConditions(rulesUtils.createVariousConditions());
         final RestRuleModel rule = createAndSaveRule(ruleModelWithInitialValues);
 
         STEP("Try to update the rule with invalid condition (null field).");
-        final RestCompositeConditionDefinitionModel conditions = createCompositeCondition(
-                List.of(createCompositeCondition(!INVERTED, List.of(createSimpleCondition(null, "greater_than", "65500")))));
+        final RestCompositeConditionDefinitionModel conditions = rulesUtils.createCompositeCondition(
+                List.of(rulesUtils.createCompositeCondition(!INVERTED, List.of(rulesUtils.createSimpleCondition(null, "greater_than", "65500")))));
         rule.setConditions(conditions);
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
@@ -444,16 +436,16 @@ public class UpdateRulesTests extends RestTest
     @Test (groups = { TestGroup.REST_API, TestGroup.RULES, TestGroup.SANITY })
     public void updateRuleWithConditionWithoutParamValueAndFail()
     {
-        final RestRuleModel ruleModelWithInitialValues = createRuleModelWithModifiedValues();
-        ruleModelWithInitialValues.setConditions(createVariousConditions());
+        final RestRuleModel ruleModelWithInitialValues = rulesUtils.createRuleModelWithModifiedValues();
+        ruleModelWithInitialValues.setConditions(rulesUtils.createVariousConditions());
         final RestRuleModel rule = createAndSaveRule(ruleModelWithInitialValues);
 
         STEP("Try to update the rule with invalid condition (null parameter).");
-        final RestCompositeConditionDefinitionModel conditions = createCompositeCondition(
-                List.of(createCompositeCondition(!INVERTED, List.of(createSimpleCondition("size", "greater_than", "")))));
+        final RestCompositeConditionDefinitionModel conditions = rulesUtils.createCompositeCondition(
+                List.of(rulesUtils.createCompositeCondition(!INVERTED, List.of(rulesUtils.createSimpleCondition("size", "greater_than", "")))));
         rule.setConditions(conditions);
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
@@ -466,17 +458,15 @@ public class UpdateRulesTests extends RestTest
     @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void updateRuleAddActions()
     {
-        final RestRuleModel rule = createAndSaveRule(createRuleModelWithModifiedValues());
+        final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues());
 
         STEP("Try to update the rule by adding several actions");
-        final Map<String, Serializable> copyParams =
-                Map.of("destination-folder", "dummy-folder-node", "deep-copy", true);
-        final RestActionBodyExecTemplateModel copyAction = createCustomActionModel("copy", copyParams);
-        final Map<String, Serializable> scriptParams = Map.of("script-ref", "dummy-script-node-id");
-        final RestActionBodyExecTemplateModel scriptAction = createCustomActionModel("script", scriptParams);
-        rule.setActions(Arrays.asList(copyAction, scriptAction));
+        final RestActionBodyExecTemplateModel counterAction = rulesUtils.createCustomActionModel("counter", null);
+        final Map<String, Serializable> addAspectParams = Map.of("aspect-name", "cm:taggable");
+        final RestActionBodyExecTemplateModel addAspectAction = rulesUtils.createCustomActionModel(ADD_FEATURES_ACTION, addAspectParams);
+        rule.setActions(Arrays.asList(counterAction, addAspectAction));
 
-        final RestRuleModel updatedRule = restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        final RestRuleModel updatedRule = restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
@@ -490,17 +480,17 @@ public class UpdateRulesTests extends RestTest
     @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void updateRuleAddCheckoutActionForOutboundShouldFail()
     {
-        final RestRuleModel rule = createAndSaveRule(createRuleModelWithModifiedValues());
+        final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues());
 
         STEP("Try to update the rule by adding checkout action");
         final Map<String, Serializable> checkOutParams =
-                Map.of("destination-folder", "dummy-folder-node", "assoc-name", "cm:checkout", "assoc-type",
-                        "cm:contains");
-        final RestActionBodyExecTemplateModel checkOutAction = createCustomActionModel("check-out", checkOutParams);
-        final Map<String, Serializable> scriptParams = Map.of("script-ref", "dummy-script-node-id");
+                Map.of("destination-folder", rulesUtils.getCheckOutDestinationFolder().getNodeRef(), "assoc-name", "cm:checkout",
+                        "assoc-type", "cm:contains");
+        final RestActionBodyExecTemplateModel checkOutAction = rulesUtils.createCustomActionModel("check-out", checkOutParams);
         rule.setActions(List.of(checkOutAction));
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        final UserModel admin = dataUser.getAdminUser();
+        restClient.authenticateUser(admin).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(BAD_REQUEST);
@@ -514,19 +504,23 @@ public class UpdateRulesTests extends RestTest
     @Test(groups = {TestGroup.REST_API, TestGroup.RULES})
     public void updateRuleAddActionWithInvalidParamShouldFail()
     {
-        final RestRuleModel rule = createAndSaveRule(createRuleModelWithModifiedValues());
+        final RestRuleModel rule = createAndSaveRule(rulesUtils.createRuleModelWithModifiedValues());
 
         STEP("Try to update the rule by adding action with invalid parameter (non-existing namespace in value)");
         final RestActionBodyExecTemplateModel action = new RestActionBodyExecTemplateModel();
-        action.setActionDefinitionId("add-features");
-        action.setParams(Map.of("aspect-name", "dummy:dummy"));
+        action.setActionDefinitionId(ADD_FEATURES_ACTION);
+        final String aspectNameParam = "aspect-name";
+        final String paramValue = "dummy:dummy";
+        action.setParams(Map.of(aspectNameParam, paramValue));
         rule.setActions(List.of(action));
 
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .updateRule(rule.getId(), rule);
 
-        restClient.assertStatusCodeIs(INTERNAL_SERVER_ERROR);
-        restClient.assertLastError().containsSummary("Namespace prefix dummy is not mapped to a namespace URI");
+        restClient.assertStatusCodeIs(BAD_REQUEST);
+        restClient.assertLastError().containsSummary(
+                String.format("Action parameter: %s has invalid value (%s). Look up possible values for constraint name %s",
+                        aspectNameParam, paramValue, "ac-aspects"));
     }
 
     /** Check that a normal user cannot create rules that use private actions. */
@@ -534,12 +528,12 @@ public class UpdateRulesTests extends RestTest
     public void updateRuleWithActions_userCannotUsePrivateAction()
     {
         STEP("Using admin create a rule with a private action.");
-        RestRuleModel rule = restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
-                                       .createSingleRule(createRuleWithPrivateAction());
+        RestRuleModel rule = restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                                       .createSingleRule(rulesUtils.createRuleWithPrivateAction());
 
         STEP("Try to update the rule with a normal user.");
         rule.setName("Updated name");
-        restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                   .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(FORBIDDEN)
@@ -551,12 +545,12 @@ public class UpdateRulesTests extends RestTest
     public void updateRuleWithActions_adminCanUsePrivateAction()
     {
         STEP("Using admin create a rule with a private action.");
-        RestRuleModel rule = restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
-                                       .createSingleRule(createRuleWithPrivateAction());
+        RestRuleModel rule = restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+                                       .createSingleRule(rulesUtils.createRuleWithPrivateAction());
 
         STEP("Try to update the rule with the admin user.");
         rule.setName("Updated name");
-        RestRuleModel updatedRule = restClient.authenticateUser(dataUser.getAdminUser()).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel updatedRule = restClient.authenticateUser(dataUser.getAdminUser()).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                                               .updateRule(rule.getId(), rule);
 
         restClient.assertStatusCodeIs(OK);
@@ -565,7 +559,7 @@ public class UpdateRulesTests extends RestTest
 
     private RestRuleModel createAndSaveRule(String name)
     {
-        return createAndSaveRule(name, List.of(createAddAudioAspectAction()));
+        return createAndSaveRule(name, List.of(rulesUtils.createAddAudioAspectAction()));
     }
 
     /**
@@ -578,8 +572,8 @@ public class UpdateRulesTests extends RestTest
     private RestRuleModel createAndSaveRule(String name, List<RestActionBodyExecTemplateModel> restActionModels)
     {
         STEP("Create a rule called " + name + ", containing actions: " + restActionModels);
-        RestRuleModel ruleModel = createRuleModel(name, restActionModels);
-        return restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        RestRuleModel ruleModel = rulesUtils.createRuleModel(name, restActionModels);
+        return restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
             .createSingleRule(ruleModel);
     }
 
@@ -592,7 +586,7 @@ public class UpdateRulesTests extends RestTest
     private RestRuleModel createAndSaveRule(final RestRuleModel ruleModel)
     {
         STEP("Create a rule: " + ruleModel);
-        return restClient.authenticateUser(user).withCoreAPI().usingNode(ruleFolder).usingDefaultRuleSet()
+        return restClient.authenticateUser(user).withPrivateAPI().usingNode(ruleFolder).usingDefaultRuleSet()
                 .createSingleRule(ruleModel);
     }
 }

packaging/tests/tas-restapi/src/test/resources/shared-resources/testdata/simpleEmailTemplate.ftl

@@ -0,0 +1,6 @@
+<html>
+<head></head>
+<body>
+Hello ${args.name}!
+</body>
+</html>

packaging/tests/tas-webdav/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-tests</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <developers>

packaging/war/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo-packaging</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <properties>

packaging/war/src/main/resources/alfresco/web-client-security-config.xml

@@ -139,6 +139,33 @@
                <param name="cookie">{token}</param>
             </action>
          </rule>
+         <rule>
+            <request>
+               <method>GET</method>
+               <path>/s/index|/s/</path>
+            </request>
+            <action name="generateToken">
+               <param name="session">{token}</param>
+               <param name="cookie">{token}</param>
+            </action>
+         </rule>
+         <rule>
+            <request>
+               <method>POST</method>
+               <path>/s/index|/s/</path>
+            </request>
+            <action name="assertToken">
+               <param name="session">{token}</param>
+               <param name="parameter">{token}</param>
+            </action>
+            <action name="assertReferer">
+               <param name="referer">{referer}</param>
+            </action>
+            <action name="assertOrigin">
+               <param name="origin">{origin}</param>
+            </action>
+         </rule>
+
 
          <!--
             Verify multipart requests contain the token as a parameter

packaging/war/src/main/webapp/WEB-INF/web.xml

@@ -231,6 +231,12 @@
       <url-pattern>/wcs/admin/*</url-pattern>
    </filter-mapping>
 
+   <filter-mapping>
+      <filter-name>CSRF Token Filter</filter-name>
+      <url-pattern>/s/index</url-pattern>
+      <url-pattern>/s/</url-pattern>
+   </filter-mapping>
+
    <filter-mapping>
       <filter-name>Security Headers Filter</filter-name>
       <url-pattern>/*</url-pattern>

packaging/war/src/main/webapp/index.jsp

@@ -71,7 +71,7 @@ ModuleDetails shareServicesModule = moduleService.getModule("alfresco-share-serv
          </div>
 
          <div class="index-list">
-            <h4><%=descriptorService.getServerDescriptor().getEdition()%>&nbsp;-&nbsp;<%=descriptorService.getServerDescriptor().getVersion()%></h4>
+            <h4><%=descriptorService.getServerDescriptor().getEdition()%></h4>
             <p></p>
             <p><a href="http://docs.alfresco.com/">Online Documentation</a></p>
             <p></p>

pom.xml

@@ -2,7 +2,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
     <artifactId>alfresco-community-repo</artifactId>
-    <version>17.155</version>
+    <version>18.8</version>
     <packaging>pom</packaging>
     <name>Alfresco Community Repo Parent</name>
 
@@ -25,7 +25,7 @@
     <properties>
         <acs.version.major>7</acs.version.major>
         <acs.version.minor>3</acs.version.minor>
-        <acs.version.revision>0</acs.version.revision>
+        <acs.version.revision>1</acs.version.revision>
         <acs.version.label />
         <amp.min.version>${acs.version.major}.0.0</amp.min.version>
 
@@ -51,18 +51,17 @@
         <dependency.alfresco-log-sanitizer.version>0.2</dependency.alfresco-log-sanitizer.version>
         <dependency.activiti-engine.version>5.23.0</dependency.activiti-engine.version>
         <dependency.activiti.version>5.23.0</dependency.activiti.version>
-        <dependency.alfresco-transform-service.version>2.0.0-A3</dependency.alfresco-transform-service.version>
-        <dependency.alfresco-transform-core.version>3.0.0-A3</dependency.alfresco-transform-core.version>
+        <dependency.alfresco-transform-service.version>2.0.0</dependency.alfresco-transform-service.version>
+        <dependency.alfresco-transform-core.version>3.0.0</dependency.alfresco-transform-core.version>
         <dependency.alfresco-greenmail.version>6.4</dependency.alfresco-greenmail.version>
         <dependency.acs-event-model.version>0.0.16</dependency.acs-event-model.version>
 
         <dependency.spring.version>5.3.23</dependency.spring.version>
         <dependency.antlr.version>3.5.3</dependency.antlr.version>
-        <dependency.jackson.version>2.13.3</dependency.jackson.version>
-        <dependency.jackson-databind.version>2.13.3</dependency.jackson-databind.version>
+        <dependency.jackson.version>2.14.0-rc1</dependency.jackson.version>
         <dependency.cxf.version>3.5.3</dependency.cxf.version>
         <dependency.opencmis.version>1.0.0</dependency.opencmis.version>
-        <dependency.webscripts.version>8.32</dependency.webscripts.version>
+        <dependency.webscripts.version>8.33</dependency.webscripts.version>
         <dependency.bouncycastle.version>1.70</dependency.bouncycastle.version>
         <dependency.mockito-core.version>4.6.1</dependency.mockito-core.version>
         <dependency.assertj.version>3.23.1</dependency.assertj.version>
@@ -81,7 +80,7 @@
         <dependency.spring-security.version>5.7.3</dependency.spring-security.version>
         <dependency.truezip.version>7.7.10</dependency.truezip.version>
         <dependency.poi.version>5.2.2</dependency.poi.version>
-        <dependency.ooxml-schemas.version>1.4</dependency.ooxml-schemas.version>
+        <dependency.poi-ooxml-lite.version>5.2.3</dependency.poi-ooxml-lite.version>
         <dependency.keycloak.version>18.0.0</dependency.keycloak.version>
         <dependency.jboss.logging.version>3.5.0.Final</dependency.jboss.logging.version>
         <dependency.camel.version>3.18.2</dependency.camel.version> <!-- when bumping this version, please keep track/sync with included netty.io dependencies -->
@@ -110,9 +109,9 @@
         <dependency.jakarta-json-path.version>2.7.0</dependency.jakarta-json-path.version>
         <dependency.jakarta-rpc-api.version>1.1.4</dependency.jakarta-rpc-api.version>
 
-        <alfresco.googledrive.version>3.2.3-A3</alfresco.googledrive.version>
-        <alfresco.aos-module.version>1.4.1</alfresco.aos-module.version> 
-        <alfresco.api-explorer.version>7.3.0-A1</alfresco.api-explorer.version> <!-- Also in alfresco-enterprise-share -->
+        <alfresco.googledrive.version>3.3.0</alfresco.googledrive.version>
+        <alfresco.aos-module.version>1.5.0</alfresco.aos-module.version>
+        <alfresco.api-explorer.version>7.3.0</alfresco.api-explorer.version> <!-- Also in alfresco-enterprise-share -->
 
         <alfresco.maven-plugin.version>2.2.0</alfresco.maven-plugin.version>
         <license-maven-plugin.version>2.0.1.alfresco-2</license-maven-plugin.version>
@@ -123,7 +122,7 @@
         <dependency.mariadb.version>2.7.4</dependency.mariadb.version>
         <dependency.tas-utility.version>3.0.56</dependency.tas-utility.version>
         <dependency.rest-assured.version>5.2.0</dependency.rest-assured.version>
-        <dependency.tas-restapi.version>1.133</dependency.tas-restapi.version>
+        <dependency.tas-restapi.version>1.135</dependency.tas-restapi.version>
         <dependency.tas-email.version>1.9</dependency.tas-email.version>
         <dependency.tas-webdav.version>1.7</dependency.tas-webdav.version>
         <dependency.tas-ftp.version>1.7</dependency.tas-ftp.version>
@@ -150,7 +149,7 @@
         <connection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</connection>
         <developerConnection>scm:git:https://github.com/Alfresco/alfresco-community-repo.git</developerConnection>
         <url>https://github.com/Alfresco/alfresco-community-repo</url>
-        <tag>17.155</tag>
+        <tag>18.8</tag>
     </scm>
 
     <distributionManagement>
@@ -503,7 +502,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-databind</artifactId>
-                <version>${dependency.jackson-databind.version}</version>
+                <version>${dependency.jackson.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.datatype</groupId>

remote-api/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <dependencies>

remote-api/src/main/java/org/alfresco/repo/webdav/WebDAVServlet.java

@@ -121,6 +121,13 @@ public class WebDAVServlet extends HttpServlet
             startTime = System.currentTimeMillis();
         }
 
+        if (request.getMethod().equals(WebDAV.METHOD_POST) && !initParams.allowInsecurePOSTMethod())
+        {
+            logger.error("POST method is not allowed!");
+            response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+            return;
+        }
+
         FileFilterMode.setClient(Client.webdav);
 
         try
@@ -407,6 +414,7 @@ public class WebDAVServlet extends HttpServlet
         private String storeName;
         private String rootPath;
         private String urlPathPrefix;
+        private boolean allowInsecurePOSTMethod = false;
         
         public boolean getEnabled()
         {
@@ -482,5 +490,15 @@ public class WebDAVServlet extends HttpServlet
         {
             this.urlPathPrefix = urlPathPrefix;
         }
+
+        public boolean allowInsecurePOSTMethod()
+        {
+            return allowInsecurePOSTMethod;
+        }
+
+        public void setAllowInsecurePOSTMethod(boolean allowInsecurePOSTMethod)
+        {
+            this.allowInsecurePOSTMethod = allowInsecurePOSTMethod;
+        }
     }
 }

remote-api/src/main/java/org/alfresco/rest/api/Actions.java

@@ -27,6 +27,8 @@
 package org.alfresco.rest.api;
 
 
+import java.util.List;
+
 import org.alfresco.rest.api.model.Action;
 import org.alfresco.rest.api.model.ActionDefinition;
 import org.alfresco.rest.api.model.ActionParameterConstraint;
@@ -53,4 +55,6 @@ public interface Actions
 
     @Experimental
     ActionParameterConstraint getActionConstraint(String constraintName);
+    @Experimental
+    ActionDefinition getRuleActionDefinitionById(String actionDefinitionId);
 }

remote-api/src/main/java/org/alfresco/rest/api/actions/ActionConstraintsEntityResource.java

@@ -0,0 +1,59 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2017 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco.rest.api.actions;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.alfresco.rest.api.Actions;
+import org.alfresco.rest.api.model.ActionParameterConstraint;
+import org.alfresco.rest.framework.WebApiDescription;
+import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
+import org.alfresco.rest.framework.resource.EntityResource;
+import org.alfresco.rest.framework.resource.actions.interfaces.EntityResourceAction;
+import org.alfresco.rest.framework.resource.parameters.Parameters;
+import org.alfresco.service.Experimental;
+
+@EntityResource(name="action-constraints", title = "Action parameter constraints")
+@Experimental
+public class ActionConstraintsEntityResource implements EntityResourceAction.ReadById<ActionParameterConstraint>
+{
+    private final Actions actions;
+
+    public ActionConstraintsEntityResource(Actions actions)
+    {
+        this.actions = actions;
+    }
+
+    @WebApiDescription(title = "Get single action parameters constraint",
+            description = "Retrieves a single action parameters constraint by constraint name",
+            successStatus = HttpServletResponse.SC_OK)
+    @Experimental
+    @Override
+    public ActionParameterConstraint readById(String constraintName, Parameters parameters) throws EntityNotFoundException
+    {
+        return actions.getActionConstraint(constraintName);
+    }
+}

remote-api/src/main/java/org/alfresco/rest/api/actions/ActionValidator.java

@@ -0,0 +1,60 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.api.actions;
+
+import java.util.List;
+
+import org.alfresco.rest.api.model.rules.Action;
+import org.alfresco.service.Experimental;
+
+@Experimental
+public interface ActionValidator
+{
+
+    String ALL_ACTIONS = "all";
+
+    /**
+     * Provides validation logic for given action.
+     */
+    void validate(Action action);
+
+    /**
+     * Returns priority of validator (applied to bulk validation in @see {@link org.alfresco.rest.api.impl.mapper.rules.RestRuleActionModelMapper})
+     * The lower number, the higher priority is set for the validator.
+     * @return priority expressed as int
+     */
+    int getPriority();
+
+    /**
+     * By default validator is applied to all actions
+     *
+     * @return indicator for all defined action definition ids
+     */
+    default List<String> getActionDefinitionIds() {
+        return List.of(ALL_ACTIONS);
+    }
+}

remote-api/src/main/java/org/alfresco/rest/api/impl/ActionsImpl.java

@@ -145,21 +145,7 @@ public class ActionsImpl implements Actions
     private ActionDefinition getActionDefinition(
             org.alfresco.service.cmr.action.ActionDefinition actionDefinitionId)
     {
-        List<ActionDefinition.ParameterDefinition> paramDefs =
-                actionDefinitionId.
-                        getParameterDefinitions().
-                        stream().
-                        map(this::toModel).
-                        collect(Collectors.toList());
-        return new ActionDefinition(
-                actionDefinitionId.getName(), // ID is a synonym for name.
-                actionDefinitionId.getName(),
-                actionDefinitionId.getTitle(),
-                actionDefinitionId.getDescription(),
-                toShortQNames(actionDefinitionId.getApplicableTypes()),
-                actionDefinitionId.getAdhocPropertiesAllowed(),
-                actionDefinitionId.getTrackStatus(),
-                paramDefs);
+        return mapFromServiceModel(actionDefinitionId);
     }
 
     @Override
@@ -215,23 +201,7 @@ public class ActionsImpl implements Actions
 
         List<ActionDefinition> sortedPage = actionDefinitions.
                 stream().
-                map(actionDefinition -> {
-                    List<ActionDefinition.ParameterDefinition> paramDefs =
-                            actionDefinition.
-                                    getParameterDefinitions().
-                                    stream().
-                                    map(this::toModel).
-                                    collect(Collectors.toList());
-                    return new ActionDefinition(
-                            actionDefinition.getName(), // ID is a synonym for name.
-                            actionDefinition.getName(),
-                            actionDefinition.getTitle(),
-                            actionDefinition.getDescription(),
-                            toShortQNames(actionDefinition.getApplicableTypes()),
-                            actionDefinition.getAdhocPropertiesAllowed(),
-                            actionDefinition.getTrackStatus(),
-                            paramDefs);
-                }).
+                map(this::mapFromServiceModel).
                 sorted(comparator).
                 skip(skip).
                 limit(maxItems).
@@ -246,6 +216,40 @@ public class ActionsImpl implements Actions
                 actionDefinitions.size());
     }
 
+    @Override
+    @Experimental
+    public ActionDefinition getRuleActionDefinitionById(String actionDefinitionId)
+    {
+        if (actionDefinitionId == null)
+        {
+            throw new InvalidArgumentException("actionDefinitionId is null");
+        }
+        return actionService.getActionDefinitions().stream()
+                .filter(a -> actionDefinitionId.equals(a.getName()))
+                .map(this::mapFromServiceModel)
+                .findFirst()
+                .orElseThrow(() -> new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[] {actionDefinitionId}));
+    }
+
+    private ActionDefinition mapFromServiceModel(org.alfresco.service.cmr.action.ActionDefinition actionDefinition)
+    {
+        List<ActionDefinition.ParameterDefinition> paramDefs =
+                actionDefinition.
+                        getParameterDefinitions().
+                        stream().
+                        map(this::toModel).
+                        collect(Collectors.toList());
+        return new ActionDefinition(
+                actionDefinition.getName(), // ID is a synonym for name.
+                actionDefinition.getName(),
+                actionDefinition.getTitle(),
+                actionDefinition.getDescription(),
+                toShortQNames(actionDefinition.getApplicableTypes()),
+                actionDefinition.getAdhocPropertiesAllowed(),
+                actionDefinition.getTrackStatus(),
+                paramDefs);
+    }
+
     @Override
     public Action executeAction(Action action, Parameters parameters)
     {
@@ -359,13 +363,13 @@ public class ActionsImpl implements Actions
                         Map.Entry::getValue));
     }
 
-    private Map<String, Serializable> extractActionParams(org.alfresco.service.cmr.action.ActionDefinition actionDefinition, Map<String, String> params)
+    private Map<String, Serializable> extractActionParams(org.alfresco.service.cmr.action.ActionDefinition actionDefinition, Map<String, ?> params)
     {
         Map<String, Serializable> parameterValues = new HashMap<>();
 
         try
         {
-            for (Map.Entry<String, String> entry : params.entrySet())
+            for (Map.Entry<String, ?> entry : params.entrySet())
             {
                 String propertyName = entry.getKey();
                 Object propertyValue = entry.getValue();
@@ -453,7 +457,7 @@ public class ActionsImpl implements Actions
                 map(this::toShortQName).
                 collect(Collectors.toList());
     }
-
+    
     private String toShortQName(QName type)
     {
         return type.toPrefixString(prefixResolver);

remote-api/src/main/java/org/alfresco/rest/api/impl/AuditImpl.java

@@ -295,7 +295,18 @@ public class AuditImpl implements Audit
         }
         else
         {
-            totalItems = hasMoreItems ? getAuditEntriesCountByApp(auditApplication) : totalRetrievedItems;
+            if (hasMoreItems) {
+                if (q != null) {
+                    // filtering via "where" clause
+                    AuditEntryQueryWalker propertyWalker = new AuditEntryQueryWalker();
+                    QueryHelper.walk(q, propertyWalker);
+                    totalItems = getAuditEntriesCountByAppAndProperties(auditApplication, propertyWalker);
+                } else {
+                    totalItems = getAuditEntriesCountByApp(auditApplication);
+                }
+            } else {
+                totalItems = totalRetrievedItems;
+            }
         }
 
         entriesAudit = (skipCount >= totalRetrievedItems)
@@ -895,4 +906,19 @@ public class AuditImpl implements Audit
         final String applicationName = auditApplication.getKey().substring(1);
         return auditService.getAuditEntriesCountByApp(applicationName);
     }
+
+    public int getAuditEntriesCountByAppAndProperties(AuditService.AuditApplication auditApplication, AuditEntryQueryWalker propertyWalker)
+    {
+        final String applicationName = auditApplication.getKey().substring(1);
+
+        AuditQueryParameters parameters = new AuditQueryParameters();
+        parameters.setApplicationName(applicationName);
+        parameters.setFromTime(propertyWalker.getFromTime());
+        parameters.setToTime(propertyWalker.getToTime());
+        parameters.setFromId(propertyWalker.getFromId());
+        parameters.setToId(propertyWalker.getToId());
+        parameters.setUser(propertyWalker.getCreatedByUser());
+
+        return auditService.getAuditEntriesCountByAppAndProperties(applicationName, parameters);
+    }
 }

remote-api/src/main/java/org/alfresco/rest/api/impl/NodesImpl.java

@@ -400,12 +400,10 @@ public class NodesImpl implements Nodes
     @Override
     public NodeRef validateNode(StoreRef storeRef, String nodeId)
     {
-        String versionLabel = null;
-
         int idx = nodeId.indexOf(";");
         if (idx != -1)
         {
-            versionLabel = nodeId.substring(idx + 1);
+            String versionLabel = nodeId.substring(idx + 1);
             nodeId = nodeId.substring(0, idx);
             if (versionLabel.equals("pwc"))
             {
@@ -1753,7 +1751,7 @@ public class NodesImpl implements Nodes
         // default false (if not provided)
         boolean permanentDelete = Boolean.valueOf(parameters.getParameter(PARAM_PERMANENT));
 
-        if (permanentDelete == true)
+        if (permanentDelete)
         {
             boolean isAdmin = authorityService.hasAdminAuthority();
             if (! isAdmin)

remote-api/src/main/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapper.java

@@ -29,15 +29,19 @@ package org.alfresco.rest.api.impl.mapper.rules;
 import static java.util.Collections.emptyMap;
 
 import static org.alfresco.repo.action.access.ActionAccessRestriction.ACTION_CONTEXT_PARAM_NAME;
+import static org.alfresco.rest.api.actions.ActionValidator.ALL_ACTIONS;
 
 import java.io.Serializable;
 import java.util.Collection;
+import java.util.HashMap;
+import java.util.Comparator;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.stream.Collectors;
 
 import org.alfresco.repo.action.ActionImpl;
 import org.alfresco.repo.action.CompositeActionImpl;
+import org.alfresco.rest.api.actions.ActionValidator;
 import org.alfresco.rest.api.impl.rules.ActionParameterConverter;
 import org.alfresco.rest.api.model.mapper.RestModelMapper;
 import org.alfresco.rest.api.model.rules.Action;
@@ -49,10 +53,13 @@ import org.apache.commons.collections.CollectionUtils;
 public class RestRuleActionModelMapper implements RestModelMapper<Action, org.alfresco.service.cmr.action.Action>
 {
     private final ActionParameterConverter parameterConverter;
+    private final List<ActionValidator> actionValidators;
 
-    public RestRuleActionModelMapper(ActionParameterConverter parameterConverter)
+    public RestRuleActionModelMapper(ActionParameterConverter parameterConverter,
+                                     List<ActionValidator> actionValidators)
     {
         this.parameterConverter = parameterConverter;
+        this.actionValidators = actionValidators;
     }
 
     /**
@@ -75,7 +82,7 @@ public class RestRuleActionModelMapper implements RestModelMapper<Action, org.al
             final Map<String, Serializable> convertedParams = actionModel.getParameterValues()
                     .entrySet()
                     .stream()
-                    .collect(Collectors.toMap(Map.Entry::getKey, e -> parameterConverter.convertParamFromServiceModel(e.getValue())));
+                    .collect(HashMap::new, (m, v) -> m.put(v.getKey(), parameterConverter.convertParamFromServiceModel(v.getValue())), HashMap::putAll);
             convertedParams.remove(ACTION_CONTEXT_PARAM_NAME);
             builder.params(convertedParams);
         }
@@ -104,8 +111,16 @@ public class RestRuleActionModelMapper implements RestModelMapper<Action, org.al
     private org.alfresco.service.cmr.action.Action toServiceAction(Action action)
     {
         final Map<String, Serializable> params = Optional.ofNullable(action.getParams()).orElse(emptyMap());
+        validateAction(action);
         final Map<String, Serializable> convertedParams =
                 parameterConverter.getConvertedParams(params, action.getActionDefinitionId());
         return new ActionImpl(null, GUID.generate(), action.getActionDefinitionId(), convertedParams);
     }
+    private void validateAction(Action action) {
+        actionValidators.stream()
+                .filter(v -> (v.getActionDefinitionIds().contains(action.getActionDefinitionId()) ||
+                        v.getActionDefinitionIds().equals(List.of(ALL_ACTIONS))))
+                .sorted(Comparator.comparing(ActionValidator::getPriority))
+                .forEachOrdered(v -> v.validate(action));
+    }
 }

remote-api/src/main/java/org/alfresco/rest/api/impl/rules/ActionParameterConverter.java

@@ -26,12 +26,18 @@
 
 package org.alfresco.rest.api.impl.rules;
 
+import static org.alfresco.rest.framework.core.exceptions.NotFoundException.DEFAULT_MESSAGE_ID;
+import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
+
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 
+import org.alfresco.rest.api.Nodes;
+import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
 import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
 import org.alfresco.rest.framework.core.exceptions.NotFoundException;
 import org.alfresco.service.Experimental;
@@ -42,10 +48,11 @@ import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
 import org.alfresco.service.cmr.dictionary.DictionaryException;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
+import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
+import org.apache.logging.log4j.util.Strings;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
@@ -53,16 +60,22 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 @Experimental
 public class ActionParameterConverter
 {
+    static final String ACTION_PARAMETER_SHOULD_NOT_HAVE_EMPTY_OR_NULL_VALUE =
+            "Action parameter should not have empty or null value";
     private final DictionaryService dictionaryService;
     private final ActionService actionService;
     private final NamespaceService namespaceService;
+    private final PermissionService permissionService;
+    private final Nodes nodes;
 
-    public ActionParameterConverter(DictionaryService dictionaryService, ActionService actionService,
-                                    NamespaceService namespaceService)
+    public ActionParameterConverter(DictionaryService dictionaryService, ActionService actionService, NamespaceService namespaceService,
+                                    PermissionService permissionService, Nodes nodes)
     {
         this.dictionaryService = dictionaryService;
         this.actionService = actionService;
         this.namespaceService = namespaceService;
+        this.permissionService = permissionService;
+        this.nodes = nodes;
     }
 
     public Map<String, Serializable> getConvertedParams(Map<String, Serializable> params, String name)
@@ -74,14 +87,19 @@ public class ActionParameterConverter
             definition = actionService.getActionDefinition(name);
             if (definition == null)
             {
-                throw new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[]{name});
+                throw new NotFoundException(DEFAULT_MESSAGE_ID, new String[]{name});
             }
-        } catch (NoSuchBeanDefinitionException e) {
-            throw new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[]{name});
+        }
+        catch (NoSuchBeanDefinitionException e)
+        {
+            throw new NotFoundException(DEFAULT_MESSAGE_ID, new String[]{name});
         }
 
         for (Map.Entry<String, Serializable> param : params.entrySet())
         {
+            if (Objects.toString(param.getValue(), Strings.EMPTY).isEmpty()) {
+                throw new InvalidArgumentException(ACTION_PARAMETER_SHOULD_NOT_HAVE_EMPTY_OR_NULL_VALUE, new String[] {param.getKey()});
+            }
             final ParameterDefinition paramDef = definition.getParameterDefintion(param.getKey());
             if (paramDef == null && !definition.getAdhocPropertiesAllowed())
             {
@@ -91,7 +109,8 @@ public class ActionParameterConverter
             {
                 final QName typeQName = paramDef.getType();
                 parameters.put(param.getKey(), convertValue(typeQName, param.getValue()));
-            } else
+            }
+            else
             {
                 parameters.put(param.getKey(), param.getValue().toString());
             }
@@ -105,7 +124,8 @@ public class ActionParameterConverter
         {
             return ((QName) param).toPrefixString(namespaceService);
         }
-        else if (param instanceof NodeRef) {
+        else if (param instanceof NodeRef)
+        {
             return ((NodeRef) param).getId();
         }
         else
@@ -121,7 +141,7 @@ public class ActionParameterConverter
         final DataTypeDefinition typeDef = dictionaryService.getDataType(typeQName);
         if (typeDef == null)
         {
-            throw new NotFoundException(NotFoundException.DEFAULT_MESSAGE_ID, new String[]{typeQName.toPrefixString()});
+            throw new NotFoundException(DEFAULT_MESSAGE_ID, new String[]{typeQName.toPrefixString()});
         }
 
         if (propertyValue instanceof JSONArray)
@@ -130,7 +150,8 @@ public class ActionParameterConverter
             try
             {
                 Class.forName(javaClassName);
-            } catch (ClassNotFoundException e)
+            }
+            catch (ClassNotFoundException e)
             {
                 throw new DictionaryException("Java class " + javaClassName + " of property type " + typeDef.getName() + " is invalid", e);
             }
@@ -145,13 +166,19 @@ public class ActionParameterConverter
         }
         else
         {
-            if (typeQName.equals(DataTypeDefinition.QNAME) && typeQName.toString().contains(":"))
+            final String stringValue = Objects.toString(propertyValue, Strings.EMPTY);
+            if (typeQName.isMatch(DataTypeDefinition.QNAME) && typeQName.toString().contains(":"))
             {
-                value = QName.createQName(propertyValue.toString(), namespaceService);
+                value = QName.createQName(stringValue, namespaceService);
             }
             else if (typeQName.isMatch(DataTypeDefinition.NODE_REF))
             {
-                value = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, propertyValue.toString());
+                NodeRef nodeRef = nodes.validateOrLookupNode(stringValue, null);
+                if (permissionService.hasReadPermission(nodeRef) != ALLOWED)
+                {
+                    throw new EntityNotFoundException(stringValue);
+                }
+                value = nodeRef;
             }
             else
             {

remote-api/src/main/java/org/alfresco/rest/api/impl/rules/NodeValidator.java

@@ -35,6 +35,7 @@ import org.alfresco.repo.rule.RuleModel;
 import org.alfresco.rest.api.Nodes;
 import org.alfresco.rest.api.model.Node;
 import org.alfresco.rest.api.model.rules.RuleSet;
+import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
 import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
 import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
 import org.alfresco.rest.framework.core.exceptions.RelationshipResourceNotFoundException;
@@ -65,14 +66,21 @@ public class NodeValidator
      * @return folder node reference
      * @throws InvalidArgumentException if node is not of an expected type
      * @throws PermissionDeniedException if the user doesn't have the appropriate permission for the folder.
+     * @throws EntityNotFoundException if the folder node isn't found
      */
     public NodeRef validateFolderNode(final String folderNodeId, boolean requireChangePermission)
     {
-        final NodeRef nodeRef = nodes.validateOrLookupNode(folderNodeId, null);
-        validatePermission(requireChangePermission, nodeRef);
-        verifyNodeType(nodeRef, ContentModel.TYPE_FOLDER, null);
+        try
+        {
+            final NodeRef nodeRef = nodes.validateOrLookupNode(folderNodeId, null);
+            validatePermission(requireChangePermission, nodeRef);
+            verifyNodeType(nodeRef, ContentModel.TYPE_FOLDER, null);
 
-        return nodeRef;
+            return nodeRef;
+        } catch (EntityNotFoundException e)
+        {
+            throw new EntityNotFoundException("Folder with id " + folderNodeId + " was not found.", e);
+        }
     }
 
     /**
@@ -82,6 +90,8 @@ public class NodeValidator
      * @param associatedFolderNodeRef - folder node ref to check the association
      * @return rule set node reference
      * @throws InvalidArgumentException in case of not matching associated folder node
+     * @throws RelationshipResourceNotFoundException if the folder doesn't have a -default- rule set
+     * @throws EntityNotFoundException if the rule set node isn't found
      */
     public NodeRef validateRuleSetNode(final String ruleSetId, final NodeRef associatedFolderNodeRef)
     {
@@ -96,13 +106,18 @@ public class NodeValidator
             return ruleSetNodeRef;
         }
 
-        final NodeRef ruleSetNodeRef = validateNode(ruleSetId, ContentModel.TYPE_SYSTEM_FOLDER, RULE_SET_EXPECTED_TYPE_NAME);
-        if (!ruleService.isRuleSetAssociatedWithFolder(ruleSetNodeRef, associatedFolderNodeRef))
-        {
-            throw new InvalidArgumentException("Rule set is not associated with folder node!");
-        }
+        try {
+            final NodeRef ruleSetNodeRef = validateNode(ruleSetId, ContentModel.TYPE_SYSTEM_FOLDER, RULE_SET_EXPECTED_TYPE_NAME);
 
-        return ruleSetNodeRef;
+            if (!ruleService.isRuleSetAssociatedWithFolder(ruleSetNodeRef, associatedFolderNodeRef))
+            {
+                throw new InvalidArgumentException("Rule set is not associated with folder node!");
+            }
+            return ruleSetNodeRef;
+
+        } catch (EntityNotFoundException e) {
+            throw new EntityNotFoundException("Rule set with id " + ruleSetId + " was not found.", e);
+        }
     }
 
     public NodeRef validateRuleSetNode(String linkToNodeId, boolean requireChangePermission)

remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidator.java

@@ -0,0 +1,171 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.api.impl.validator.actions;
+
+import static org.alfresco.model.ContentModel.TYPE_CATEGORY;
+import static org.alfresco.model.ContentModel.TYPE_FOLDER;
+import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.NODE_REF;
+import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
+import static org.alfresco.service.cmr.security.PermissionService.WRITE;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.alfresco.repo.action.executer.CheckOutActionExecuter;
+import org.alfresco.repo.action.executer.CopyActionExecuter;
+import org.alfresco.repo.action.executer.ImageTransformActionExecuter;
+import org.alfresco.repo.action.executer.ImporterActionExecuter;
+import org.alfresco.repo.action.executer.LinkCategoryActionExecuter;
+import org.alfresco.repo.action.executer.MoveActionExecuter;
+import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter;
+import org.alfresco.repo.action.executer.TransformActionExecuter;
+import org.alfresco.rest.api.Actions;
+import org.alfresco.rest.api.Nodes;
+import org.alfresco.rest.api.actions.ActionValidator;
+import org.alfresco.rest.api.model.ActionDefinition;
+import org.alfresco.rest.api.model.rules.Action;
+import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
+import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
+import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.namespace.NamespaceService;
+import org.apache.commons.collections.MapUtils;
+import org.apache.logging.log4j.util.Strings;
+
+/**
+ * This class provides logic for validation of permissions for action parameters which reference node.
+ */
+public class ActionNodeParameterValidator implements ActionValidator
+{
+    /**
+     * This list holds action parameter names which require only READ permission on a referenced node
+     * That means, all other parameters that reference nodes will require WRITE permission
+     */
+    static final Map<String, List<String>> REQUIRE_READ_PERMISSION_PARAMS =
+            Map.of(LinkCategoryActionExecuter.NAME, List.of(LinkCategoryActionExecuter.PARAM_CATEGORY_VALUE));
+
+    static final String NO_PROPER_PERMISSIONS_FOR_NODE = "No proper permissions for node: ";
+    static final String NOT_A_CATEGORY = "Node is not a category ";
+    static final String NOT_A_FOLDER = "Node is not a folder ";
+
+    private final Actions actions;
+    private final NamespaceService namespaceService;
+    private final Nodes nodes;
+    private final PermissionService permissionService;
+
+    public ActionNodeParameterValidator(Actions actions, NamespaceService namespaceService, Nodes nodes,
+                                        PermissionService permissionService)
+    {
+        this.actions = actions;
+        this.namespaceService = namespaceService;
+        this.nodes = nodes;
+        this.permissionService = permissionService;
+    }
+
+    /**
+     * Validates action parameters that reference nodes against access permissions for executing user.
+     *
+     * @param action Action to be validated
+     */
+    @Override
+    public void validate(Action action)
+    {
+        final ActionDefinition actionDefinition = actions.getRuleActionDefinitionById(action.getActionDefinitionId());
+        final List<ActionDefinition.ParameterDefinition> nodeRefParams = actionDefinition.getParameterDefinitions().stream()
+                .filter(pd -> NODE_REF.toPrefixString(namespaceService).equals(pd.getType()))
+                .collect(Collectors.toList());
+        validateNodes(nodeRefParams, action);
+    }
+
+    /**
+     * @return List of action definitions applicable to this validator
+     */
+    @Override
+    public List<String> getActionDefinitionIds()
+    {
+        return List.of(CopyActionExecuter.NAME, MoveActionExecuter.NAME, CheckOutActionExecuter.NAME, ImporterActionExecuter.NAME,
+                LinkCategoryActionExecuter.NAME, SimpleWorkflowActionExecuter.NAME, TransformActionExecuter.NAME,
+                ImageTransformActionExecuter.NAME);
+    }
+
+    @Override
+    public int getPriority()
+    {
+        return Integer.MIN_VALUE + 1;
+    }
+
+    private void validateNodes(final List<ActionDefinition.ParameterDefinition> nodeRefParamDefinitions,
+                               final Action action)
+    {
+        if (MapUtils.isNotEmpty(action.getParams()))
+        {
+            nodeRefParamDefinitions.stream()
+                    .filter(pd -> action.getParams().containsKey(pd.getName()))
+                    .forEach(p -> {
+                        final String nodeId = Objects.toString(action.getParams().get(p.getName()), Strings.EMPTY);
+                        final NodeRef nodeRef = nodes.validateNode(nodeId);
+                        validatePermission(action.getActionDefinitionId(), p.getName(), nodeRef);
+                        validateType(action.getActionDefinitionId(), nodeRef);
+                    });
+        }
+    }
+
+    private void validatePermission(final String actionDefinitionId, final String paramName, final NodeRef nodeRef)
+    {
+        if (permissionService.hasReadPermission(nodeRef) != ALLOWED)
+        {
+            throw new EntityNotFoundException(nodeRef.getId());
+        }
+        if (!REQUIRE_READ_PERMISSION_PARAMS.containsKey(actionDefinitionId) ||
+                REQUIRE_READ_PERMISSION_PARAMS.get(actionDefinitionId).stream().noneMatch(paramName::equals))
+        {
+            if (permissionService.hasPermission(nodeRef, WRITE) != ALLOWED)
+            {
+                throw new PermissionDeniedException(NO_PROPER_PERMISSIONS_FOR_NODE + nodeRef.getId());
+            }
+        }
+    }
+
+    private void validateType(final String actionDefinitionId, final NodeRef nodeRef)
+    {
+        if (!LinkCategoryActionExecuter.NAME.equals(actionDefinitionId))
+        {
+            if (!nodes.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet()))
+            {
+                throw new InvalidArgumentException(NOT_A_FOLDER + nodeRef.getId());
+            }
+        } else if (!nodes.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet()))
+        {
+            throw new InvalidArgumentException(NOT_A_CATEGORY + nodeRef.getId());
+        }
+    }
+}

remote-api/src/main/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidator.java

@@ -0,0 +1,166 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.api.impl.validator.actions;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.stream.Collectors;
+
+import org.alfresco.rest.api.Actions;
+import org.alfresco.rest.api.actions.ActionValidator;
+import org.alfresco.rest.api.model.ActionDefinition;
+import org.alfresco.rest.api.model.ActionParameterConstraint;
+import org.alfresco.rest.api.model.rules.Action;
+import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
+import org.alfresco.rest.framework.core.exceptions.NotFoundException;
+import org.alfresco.service.Experimental;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.logging.log4j.util.Strings;
+
+/**
+ * This class will validate all action types against action parameters definitions (mandatory parameters, parameter constraints)
+ */
+@Experimental
+public class ActionParameterDefinitionValidator implements ActionValidator
+{
+    static final String INVALID_PARAMETER_VALUE =
+            "Action parameter: %s has invalid value (%s). Look up possible values for constraint name %s";
+    static final String MISSING_PARAMETER = "Missing action's mandatory parameter: %s";
+    static final String MUST_NOT_CONTAIN_PARAMETER = "Action of definition id: %s must not contain parameter of name: %s";
+    static final String PARAMS_SHOULD_NOT_BE_EMPTY =
+            "Action parameters should not be null or empty for this action. See Action Definition for action of: %s";
+    static final String INVALID_ACTION_DEFINITION = "Invalid rule action definition requested %s";
+    static final String EMPTY_ACTION_DEFINITION = "Empty/null rule action definition id";
+
+    private final Actions actions;
+
+    public ActionParameterDefinitionValidator(Actions actions)
+    {
+        this.actions = actions;
+    }
+
+    /**
+     * Validates action against its parameters definitions (mandatory parameters, parameter constraints)
+     *
+     * @param action Action to be validated
+     */
+    @Override
+    public void validate(Action action)
+    {
+        ActionDefinition actionDefinition;
+        final String actionDefinitionId = action.getActionDefinitionId();
+        if (Strings.isBlank(actionDefinitionId))
+        {
+            throw new InvalidArgumentException(EMPTY_ACTION_DEFINITION);
+        }
+        try
+        {
+            actionDefinition = actions.getRuleActionDefinitionById(actionDefinitionId);
+        } catch (NotFoundException e)
+        {
+            throw new InvalidArgumentException(String.format(INVALID_ACTION_DEFINITION, actionDefinitionId));
+        }
+        validateParametersSize(action.getParams(), actionDefinition);
+        final Map<String, Serializable> params = action.getParams();
+        if (MapUtils.isNotEmpty(params))
+        {
+            params.forEach((key, value) -> checkParameterShouldExist(key, actionDefinition));
+            getParameterDefinitions(actionDefinition).forEach(p -> validateParameterDefinitions(p, params));
+        }
+    }
+
+    /**
+     * This validator should be applied to all actions
+     *
+     * @return list of all defined action definition ids
+     */
+    @Override
+    public List<String> getActionDefinitionIds()
+    {
+        return List.of(ALL_ACTIONS);
+    }
+
+    /**
+     * This validator should have highest priority and be executed first of all (thus minimal integer is returned here).
+     *
+     * @return minimal integer value
+     */
+    @Override
+    public int getPriority()
+    {
+        return Integer.MIN_VALUE;
+    }
+
+    private void validateParametersSize(final Map<String, Serializable> params, final ActionDefinition actionDefinition)
+    {
+        final List<ActionDefinition.ParameterDefinition> parameterDefinitions = getParameterDefinitions(actionDefinition);
+        if (CollectionUtils.isNotEmpty(
+                parameterDefinitions.stream().filter(ActionDefinition.ParameterDefinition::isMandatory).collect(Collectors.toList())) &&
+                MapUtils.isEmpty(params))
+        {
+            throw new InvalidArgumentException(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinition.getName()));
+        }
+    }
+
+    private List<ActionDefinition.ParameterDefinition> getParameterDefinitions(ActionDefinition actionDefinition)
+    {
+        return actionDefinition.getParameterDefinitions() == null ? Collections.emptyList() : actionDefinition.getParameterDefinitions();
+    }
+
+    private void validateParameterDefinitions(final ActionDefinition.ParameterDefinition parameterDefinition,
+                                              final Map<String, Serializable> params)
+    {
+        final Serializable parameterValue = params.get(parameterDefinition.getName());
+        if (parameterDefinition.isMandatory() && parameterValue == null)
+        {
+            throw new InvalidArgumentException(String.format(MISSING_PARAMETER, parameterDefinition.getName()));
+        }
+        if (parameterDefinition.getParameterConstraintName() != null)
+        {
+            final ActionParameterConstraint actionConstraint =
+                    actions.getActionConstraint(parameterDefinition.getParameterConstraintName());
+            if (parameterValue != null && actionConstraint.getConstraintValues().stream()
+                    .noneMatch(constraintData -> constraintData.getValue().equals(Objects.toString(parameterValue, null))))
+            {
+                throw new InvalidArgumentException(String.format(INVALID_PARAMETER_VALUE, parameterDefinition.getName(), parameterValue,
+                        actionConstraint.getConstraintName()));
+            }
+        }
+    }
+
+    private void checkParameterShouldExist(final String parameterName, final ActionDefinition actionDefinition)
+    {
+        if (getParameterDefinitions(actionDefinition).stream().noneMatch(pd -> parameterName.equals(pd.getName())))
+        {
+            throw new InvalidArgumentException(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinition.getName(), parameterName));
+        }
+    }
+}

remote-api/src/main/java/org/alfresco/rest/api/model/Action.java

@@ -32,7 +32,7 @@ public class Action
     private String id;
     private String actionDefinitionId;
     private String targetId;
-    Map<String, String> params;
+    Map<String, ?> params;
 
     public String getId()
     {
@@ -64,12 +64,12 @@ public class Action
         this.targetId = targetId;
     }
 
-    public Map<String, String> getParams()
+    public Map<String, ?> getParams()
     {
         return params;
     }
 
-    public void setParams(Map<String, String> params)
+    public void setParams(Map<String, ? extends Object> params)
     {
         this.params = params;
     }

remote-api/src/main/java/org/alfresco/rest/api/rules/NodeRuleExecutionsRelation.java

@@ -23,12 +23,13 @@
  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  * #L%
  */
-package org.alfresco.rest.api.nodes;
+package org.alfresco.rest.api.rules;
 
 import java.util.List;
 
 import org.alfresco.rest.api.Rules;
 import org.alfresco.rest.api.model.rules.RuleExecution;
+import org.alfresco.rest.api.nodes.NodesEntityResource;
 import org.alfresco.rest.framework.resource.RelationshipResource;
 import org.alfresco.rest.framework.resource.actions.interfaces.RelationshipResourceAction;
 import org.alfresco.rest.framework.resource.parameters.Parameters;

remote-api/src/main/java/org/alfresco/rest/api/rules/NodeRuleSetLinksRelation.java

@@ -24,7 +24,7 @@
  * #L%
  */
 
-package org.alfresco.rest.api.nodes;
+package org.alfresco.rest.api.rules;
 
 import java.util.List;
 import java.util.stream.Collectors;
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.alfresco.rest.api.RuleSets;
 import org.alfresco.rest.api.model.rules.RuleSetLink;
+import org.alfresco.rest.api.nodes.NodesEntityResource;
 import org.alfresco.rest.framework.WebApiDescription;
 import org.alfresco.rest.framework.WebApiParam;
 import org.alfresco.rest.framework.core.ResourceParameter;

remote-api/src/main/java/org/alfresco/rest/api/rules/NodeRuleSetsRelation.java

@@ -24,12 +24,13 @@
  * #L%
  */
 
-package org.alfresco.rest.api.nodes;
+package org.alfresco.rest.api.rules;
 
 import javax.servlet.http.HttpServletResponse;
 
 import org.alfresco.rest.api.RuleSets;
 import org.alfresco.rest.api.model.rules.RuleSet;
+import org.alfresco.rest.api.nodes.NodesEntityResource;
 import org.alfresco.rest.framework.WebApiDescription;
 import org.alfresco.rest.framework.core.exceptions.RelationshipResourceNotFoundException;
 import org.alfresco.rest.framework.resource.RelationshipResource;

remote-api/src/main/java/org/alfresco/rest/api/rules/NodeRuleSettingsRelation.java

@@ -1,104 +1,105 @@
-/*
- * #%L
- * Alfresco Remote API
- * %%
- * Copyright (C) 2005 - 2022 Alfresco Software Limited
- * %%
- * This file is part of the Alfresco software.
- * If the software was purchased under a paid Alfresco license, the terms of
- * the paid license agreement will prevail.  Otherwise, the software is
- * provided under the following open source license terms:
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- * #L%
- */
-package org.alfresco.rest.api.nodes;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.alfresco.rest.api.RuleSettings;
-import org.alfresco.rest.api.model.rules.RuleSetting;
-import org.alfresco.rest.framework.WebApiDescription;
-import org.alfresco.rest.framework.core.exceptions.RelationshipResourceNotFoundException;
-import org.alfresco.rest.framework.resource.RelationshipResource;
-import org.alfresco.rest.framework.resource.actions.interfaces.RelationshipResourceAction;
-import org.alfresco.rest.framework.resource.parameters.Parameters;
-import org.alfresco.service.Experimental;
-import org.alfresco.util.PropertyCheck;
-import org.springframework.beans.factory.InitializingBean;
-
-/**
- * Folder node rule settings (rule inheritance).
- */
-@Experimental
-@RelationshipResource (name = "rule-settings", entityResource = NodesEntityResource.class, title = "Folder rule settings")
-public class NodeRuleSettingsRelation implements RelationshipResourceAction.ReadById<RuleSetting>,
-                                                 RelationshipResourceAction.Update<RuleSetting>,
-                                                 InitializingBean
-{
-    private RuleSettings ruleSettings;
-
-    @Override
-    public void afterPropertiesSet() throws Exception
-    {
-        PropertyCheck.mandatory(this, "ruleSettings", ruleSettings);
-    }
-
-    /**
-     * Get the given configuration value for the specified folder.
-     * <p>
-     * - GET /nodes/{folderId}/rule-settings/{ruleSettingKey}
-     *
-     * @param folderId The id of the folder.
-     * @param ruleSettingKey The setting to retrieve.
-     * @param parameters Unused.
-     * @return {@link RuleSetting} The current value of the setting.
-     */
-    @WebApiDescription (
-            title = "Get a folder node rule setting",
-            description = "Returns the specified rule setting for the given folder",
-            successStatus = HttpServletResponse.SC_OK
-    )
-    @Override
-    public RuleSetting readById(String folderId, String ruleSettingKey, Parameters parameters) throws RelationshipResourceNotFoundException
-    {
-        return ruleSettings.getRuleSetting(folderId, ruleSettingKey);
-    }
-
-    /**
-     * Set the value of a rule setting for the specified folder.
-     * <p>
-     * PUT /nodes/{folderId}/rule-settings/{ruleSettingKey}
-     *
-     * @param folderId The id of the folder.
-     * @param ruleSetting The new value of the rule setting.
-     * @param parameters Unused.
-     * @return The updated rule setting.
-     */
-    @WebApiDescription (
-            title = "Update folder node rule setting",
-            description = "Update a rule setting for given node",
-            successStatus = HttpServletResponse.SC_OK
-    )
-    @Override
-    public RuleSetting update(String folderId, RuleSetting ruleSetting, Parameters parameters)
-    {
-        return ruleSettings.setRuleSetting(folderId, ruleSetting);
-    }
-
-    public void setRuleSettings(RuleSettings ruleSettings)
-    {
-        this.ruleSettings = ruleSettings;
-    }
-}
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco.rest.api.rules;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.alfresco.rest.api.RuleSettings;
+import org.alfresco.rest.api.model.rules.RuleSetting;
+import org.alfresco.rest.api.nodes.NodesEntityResource;
+import org.alfresco.rest.framework.WebApiDescription;
+import org.alfresco.rest.framework.core.exceptions.RelationshipResourceNotFoundException;
+import org.alfresco.rest.framework.resource.RelationshipResource;
+import org.alfresco.rest.framework.resource.actions.interfaces.RelationshipResourceAction;
+import org.alfresco.rest.framework.resource.parameters.Parameters;
+import org.alfresco.service.Experimental;
+import org.alfresco.util.PropertyCheck;
+import org.springframework.beans.factory.InitializingBean;
+
+/**
+ * Folder node rule settings (rule inheritance).
+ */
+@Experimental
+@RelationshipResource (name = "rule-settings", entityResource = NodesEntityResource.class, title = "Folder rule settings")
+public class NodeRuleSettingsRelation implements RelationshipResourceAction.ReadById<RuleSetting>,
+                                                 RelationshipResourceAction.Update<RuleSetting>,
+                                                 InitializingBean
+{
+    private RuleSettings ruleSettings;
+
+    @Override
+    public void afterPropertiesSet() throws Exception
+    {
+        PropertyCheck.mandatory(this, "ruleSettings", ruleSettings);
+    }
+
+    /**
+     * Get the given configuration value for the specified folder.
+     * <p>
+     * - GET /nodes/{folderId}/rule-settings/{ruleSettingKey}
+     *
+     * @param folderId The id of the folder.
+     * @param ruleSettingKey The setting to retrieve.
+     * @param parameters Unused.
+     * @return {@link RuleSetting} The current value of the setting.
+     */
+    @WebApiDescription (
+            title = "Get a folder node rule setting",
+            description = "Returns the specified rule setting for the given folder",
+            successStatus = HttpServletResponse.SC_OK
+    )
+    @Override
+    public RuleSetting readById(String folderId, String ruleSettingKey, Parameters parameters) throws RelationshipResourceNotFoundException
+    {
+        return ruleSettings.getRuleSetting(folderId, ruleSettingKey);
+    }
+
+    /**
+     * Set the value of a rule setting for the specified folder.
+     * <p>
+     * PUT /nodes/{folderId}/rule-settings/{ruleSettingKey}
+     *
+     * @param folderId The id of the folder.
+     * @param ruleSetting The new value of the rule setting.
+     * @param parameters Unused.
+     * @return The updated rule setting.
+     */
+    @WebApiDescription (
+            title = "Update folder node rule setting",
+            description = "Update a rule setting for given node",
+            successStatus = HttpServletResponse.SC_OK
+    )
+    @Override
+    public RuleSetting update(String folderId, RuleSetting ruleSetting, Parameters parameters)
+    {
+        return ruleSettings.setRuleSetting(folderId, ruleSetting);
+    }
+
+    public void setRuleSettings(RuleSettings ruleSettings)
+    {
+        this.ruleSettings = ruleSettings;
+    }
+}

remote-api/src/main/java/org/alfresco/rest/api/rules/NodeRulesRelation.java

@@ -24,7 +24,7 @@
  * #L%
  */
 
-package org.alfresco.rest.api.nodes;
+package org.alfresco.rest.api.rules;
 
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;

remote-api/src/main/java/org/alfresco/rest/api/rules/package-info.java

@@ -0,0 +1,29 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+@WebApi(name="alfresco", scope=Api.SCOPE.PRIVATE, version=1)
+package org.alfresco.rest.api.rules;
+import org.alfresco.rest.framework.Api;
+import org.alfresco.rest.framework.WebApi;

remote-api/src/main/java/org/alfresco/rest/framework/core/exceptions/EntityNotFoundException.java

@@ -34,7 +34,7 @@ public class EntityNotFoundException extends NotFoundException
 {
     private static final long serialVersionUID = -1198595000441207734L;
     public static String DEFAULT_MESSAGE_ID = "framework.exception.EntityNotFound";
-    
+
     /**
      * The entity id param will be shown in the default error message.
      * @param entityId String
@@ -43,4 +43,20 @@ public class EntityNotFoundException extends NotFoundException
     {
         super(DEFAULT_MESSAGE_ID, new String[] {entityId});
     }
+
+    /**
+     * The entity id param will be shown in the default error message.
+     *
+     * @param msgId The message template.
+     * @param parameters The message template parameters.
+     */
+    public EntityNotFoundException(String msgId, String[] parameters)
+    {
+        super(msgId, parameters);
+    }
+
+    public EntityNotFoundException(String msgId, Throwable cause)
+    {
+        super(msgId, cause);
+    }
 }

remote-api/src/main/java/org/alfresco/rest/framework/core/exceptions/NotFoundException.java

@@ -53,4 +53,9 @@ public class NotFoundException extends ApiException
         super(msgId, notFoundObjects);
     }
 
+    public NotFoundException(String msgId, Throwable cause)
+    {
+        super(msgId, cause);
+    }
+
 }

remote-api/src/main/resources/alfresco/public-rest-context.xml

@@ -588,7 +588,20 @@
     <bean class="org.alfresco.rest.api.actions.ActionParameterConstraintsEntityResource">
         <constructor-arg name="actions" ref="Actions"/>
     </bean>
-    
+
+    <!--    action parameter validators start here -->
+    <bean id="actionParameterConstraintsValidator" class="org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator">
+        <constructor-arg name="actions" ref="Actions"/>
+    </bean>
+    <bean id="actionNodeParameterValidator" class="org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator">
+        <constructor-arg name="actions" ref="Actions"/>
+        <constructor-arg name="namespaceService" ref="NamespaceService"/>
+        <constructor-arg name="nodes" ref="Nodes"/>
+        <constructor-arg name="permissionService" ref="PermissionService"/>
+    </bean>
+
+    <!--    action parameter validators end here-->
+
     <bean id="Downloads" class="org.springframework.aop.framework.ProxyFactoryBean">
         <property name="proxyInterfaces">
             <value>org.alfresco.rest.api.Downloads</value>
@@ -862,7 +875,7 @@
         <property name="nodeService" ref="NodeService"/>
     </bean>
 
-    <bean class="org.alfresco.rest.api.nodes.NodeRulesRelation">
+    <bean class="org.alfresco.rest.api.rules.NodeRulesRelation">
         <property name="rules" ref="Rules" />
     </bean>
 
@@ -895,7 +908,7 @@
         <property name="ruleMapper" ref="ruleMapper"/>
     </bean>
 
-    <bean class="org.alfresco.rest.api.nodes.NodeRuleSetsRelation">
+    <bean class="org.alfresco.rest.api.rules.NodeRuleSetsRelation">
         <property name="ruleSets" ref="RuleSets" />
     </bean>
 
@@ -903,6 +916,8 @@
         <constructor-arg name="actionService" ref="ActionService"/>
         <constructor-arg name="dictionaryService" ref="DictionaryService"/>
         <constructor-arg name="namespaceService" ref="NamespaceService"/>
+        <constructor-arg name="permissionService" ref="PermissionService" />
+        <constructor-arg name="nodes" ref="Nodes"/>
     </bean>
 
     <bean id="actionPermissionValidator" class="org.alfresco.rest.api.impl.rules.ActionPermissionValidator">
@@ -928,11 +943,11 @@
         </property>
     </bean>
 
-    <bean class="org.alfresco.rest.api.nodes.NodeRuleSetLinksRelation">
+    <bean class="org.alfresco.rest.api.rules.NodeRuleSetLinksRelation">
         <constructor-arg name="ruleSets" ref="RuleSets" />
     </bean>
 
-    <bean class="org.alfresco.rest.api.nodes.NodeRuleExecutionsRelation">
+    <bean class="org.alfresco.rest.api.rules.NodeRuleExecutionsRelation">
         <constructor-arg name="rules" ref="Rules" />
     </bean>
 
@@ -951,7 +966,7 @@
         </property>
     </bean>
 
-    <bean class="org.alfresco.rest.api.nodes.NodeRuleSettingsRelation">
+    <bean class="org.alfresco.rest.api.rules.NodeRuleSettingsRelation">
         <property name="ruleSettings" ref="RuleSettings" />
     </bean>
 
@@ -965,6 +980,12 @@
 
     <bean id="actionMapper" class="org.alfresco.rest.api.impl.mapper.rules.RestRuleActionModelMapper">
         <constructor-arg name="parameterConverter" ref="actionParameterConverter"/>
+        <constructor-arg name="actionValidators">
+            <list>
+                <ref bean="actionParameterConstraintsValidator"/>
+                <ref bean="actionNodeParameterValidator"/>
+            </list>
+        </constructor-arg>
     </bean>
 
     <bean id="ruleMapper" class="org.alfresco.rest.api.impl.mapper.rules.RestRuleModelMapper">

remote-api/src/main/resources/alfresco/remote-api-context.xml

@@ -8,6 +8,7 @@
         <property name="enabled" value="${system.webdav.servlet.enabled}" />
         <property name="storeName" value="${system.webdav.storeName}" />
         <property name="rootPath" value="${system.webdav.rootPath}" />
+        <property name="allowInsecurePOSTMethod" value="${system.webdav.allowInsecurePOSTMethod}" />
     </bean>
     
     <bean id="webDAVLockService" class="org.alfresco.repo.webdav.WebDAVLockServiceImpl">

remote-api/src/main/resources/alfresco/templates/webscripts/org/alfresco/repository/site/membership/potentialmembers.get.js

@@ -3,12 +3,13 @@ function main()
    // Get the args
    var siteShortName = url.templateArgs.shortname,
       site = siteService.getSite(siteShortName),
-      filter = ((args.filter != null) ? args.filter : (args.shortNameFilter != null) ? args.shortNameFilter : "" )+ " [hint:useCQ]",
       maxResults = (args.maxResults == null) ? 10 : parseInt(args.maxResults, 10),
       authorityType = args.authorityType,
       zone = args.zone,
       sortBy = args.sortBy,
       sortAsc = args.dir != "desc";
+   
+  var filter;
 
 
    if (authorityType != null)
@@ -28,6 +29,7 @@ function main()
 
    if (authorityType == null || authorityType == "USER")
    {
+      filter = ((args.filter != null) ? args.filter : (args.shortNameFilter != null) ? args.shortNameFilter : "" )+ " [hint:useCQ]";
       // Get the collection of people
       peopleFound = sortBy != null ? people.getPeople(filter, maxResults, sortBy, sortAsc) : people.getPeople(filter, maxResults);
 
@@ -67,6 +69,7 @@ function main()
 
    if (authorityType == null || authorityType == "GROUP")
    {
+      filter = (args.filter != null) ? args.filter : (args.shortNameFilter != null) ? args.shortNameFilter : "";
       // Get the collection of groups
       paging = utils.createPaging(maxResults, -1);
       groupsFound = groups.getGroupsInZone(filter, zone, paging, "displayName");
@@ -96,4 +99,4 @@ function contains(arr, value) {
     return false;
 }
 
-main();
+main();

remote-api/src/main/resources/alfresco/templates/webscripts/org/springframework/extensions/webscripts/index.get.html.ftl

@@ -0,0 +1,82 @@
+<#import "/org/springframework/extensions/webscripts/webscripts.lib.html.ftl" as wsLib/>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<@wsLib.head>${msg("alfresco.index.title")}</@wsLib.head>
+<body>
+<div>
+    <@wsLib.indexheader>Web Scripts Home</@wsLib.indexheader>
+    <#if failures?size &gt; 0>
+        <br/>
+        <table>
+            <tr><td><a href="${url.serviceContext}/index/failures">(+${failures?size} failed)</td></tr>
+        </table>
+    </#if>
+    <br>
+    <@wsLib.onlinedoc/>
+    <br/>
+    <span class="mainSubTitle">Index</span>
+    <#if rootfamily.children?size &gt; 0>
+        <table>
+            <#list rootfamily.children as childpath>
+                <tr><td><a href="${url.serviceContext}/index/family${childpath.path}">Browse '${childpath.name}' Web Scripts</a></td></tr>
+            </#list>
+        </table>
+        <br/>
+    </#if>
+    <table>
+        <tr><td><a href="${url.serviceContext}/index/all">Browse all Web Scripts</a></td></tr>
+        <tr><td><a href="${url.serviceContext}/index/uri/">Browse by Web Script URI</a></td></tr>
+        <tr><td><a href="${url.serviceContext}/index/package/">Browse by Web Script Package</a></td></tr>
+        <tr><td><a href="${url.serviceContext}/index/lifecycle/">Browse by Web Script Lifecycle</a></td></tr>
+    </table>
+    <br/>
+    <br/>
+    <span class="mainSubTitle">Maintenance</span>
+    <form id="refresh" action="${url.serviceContext}${url.match}" method="post">
+        <input type="hidden" name="reset" value="on"/>
+        <table>
+            <#if failures?size &gt; 0>
+                <tr><td><a href="${url.serviceContext}/index/failures">Browse failed Web Scripts</a></td></tr>
+            </#if>
+            <tr><td><a href="${url.serviceContext}/api/javascript/debugger">Alfresco Javascript Debugger</a></td></tr>
+        </table>
+        <br/>
+        <table>
+            <tr><td><input type="submit" name="submit" value="Refresh Web Scripts"/></td></tr>
+        </table>
+    </form>
+</div>
+<#assign CSRF=(config.scoped["CSRFPolicy"]["filter"].getChildren("rule")?size != 0)!false>
+<#if CSRF>
+<script type="text/javascript">
+function addCsrfTokenToRefreshForm() {
+   const properties = {};
+    <#if config.scoped["CSRFPolicy"]["properties"]??>
+        <#assign csrfProperties = (config.scoped["CSRFPolicy"]["properties"].children)![]>
+        <#list csrfProperties as p>
+   properties["${p.name?js_string}"] = "${(p.value!"")?js_string}";
+        </#list>
+   </#if>
+
+   function substitute(str) {
+      for (const prop in properties) {
+         str = str.replace("{" + prop + "}", properties[prop]);
+      }
+      return str;
+   }
+
+   const csrfCookieName = substitute("${config.scoped["CSRFPolicy"]["client"].getChildValue("cookie")!""}");
+   const csrfParamName = substitute("${config.scoped["CSRFPolicy"]["client"].getChildValue("parameter")!""}");
+   const matchingCookies = document.cookie.match(new RegExp("(?:^|; )" + csrfCookieName + "=([^;]*)"));
+   if (matchingCookies) {
+      const csrfToken = decodeURIComponent(matchingCookies[1]).replace(/"/g, '');
+      const form = document.getElementById('refresh');
+      const originalAction = form.attributes.action.value;
+      form.attributes.action.value = originalAction + (originalAction.lastIndexOf('?') === -1 ? "?" : "&") + csrfParamName + "=" + encodeURIComponent(csrfToken);
+   }
+}
+window.addEventListener('load', addCsrfTokenToRefreshForm, false);
+</script>
+</#if>
+</body>
+</html>

remote-api/src/test/java/org/alfresco/AppContextExtraTestSuite.java

@@ -99,6 +99,7 @@ import org.junit.runners.Suite;
     org.alfresco.repo.webdav.WebDAVMethodTest.class,
     org.alfresco.repo.webdav.PutMethodTest.class,
     org.alfresco.repo.webdav.WebDAVonContentUpdateTest.class,
+    org.alfresco.repo.webdav.WebDAVInsecurePostMethodTest.class,
 
     // [classpath:test-rest-context.xml]
     org.alfresco.rest.framework.tests.core.ExceptionResolverTests.class,

remote-api/src/test/java/org/alfresco/repo/webdav/WebDAVInsecurePostMethodTest.java

@@ -0,0 +1,131 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.repo.webdav;
+
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+import java.util.Hashtable;
+
+import org.alfresco.repo.webdav.WebDAVServlet.WebDAVInitParameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+
+/**
+ * Tests for the allowInsecurePOSTMethod flag.
+ *
+ * @see  WebDAVInitParameters
+ * @author Aleksandra Onych
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class WebDAVInsecurePostMethodTest
+{
+    private WebDAVServlet davServlet;
+    private @Mock WebDAVInitParameters webDAVInitParameters;
+    private @Mock HttpServletRequest request;
+    private @Mock HttpServletResponse response;
+    private @Mock Hashtable<String,Class<? extends WebDAVMethod>> davMethods;
+
+    @Before
+    public void setUp()
+    {
+        davServlet = new WebDAVServlet();
+        ReflectionTestUtils.setField(davServlet, "initParams", webDAVInitParameters);
+        ReflectionTestUtils.setField(davServlet, "m_davMethods", davMethods);
+        when(webDAVInitParameters.getEnabled()).thenReturn(true);
+    }
+
+
+    @Test
+    public void shouldReturn405StatusWhenPostMethodIsNotAllowed() throws ServletException, IOException
+    {
+        prepareRequest(WebDAV.METHOD_POST);
+        when(webDAVInitParameters.allowInsecurePOSTMethod()).thenReturn(false);
+
+        davServlet.service(request, response);
+
+        verify(response).sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+    }
+
+    @Test
+    public void shouldNotReturn405StatusWhenPostMethodIsAllowed() throws ServletException, IOException
+    {
+        prepareRequest(WebDAV.METHOD_POST);
+        when(webDAVInitParameters.allowInsecurePOSTMethod()).thenReturn(true);
+
+        davServlet.service(request, response);
+
+        verify(response, never()).sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+    }
+
+    @Test
+    public void shouldNotReturn405StatusForPutMethod() throws ServletException, IOException
+    {
+        prepareRequest(WebDAV.METHOD_PUT);
+
+        davServlet.service(request, response);
+
+        verify(response, never()).sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+    }
+
+    @Test
+    public void shouldNotReturn405StatusForGetMethod() throws ServletException, IOException
+    {
+        prepareRequest(WebDAV.METHOD_GET);
+
+        davServlet.service(request, response);
+
+        verify(response, never()).sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+    }
+
+    @Test
+    public void shouldNotReturn405StatusForDeleteMethod() throws ServletException, IOException
+    {
+        prepareRequest(WebDAV.METHOD_DELETE);
+
+        davServlet.service(request, response);
+
+        verify(response, never()).sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+    }
+
+    private void prepareRequest(String requestMethodName)
+    {
+        doReturn(PutMethod.class).when(davMethods).get(requestMethodName);
+        when(request.getMethod()).thenReturn(requestMethodName);
+    }
+}

remote-api/src/test/java/org/alfresco/rest/api/RulesUnitTests.java

@@ -36,7 +36,10 @@ import org.alfresco.rest.api.impl.rules.NodeValidatorTest;
 import org.alfresco.rest.api.impl.rules.RuleLoaderTest;
 import org.alfresco.rest.api.impl.rules.RuleSetsImplTest;
 import org.alfresco.rest.api.impl.rules.RulesImplTest;
-import org.alfresco.rest.api.nodes.NodeRulesRelationTest;
+import org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidatorTest;
+import org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidatorTest;
+import org.alfresco.rest.api.rules.NodeRuleSetsRelationTest;
+import org.alfresco.rest.api.rules.NodeRulesRelationTest;
 import org.alfresco.service.Experimental;
 import org.junit.runner.RunWith;
 import org.junit.runners.Suite;
@@ -45,12 +48,15 @@ import org.junit.runners.Suite;
 @RunWith(Suite.class)
 @Suite.SuiteClasses({
     NodeRulesRelationTest.class,
+    NodeRuleSetsRelationTest.class,
     RulesImplTest.class,
     RuleSetsImplTest.class,
     NodeValidatorTest.class,
     RuleLoaderTest.class,
     ActionParameterConverterTest.class,
     ActionPermissionValidatorTest.class,
+    ActionParameterDefinitionValidatorTest.class,
+    ActionNodeParameterValidatorTest.class,
     RestRuleSimpleConditionModelMapperTest.class,
     RestRuleCompositeConditionModelMapperTest.class,
     RestRuleActionModelMapperTest.class,

remote-api/src/test/java/org/alfresco/rest/api/actions/ActionConstraintsEntityResourceTest.java

@@ -0,0 +1,66 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.api.actions;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.then;
+
+import org.alfresco.rest.api.Actions;
+import org.alfresco.rest.api.model.ActionParameterConstraint;
+import org.alfresco.rest.framework.resource.parameters.Parameters;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ActionConstraintsEntityResourceTest
+{
+    @Mock
+    private Actions actionsMock;
+    @Mock
+    private Parameters parametersMock;
+
+    @InjectMocks
+    private ActionConstraintsEntityResource objectUnderTest;
+
+    @Test
+    public void testReadById() {
+        final String name = "name";
+        final ActionParameterConstraint dummyConstraint = new ActionParameterConstraint();
+        given(actionsMock.getActionConstraint(name)).willReturn(dummyConstraint);
+
+        //when
+        ActionParameterConstraint result = objectUnderTest.readById(name, parametersMock);
+
+        then(actionsMock).should().getActionConstraint(name);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        assertThat(result).isNotNull().usingRecursiveComparison().isEqualTo(dummyConstraint);
+    }
+}

remote-api/src/test/java/org/alfresco/rest/api/impl/mapper/rules/RestRuleActionModelMapperTest.java

@@ -43,11 +43,14 @@ import java.util.List;
 import java.util.Map;
 
 import org.alfresco.repo.action.ActionImpl;
+import org.alfresco.rest.api.actions.ActionValidator;
 import org.alfresco.rest.api.impl.rules.ActionParameterConverter;
 import org.alfresco.rest.api.model.rules.Action;
 import org.alfresco.service.Experimental;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.StoreRef;
+import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
@@ -65,10 +68,16 @@ public class RestRuleActionModelMapperTest
 
     @Mock
     private ActionParameterConverter parameterConverter;
+    @Mock
+    private ActionValidator sampleValidatorMock;
 
-    @InjectMocks
     private RestRuleActionModelMapper objectUnderTest;
 
+    @Before
+    public void setUp() {
+        objectUnderTest = new RestRuleActionModelMapper(parameterConverter, List.of(sampleValidatorMock));
+    }
+
     @Test
     public void testToRestModel()
     {

remote-api/src/test/java/org/alfresco/rest/api/impl/rules/ActionParameterConverterTest.java

@@ -26,8 +26,12 @@
 
 package org.alfresco.rest.api.impl.rules;
 
+import static org.alfresco.repo.action.executer.CopyActionExecuter.PARAM_DESTINATION_FOLDER;
 import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
+import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
+import static org.alfresco.service.cmr.security.AccessStatus.DENIED;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
@@ -40,6 +44,7 @@ import java.io.Serializable;
 import java.util.List;
 import java.util.Map;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
 import org.alfresco.repo.action.executer.AddFeaturesActionExecuter;
 import org.alfresco.repo.action.executer.CheckInActionExecuter;
 import org.alfresco.repo.action.executer.CheckOutActionExecuter;
@@ -50,6 +55,9 @@ import org.alfresco.repo.action.executer.RemoveFeaturesActionExecuter;
 import org.alfresco.repo.action.executer.ScriptActionExecuter;
 import org.alfresco.repo.action.executer.SetPropertyValueActionExecuter;
 import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter;
+import org.alfresco.rest.api.Nodes;
+import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
+import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
 import org.alfresco.rest.framework.core.exceptions.NotFoundException;
 import org.alfresco.service.Experimental;
 import org.alfresco.service.cmr.action.ActionDefinition;
@@ -58,8 +66,11 @@ import org.alfresco.service.cmr.action.ParameterDefinition;
 import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
+import org.apache.logging.log4j.util.Strings;
+import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
@@ -81,8 +92,10 @@ public class ActionParameterConverterTest
     private static final String IDENTIFIER = "identifier";
     private static final String IDENTIFIER_ASPECT = NamespaceService.CONTENT_MODEL_PREFIX + QName.NAMESPACE_PREFIX + IDENTIFIER;
 
-    private static final String DUMMY_FOLDER_NODE_ID = "dummy-folder-node";
-    private static final String DUMMY_SCRIPT_NODE_ID = "dummy-script-ref";
+    private static final String DUMMY_FOLDER_NODE_ID = "dummy://folder/node";
+    private static final NodeRef DUMMY_FOLDER_NODE = new NodeRef(DUMMY_FOLDER_NODE_ID);
+    private static final String DUMMY_SCRIPT_NODE_ID = "dummy://script/ref";
+    private static final NodeRef DUMMY_SCRIPT_NODE = new NodeRef(DUMMY_SCRIPT_NODE_ID);
 
     @Mock
     private DictionaryService dictionaryService;
@@ -90,6 +103,10 @@ public class ActionParameterConverterTest
     private ActionService actionService;
     @Mock
     private NamespaceService namespaceService;
+    @Mock
+    private PermissionService permissionService;
+    @Mock
+    private Nodes nodes;
 
     @Mock
     private ActionDefinition actionDefinition;
@@ -109,6 +126,15 @@ public class ActionParameterConverterTest
     @InjectMocks
     private ActionParameterConverter objectUnderTest;
 
+    @Before
+    public void setUp()
+    {
+        given(nodes.validateOrLookupNode(DUMMY_FOLDER_NODE_ID, null)).willReturn(DUMMY_FOLDER_NODE);
+        given(nodes.validateOrLookupNode(DUMMY_SCRIPT_NODE_ID, null)).willReturn(DUMMY_SCRIPT_NODE);
+        given(permissionService.hasReadPermission(DUMMY_FOLDER_NODE)).willReturn(ALLOWED);
+        given(permissionService.hasReadPermission(DUMMY_SCRIPT_NODE)).willReturn(ALLOWED);
+    }
+
     @Test
     public void testAddAspectConversion()
     {
@@ -146,7 +172,7 @@ public class ActionParameterConverterTest
     public void testCopyConversion()
     {
         final String name = CopyActionExecuter.NAME;
-        final String destinationFolderKey = CopyActionExecuter.PARAM_DESTINATION_FOLDER;
+        final String destinationFolderKey = PARAM_DESTINATION_FOLDER;
         final String deepCopyKey = CopyActionExecuter.PARAM_DEEP_COPY;
         final Map<String, Serializable> params = Map.of(destinationFolderKey, DUMMY_FOLDER_NODE_ID, deepCopyKey, true);
 
@@ -177,8 +203,7 @@ public class ActionParameterConverterTest
 
         final Serializable convertedCopyParam = convertedParams.get(destinationFolderKey);
         assertTrue(convertedCopyParam instanceof NodeRef);
-        assertEquals(STORE_REF_WORKSPACE_SPACESSTORE, ((NodeRef) convertedCopyParam).getStoreRef());
-        assertEquals(DUMMY_FOLDER_NODE_ID, ((NodeRef) convertedCopyParam).getId());
+        assertEquals(DUMMY_FOLDER_NODE, convertedCopyParam);
         final Serializable convertedDeepCopyParam = convertedParams.get(deepCopyKey);
         assertThat(convertedDeepCopyParam instanceof Boolean).isTrue();
         assertTrue(((Boolean) convertedDeepCopyParam));
@@ -211,8 +236,7 @@ public class ActionParameterConverterTest
 
         final Serializable convertedCopyParam = convertedParams.get(executeScriptKey);
         assertTrue(convertedCopyParam instanceof NodeRef);
-        assertEquals(STORE_REF_WORKSPACE_SPACESSTORE, ((NodeRef) convertedCopyParam).getStoreRef());
-        assertEquals(DUMMY_SCRIPT_NODE_ID, ((NodeRef) convertedCopyParam).getId());
+        assertEquals(DUMMY_SCRIPT_NODE, convertedCopyParam);
     }
 
     @Test
@@ -242,8 +266,7 @@ public class ActionParameterConverterTest
 
         final Serializable convertedCopyParam = convertedParams.get(destinationFolderKey);
         assertTrue(convertedCopyParam instanceof NodeRef);
-        assertEquals(STORE_REF_WORKSPACE_SPACESSTORE, ((NodeRef) convertedCopyParam).getStoreRef());
-        assertEquals(DUMMY_FOLDER_NODE_ID, ((NodeRef) convertedCopyParam).getId());
+        assertEquals(DUMMY_FOLDER_NODE, convertedCopyParam);
     }
 
     @Test
@@ -330,8 +353,7 @@ public class ActionParameterConverterTest
 
         final Serializable convertedDestinationParam = convertedParams.get(destinationFolderKey);
         assertTrue(convertedDestinationParam instanceof NodeRef);
-        assertEquals(STORE_REF_WORKSPACE_SPACESSTORE, ((NodeRef) convertedDestinationParam).getStoreRef());
-        assertEquals(DUMMY_FOLDER_NODE_ID, ((NodeRef) convertedDestinationParam).getId());
+        assertEquals(DUMMY_FOLDER_NODE, convertedDestinationParam);
         final Serializable convertedAssocNameParam = convertedParams.get(assocNameKey);
         assertTrue(convertedAssocNameParam instanceof QName);
         assertEquals(CHECKOUT, ((QName) convertedAssocNameParam).getLocalName());
@@ -385,8 +407,7 @@ public class ActionParameterConverterTest
         assertEquals(NamespaceService.DICTIONARY_MODEL_1_0_URI, ((QName) convertedCatValueParam).getNamespaceURI());
         final Serializable convertedDestinationParam = convertedParams.get(categoryValueKey);
         assertTrue(convertedDestinationParam instanceof NodeRef);
-        assertEquals(STORE_REF_WORKSPACE_SPACESSTORE, ((NodeRef) convertedDestinationParam).getStoreRef());
-        assertEquals(DUMMY_FOLDER_NODE_ID, ((NodeRef) convertedDestinationParam).getId());
+        assertEquals(DUMMY_FOLDER_NODE, convertedDestinationParam);
     }
 
     @Test
@@ -484,12 +505,10 @@ public class ActionParameterConverterTest
         assertEquals(reject, convertedRejectStepParam);
         final Serializable convertedApproveFolderParam = convertedParams.get(approveFolderKey);
         assertTrue(convertedApproveFolderParam instanceof NodeRef);
-        assertEquals(STORE_REF_WORKSPACE_SPACESSTORE, ((NodeRef) convertedApproveFolderParam).getStoreRef());
-        assertEquals(DUMMY_FOLDER_NODE_ID, ((NodeRef) convertedApproveFolderParam).getId());
+        assertEquals(DUMMY_FOLDER_NODE, convertedApproveFolderParam);
         final Serializable convertedRejectFolderParam = convertedParams.get(rejectFolderKey);
         assertTrue(convertedRejectFolderParam instanceof NodeRef);
-        assertEquals(STORE_REF_WORKSPACE_SPACESSTORE, ((NodeRef) convertedRejectFolderParam).getStoreRef());
-        assertEquals(DUMMY_FOLDER_NODE_ID, ((NodeRef) convertedRejectFolderParam).getId());
+        assertEquals(DUMMY_FOLDER_NODE, convertedRejectFolderParam);
         final Serializable convertedApproveMoveParam = convertedParams.get(approveMoveKey);
         assertTrue(convertedApproveMoveParam instanceof Boolean);
         assertTrue((Boolean) convertedApproveMoveParam);
@@ -555,6 +574,66 @@ public class ActionParameterConverterTest
         assertEquals(propType, convertedPropTypeParam);
     }
 
+    @Test
+    public void testNonExistentNodeParam()
+    {
+        final String name = CopyActionExecuter.NAME;
+        final Map<String, Serializable> params = Map.of(PARAM_DESTINATION_FOLDER, "non://existent/node");
+
+        given(actionService.getActionDefinition(name)).willReturn(actionDefinition);
+        given(actionDefinition.getParameterDefintion(PARAM_DESTINATION_FOLDER)).willReturn(actionDefinitionParam1);
+        final QName nodeRef = DataTypeDefinition.NODE_REF;
+        given(actionDefinitionParam1.getType()).willReturn(nodeRef);
+
+        given(dictionaryService.getDataType(nodeRef)).willReturn(dataTypeDefinition1);
+
+        //when
+        assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.getConvertedParams(params, name));
+    }
+
+    @Test
+    public void testNoReadPermissionForNodeParam()
+    {
+        final String name = CopyActionExecuter.NAME;
+        String permissionDeniedNodeId = "permission://denied/node";
+        final Map<String, Serializable> params = Map.of(PARAM_DESTINATION_FOLDER, permissionDeniedNodeId);
+        NodeRef permissionDeniedNode = new NodeRef(permissionDeniedNodeId);
+        given(nodes.validateOrLookupNode(permissionDeniedNodeId, null)).willReturn(permissionDeniedNode);
+        given(permissionService.hasReadPermission(permissionDeniedNode)).willReturn(DENIED);
+
+        given(actionService.getActionDefinition(name)).willReturn(actionDefinition);
+        given(actionDefinition.getParameterDefintion(PARAM_DESTINATION_FOLDER)).willReturn(actionDefinitionParam1);
+        final QName nodeRef = DataTypeDefinition.NODE_REF;
+        given(actionDefinitionParam1.getType()).willReturn(nodeRef);
+
+        given(dictionaryService.getDataType(nodeRef)).willReturn(dataTypeDefinition1);
+
+        //when
+        assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.getConvertedParams(params, name));
+    }
+
+    @Test
+    public void testNullParamValue()
+    {
+        final String name = CheckOutActionExecuter.NAME;
+        final String destinationFolderKey = CheckOutActionExecuter.PARAM_DESTINATION_FOLDER;
+        final String assocNameKey = CheckOutActionExecuter.PARAM_ASSOC_QNAME;
+        final String assocTypeKey = CheckOutActionExecuter.PARAM_ASSOC_TYPE_QNAME;
+        final Map<String, Serializable> params =
+                Map.of(destinationFolderKey, Strings.EMPTY, assocNameKey, Strings.EMPTY, assocTypeKey, Strings.EMPTY);
+
+        given(actionService.getActionDefinition(name)).willReturn(actionDefinition);
+
+        //when
+        assertThrows(InvalidArgumentException.class, () ->objectUnderTest.getConvertedParams(params, name));
+
+        then(actionService).should().getActionDefinition(name);
+        then(actionService).shouldHaveNoMoreInteractions();
+        then(actionDefinition).shouldHaveNoInteractions();
+        then(dictionaryService).shouldHaveNoInteractions();
+        then(namespaceService).shouldHaveNoInteractions();
+    }
+
     @Test
     public void testInvalidActionDefinitionConversion() {
         final String invalidName = "dummy-definition";

remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionNodeParameterValidatorTest.java

@@ -0,0 +1,366 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.api.impl.validator.actions;
+
+import static org.alfresco.model.ContentModel.TYPE_CATEGORY;
+import static org.alfresco.model.ContentModel.TYPE_FOLDER;
+import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NOT_A_CATEGORY;
+import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NOT_A_FOLDER;
+import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.NO_PROPER_PERMISSIONS_FOR_NODE;
+import static org.alfresco.rest.api.impl.validator.actions.ActionNodeParameterValidator.REQUIRE_READ_PERMISSION_PARAMS;
+import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.CATEGORY;
+import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.NODE_REF;
+import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.TEXT;
+import static org.alfresco.service.cmr.repository.StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
+import static org.alfresco.service.namespace.NamespaceService.DEFAULT_PREFIX;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.junit.Assert.assertEquals;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.then;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.alfresco.repo.action.executer.CheckOutActionExecuter;
+import org.alfresco.repo.action.executer.CopyActionExecuter;
+import org.alfresco.repo.action.executer.ImageTransformActionExecuter;
+import org.alfresco.repo.action.executer.ImporterActionExecuter;
+import org.alfresco.repo.action.executer.LinkCategoryActionExecuter;
+import org.alfresco.repo.action.executer.MoveActionExecuter;
+import org.alfresco.repo.action.executer.SimpleWorkflowActionExecuter;
+import org.alfresco.repo.action.executer.TransformActionExecuter;
+import org.alfresco.rest.api.Actions;
+import org.alfresco.rest.api.Nodes;
+import org.alfresco.rest.api.model.ActionDefinition;
+import org.alfresco.rest.api.model.rules.Action;
+import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
+import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
+import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.cmr.security.PermissionService;
+import org.alfresco.service.namespace.NamespaceService;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+public class ActionNodeParameterValidatorTest
+{
+    private static final String READ_RIGHTS_REQUIRED_DEFINITION_ID = LinkCategoryActionExecuter.NAME;
+    private static final String CATEGORY_NODE_REF_PARAM = REQUIRE_READ_PERMISSION_PARAMS.get(READ_RIGHTS_REQUIRED_DEFINITION_ID).get(0);
+    private static final String DESTINATION_FOLDER_PARAM = "destination-folder";
+    private static final String NODE_ID = "node-id";
+    private static final String COPY_ACTION = CopyActionExecuter.NAME;
+
+    @Mock
+    private Actions actionsMock;
+    @Mock
+    private NamespaceService namespaceServiceMock;
+    @Mock
+    private Nodes nodesMock;
+    @Mock
+    private PermissionService permissionServiceMock;
+
+    @InjectMocks
+    private ActionNodeParameterValidator objectUnderTest;
+
+    @Test
+    public void testProperPermissionsForReadRights()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(READ_RIGHTS_REQUIRED_DEFINITION_ID);
+        action.setParams(Map.of(CATEGORY_NODE_REF_PARAM, NODE_ID));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(CATEGORY_NODE_REF_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+        final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
+        given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
+        given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
+        given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet())).willReturn(true);
+
+        //when
+        objectUnderTest.validate(action);
+
+        then(actionsMock).should().getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).should().validateNode(NODE_ID);
+        then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet());
+        then(nodesMock).shouldHaveNoMoreInteractions();
+        then(permissionServiceMock).should().hasReadPermission(nodeRef);
+        then(permissionServiceMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testNotEnoughPermissionsForReadRights()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(COPY_ACTION);
+        action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+        final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
+        given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
+        given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.DENIED);
+
+        //when
+        assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.validate(action));
+
+        then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).should().validateNode(NODE_ID);
+        then(nodesMock).shouldHaveNoMoreInteractions();
+        then(permissionServiceMock).should().hasReadPermission(nodeRef);
+        then(permissionServiceMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidateForNodeNotFound()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(COPY_ACTION);
+        action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+        given(nodesMock.validateNode(NODE_ID)).willThrow(EntityNotFoundException.class);
+
+        //when
+        assertThatExceptionOfType(EntityNotFoundException.class).isThrownBy(() -> objectUnderTest.validate(action));
+
+        then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).should().validateNode(NODE_ID);
+        then(nodesMock).shouldHaveNoMoreInteractions();
+        then(permissionServiceMock).shouldHaveNoInteractions();
+    }
+
+    @Test
+    public void testProperPermissionsForWriteRights()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(COPY_ACTION);
+        action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+        final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
+        given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
+        given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
+        given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.ALLOWED);
+        given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet())).willReturn(true);
+
+        //when
+        objectUnderTest.validate(action);
+
+        then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).should().validateNode(NODE_ID);
+        then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet());
+        then(nodesMock).shouldHaveNoMoreInteractions();
+        then(permissionServiceMock).should().hasReadPermission(nodeRef);
+        then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE);
+        then(permissionServiceMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testNotEnoughPermissionsForWriteRights()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(COPY_ACTION);
+        action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+        final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
+        given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
+        given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
+        given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.DENIED);
+
+        //when
+        assertThatExceptionOfType(PermissionDeniedException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(NO_PROPER_PERMISSIONS_FOR_NODE + NODE_ID);
+
+        then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).should().validateNode(NODE_ID);
+        then(nodesMock).shouldHaveNoMoreInteractions();
+        then(permissionServiceMock).should().hasReadPermission(nodeRef);
+        then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE);
+        then(permissionServiceMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testNoValidationExecutedForNonNodeRefParam()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(COPY_ACTION);
+        final String dummyParam = "dummyParam";
+        action.setParams(Map.of(dummyParam, "dummyValue"));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(dummyParam, TEXT.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+
+        //when
+        objectUnderTest.validate(action);
+
+        then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).shouldHaveNoInteractions();
+        then(permissionServiceMock).shouldHaveNoInteractions();
+    }
+
+    @Test
+    public void testWrongTypeOfNodeWhenFolderExpected()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(COPY_ACTION);
+        action.setParams(Map.of(DESTINATION_FOLDER_PARAM, NODE_ID));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(DESTINATION_FOLDER_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(COPY_ACTION, COPY_ACTION, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(COPY_ACTION)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+        final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
+        given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
+        given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
+        given(permissionServiceMock.hasPermission(nodeRef, PermissionService.WRITE)).willReturn(AccessStatus.ALLOWED);
+        given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet())).willReturn(false);
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(NOT_A_FOLDER + NODE_ID);
+
+        then(actionsMock).should().getRuleActionDefinitionById(COPY_ACTION);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).should().validateNode(NODE_ID);
+        then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_FOLDER), Collections.emptySet());
+        then(nodesMock).shouldHaveNoMoreInteractions();
+        then(permissionServiceMock).should().hasReadPermission(nodeRef);
+        then(permissionServiceMock).should().hasPermission(nodeRef, PermissionService.WRITE);
+        then(permissionServiceMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testWrongTypeOfNodeWhenCategoryExpected()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(READ_RIGHTS_REQUIRED_DEFINITION_ID);
+        action.setParams(Map.of(CATEGORY_NODE_REF_PARAM, NODE_ID));
+        ActionDefinition.ParameterDefinition parameterDef =
+                new ActionDefinition.ParameterDefinition(CATEGORY_NODE_REF_PARAM, NODE_REF.toPrefixString(), false, true, null, null);
+        final ActionDefinition actionDefinition =
+                new ActionDefinition(READ_RIGHTS_REQUIRED_DEFINITION_ID, READ_RIGHTS_REQUIRED_DEFINITION_ID, null, null, null, false, false,
+                        List.of(parameterDef));
+        given(actionsMock.getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID)).willReturn(actionDefinition);
+        given(namespaceServiceMock.getPrefixes(NODE_REF.getNamespaceURI())).willReturn(List.of(DEFAULT_PREFIX));
+        final NodeRef nodeRef = new NodeRef(STORE_REF_WORKSPACE_SPACESSTORE, NODE_ID);
+        given(nodesMock.validateNode(NODE_ID)).willReturn(nodeRef);
+        given(permissionServiceMock.hasReadPermission(nodeRef)).willReturn(AccessStatus.ALLOWED);
+        given(nodesMock.nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet())).willReturn(false);
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(NOT_A_CATEGORY + NODE_ID);
+
+        then(actionsMock).should().getRuleActionDefinitionById(READ_RIGHTS_REQUIRED_DEFINITION_ID);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+        then(namespaceServiceMock).should().getPrefixes(NODE_REF.getNamespaceURI());
+        then(namespaceServiceMock).shouldHaveNoMoreInteractions();
+        then(nodesMock).should().validateNode(NODE_ID);
+        then(nodesMock).should().nodeMatches(nodeRef, Set.of(TYPE_CATEGORY), Collections.emptySet());
+        then(nodesMock).shouldHaveNoMoreInteractions();
+        then(permissionServiceMock).should().hasReadPermission(nodeRef);
+        then(permissionServiceMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testGetDefinitionIds()
+    {
+        final List<String> expectedIds =
+                List.of(CopyActionExecuter.NAME, MoveActionExecuter.NAME, CheckOutActionExecuter.NAME, ImporterActionExecuter.NAME,
+                        LinkCategoryActionExecuter.NAME, SimpleWorkflowActionExecuter.NAME, TransformActionExecuter.NAME,
+                        ImageTransformActionExecuter.NAME);
+        final List<String> actualIds = objectUnderTest.getActionDefinitionIds();
+
+        assertEquals(expectedIds, actualIds);
+    }
+
+    @Test
+    public void testHasProperPriority()
+    {
+        final int expectedPriority = Integer.MIN_VALUE + 1;
+        final int actualPriority = objectUnderTest.getPriority();
+
+        assertEquals(expectedPriority, actualPriority);
+    }
+}

remote-api/src/test/java/org/alfresco/rest/api/impl/validator/actions/ActionParameterDefinitionValidatorTest.java

@@ -0,0 +1,279 @@
+/*
+ * #%L
+ * Alfresco Remote API
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.rest.api.impl.validator.actions;
+
+import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.EMPTY_ACTION_DEFINITION;
+import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.INVALID_ACTION_DEFINITION;
+import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.MISSING_PARAMETER;
+import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.MUST_NOT_CONTAIN_PARAMETER;
+import static org.alfresco.rest.api.impl.validator.actions.ActionParameterDefinitionValidator.PARAMS_SHOULD_NOT_BE_EMPTY;
+import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.BOOLEAN;
+import static org.alfresco.service.cmr.dictionary.DataTypeDefinition.TEXT;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.junit.Assert.assertEquals;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.BDDMockito.then;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.alfresco.rest.api.Actions;
+import org.alfresco.rest.api.model.ActionDefinition;
+import org.alfresco.rest.api.model.rules.Action;
+import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
+import org.alfresco.rest.framework.core.exceptions.NotFoundException;
+import org.alfresco.service.Experimental;
+import org.alfresco.service.namespace.QName;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+
+@Experimental
+@RunWith(MockitoJUnitRunner.class)
+public class ActionParameterDefinitionValidatorTest
+{
+    private static final String MANDATORY_PARAM_KEY = "paramKey";
+    private static final String NON_MANDATORY_PARAM_KEY = "nonMandatoryParamKey";
+
+    @Mock
+    private Actions actionsMock;
+
+    @InjectMocks
+    private ActionParameterDefinitionValidator objectUnderTest;
+
+    @Test
+    public void testSimpleValidationPasses()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue"));
+        final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
+                List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
+        final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        objectUnderTest.validate(action);
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationPassesWhenNoParametersNeeded()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, null);
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        objectUnderTest.validate(action);
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationPassesWhenNoMandatoryParametersNeeded()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        final ActionDefinition actionDefinition =
+                createActionDefinition(actionDefinitionId, List.of(createParameterDefinition(NON_MANDATORY_PARAM_KEY, TEXT, false, null)));
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        objectUnderTest.validate(action);
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationPassesWhenOptionalParametersNotProvided()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue"));
+        final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
+                List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null),
+                        createParameterDefinition(NON_MANDATORY_PARAM_KEY, BOOLEAN, false, null));
+        final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        objectUnderTest.validate(action);
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationFailsWhenTooManyParameters()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue", NON_MANDATORY_PARAM_KEY, false));
+        final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
+                List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
+        final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(String.format(MUST_NOT_CONTAIN_PARAMETER, actionDefinitionId, NON_MANDATORY_PARAM_KEY));
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationFailsWhenMissingParameters()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
+                List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
+        final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(String.format(PARAMS_SHOULD_NOT_BE_EMPTY, actionDefinitionId));
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationFailsWhenMissingParameterValue()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        final Map<String, java.io.Serializable> params = new HashMap<>();
+        params.put(MANDATORY_PARAM_KEY, null);
+        action.setParams(params);
+        final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
+                List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null));
+        final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(String.format(MISSING_PARAMETER, MANDATORY_PARAM_KEY));
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationFailsWhenMandatoryParameterIsMissing()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "properActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        action.setParams(Map.of(NON_MANDATORY_PARAM_KEY, true));
+        final List<ActionDefinition.ParameterDefinition> parameterDefinitions =
+                List.of(createParameterDefinition(MANDATORY_PARAM_KEY, TEXT, true, null),
+                        createParameterDefinition(NON_MANDATORY_PARAM_KEY, BOOLEAN, false, null));
+        final ActionDefinition actionDefinition = createActionDefinition(actionDefinitionId, parameterDefinitions);
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willReturn(actionDefinition);
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(String.format(MISSING_PARAMETER, MANDATORY_PARAM_KEY));
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testValidationFailsWhenActionWithNullActionDefinition()
+    {
+        final Action action = new Action();
+        action.setActionDefinitionId(null);
+        action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue"));
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(EMPTY_ACTION_DEFINITION);
+
+        then(actionsMock).shouldHaveNoInteractions();
+    }
+
+    @Test
+    public void testValidationFailsWhenNotApplicableActionDefinition()
+    {
+        final Action action = new Action();
+        final String actionDefinitionId = "notApplicableActionDefinition";
+        action.setActionDefinitionId(actionDefinitionId);
+        action.setParams(Map.of(MANDATORY_PARAM_KEY, "paramValue"));
+        given(actionsMock.getRuleActionDefinitionById(actionDefinitionId)).willThrow(NotFoundException.class);
+
+        //when
+        assertThatExceptionOfType(InvalidArgumentException.class).isThrownBy(() -> objectUnderTest.validate(action))
+                .withMessageContaining(String.format(INVALID_ACTION_DEFINITION, actionDefinitionId));
+
+        then(actionsMock).should().getRuleActionDefinitionById(actionDefinitionId);
+        then(actionsMock).shouldHaveNoMoreInteractions();
+    }
+
+    @Test
+    public void testHasProperPriority()
+    {
+        final int expectedPriority = Integer.MIN_VALUE;
+        final int actualPriority = objectUnderTest.getPriority();
+
+        assertEquals(expectedPriority, actualPriority);
+    }
+
+    private ActionDefinition createActionDefinition(final String actionDefinitionId,
+                                                    List<ActionDefinition.ParameterDefinition> parameterDefinitions)
+    {
+        return new ActionDefinition(actionDefinitionId, actionDefinitionId, "title", "description", Collections.emptyList(), false, false,
+                parameterDefinitions);
+    }
+
+    private ActionDefinition.ParameterDefinition createParameterDefinition(final String name, final QName qName, final boolean mandatory,
+                                                                           final String constraint)
+    {
+        return new ActionDefinition.ParameterDefinition(name, qName.toPrefixString(), false, mandatory, "label", constraint);
+    }
+
+}

remote-api/src/test/java/org/alfresco/rest/api/rules/NodeRuleSetsRelationTest.java

@@ -24,7 +24,7 @@
  * #L%
  */
 
-package org.alfresco.rest.api.nodes;
+package org.alfresco.rest.api.rules;
 
 import static org.mockito.BDDMockito.then;
 

remote-api/src/test/java/org/alfresco/rest/api/rules/NodeRulesRelationTest.java

@@ -24,7 +24,7 @@
  * #L%
  */
 
-package org.alfresco.rest.api.nodes;
+package org.alfresco.rest.api.rules;
 
 import static org.mockito.BDDMockito.then;
 

remote-api/src/test/java/org/alfresco/rest/api/tests/AuditAppTest.java

@@ -34,6 +34,9 @@ import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import java.net.URL;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.time.temporal.ChronoUnit;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -386,6 +389,7 @@ public class AuditAppTest extends AbstractSingleNetworkSiteTest
         AuditApp auditApp = auditAppsProxy.getAuditApp("alfresco-access");
 
         testGetAuditEntries(auditAppsProxy, auditApp);
+        testGetAuditEntriesWhereCreatedAt(auditAppsProxy, auditApp);
         testAuditEntriesSorting(auditAppsProxy, auditApp);
         testAuditEntriesWhereDate(auditAppsProxy, auditApp);
         testAuditEntriesWhereId(auditAppsProxy, auditApp);
@@ -396,6 +400,30 @@ public class AuditAppTest extends AbstractSingleNetworkSiteTest
         testDeleteAuditEntries(auditAppsProxy, auditApp);
     }
 
+    private void testGetAuditEntriesWhereCreatedAt(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception
+    {
+        // get "totalItems" for a specific time interval
+        Map<String, String> params = new HashMap<>();
+
+        final ZonedDateTime beginDate = ZonedDateTime.now().minusHours(1).truncatedTo(ChronoUnit.MINUTES);
+        final ZonedDateTime endDate = ZonedDateTime.now().truncatedTo(ChronoUnit.MINUTES);
+        params.put("where","(createdAt BETWEEN ('"+beginDate.format(DateTimeFormatter.ISO_OFFSET_DATE_TIME)+"' , '"+endDate.format(DateTimeFormatter.ISO_OFFSET_DATE_TIME)+"'))");
+
+        ListResponse<AuditEntry> auditEntries = auditAppsProxy.getAuditAppEntries(auditApp.getId(), params,
+                HttpServletResponse.SC_OK);
+        int totalItemsWithDefaultMaxSize = auditEntries.getPaging().getTotalItems();
+        assertTrue( totalItemsWithDefaultMaxSize > 1 );
+
+        // get "totalItems" for a specific time internal (with maxSize=1)
+        params.put("maxSize","1");
+        auditEntries = auditAppsProxy.getAuditAppEntries(auditApp.getId(), params,
+                HttpServletResponse.SC_OK);
+        int totalItemsWithMaxSize1 = auditEntries.getPaging().getTotalItems();
+
+        // number of "totalItems" must be the same, regardless maxSize
+        assertEquals(totalItemsWithMaxSize1, totalItemsWithDefaultMaxSize);
+    }
+
     private void testGetAuditEntries(AuditApps auditAppsProxy, AuditApp auditApp) throws Exception 
     {
         // Positive tests

remote-api/src/test/java/org/alfresco/rest/api/tests/client/data/Action.java

@@ -78,7 +78,7 @@ public class Action extends org.alfresco.rest.api.model.Action implements Serial
         String id = (String) jsonObject.get("id");
         String actionDefinitionId = (String) jsonObject.get("actionDefinitionId");
         String targetId = (String) jsonObject.get("targetId");
-        Map<String, String> params = (Map<String, String>) jsonObject.get("params");
+        Map<String, Object> params = (Map<String, Object>) jsonObject.get("params");
 
         Action action = new Action();
         action.setId(id);

repository/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.alfresco</groupId>
         <artifactId>alfresco-community-repo</artifactId>
-        <version>17.155</version>
+        <version>18.8</version>
     </parent>
 
     <dependencies>
@@ -236,7 +236,7 @@
         <dependency>
             <groupId>org.freemarker</groupId>
             <artifactId>freemarker</artifactId>
-            <version>2.3.20-alfresco-patched-20220413</version>
+            <version>2.3.31-alfresco-patched</version>
         </dependency>
         <dependency>
             <groupId>org.apache.xmlbeans</groupId>
@@ -300,8 +300,8 @@
         </dependency>
         <dependency>
             <groupId>org.apache.poi</groupId>
-            <artifactId>ooxml-schemas</artifactId>
-            <version>${dependency.ooxml-schemas.version}</version>
+            <artifactId>poi-ooxml-lite</artifactId>
+            <version>${dependency.poi-ooxml-lite.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.poi</groupId>

repository/src/main/java/org/alfresco/repo/audit/AuditComponent.java

@@ -272,4 +272,16 @@ public interface AuditComponent
     {
         return -1;
     }
+
+    /**
+     * Issue an audit query to retrieve count of records for a given application and properties
+     *
+     * @param applicationName             the name of the application
+     * @param parameters                  audit parameters provided by the <code>where</code> clause on the ReST API
+     * @return                            a map containing min/max and the associated value
+     */
+    default int getAuditEntriesCountByAppAndProperties(String applicationName, AuditQueryParameters parameters)
+    {
+        return -1;
+    }
 }

repository/src/main/java/org/alfresco/repo/audit/AuditComponentImpl.java

@@ -955,4 +955,11 @@ public class AuditComponentImpl implements AuditComponent
 
         return auditDAO.getAuditEntriesCountByApp(applicationId);
     }
+
+    @Override public int getAuditEntriesCountByAppAndProperties(String applicationName, AuditQueryParameters parameters)
+    {
+        org.alfresco.repo.domain.audit.AuditQueryParameters dbParameters = new org.alfresco.repo.domain.audit.AuditQueryParameters();
+
+        return auditDAO.getAuditEntriesCountByAppAndProperties(applicationName, parameters);
+    }
 }

repository/src/main/java/org/alfresco/repo/audit/AuditServiceImpl.java

@@ -186,4 +186,12 @@ public class AuditServiceImpl implements AuditService
     {
         return auditComponent.getAuditEntriesCountByApp(applicationName);
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override public int getAuditEntriesCountByAppAndProperties(String applicationName, AuditQueryParameters parameters)
+    {
+        return auditComponent.getAuditEntriesCountByAppAndProperties(applicationName, parameters);
+    }
 }

repository/src/main/java/org/alfresco/repo/content/transform/RemoteTransformerClient.java

@@ -25,6 +25,10 @@
  */
 package org.alfresco.repo.content.transform;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.StringJoiner;
+
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.service.cmr.repository.ContentReader;
 import org.alfresco.service.cmr.repository.ContentWriter;
@@ -44,9 +48,6 @@ import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.util.EntityUtils;
 
-import java.io.IOException;
-import java.util.StringJoiner;
-
 /**
  * Client class that transfers content (from a ContentReader) to a remote transformation agent together with
  * request parameters that will be used to transform the content. The transformed content is then returned and
@@ -86,44 +87,33 @@ public class RemoteTransformerClient
     }
 
     public void request(ContentReader reader, ContentWriter writer, String sourceMimetype, String sourceExtension,
-                        String targetExtension, long timeoutMs, Log logger, String... args)
+            String targetExtension, long timeoutMs, Log logger, String... args)
     {
+
         if (args.length % 2 != 0)
         {
             throw new IllegalArgumentException("There should be a value for each request property");
         }
 
         StringJoiner sj = new StringJoiner(" ");
-        HttpEntity reqEntity = getRequestEntity(reader, sourceMimetype, sourceExtension, targetExtension, timeoutMs, args, sj);
 
-        request(logger, sourceExtension, targetExtension, reqEntity, writer, sj.toString());
+        try (InputStream contentStream = reader.getContentInputStream())
+        {
+            HttpEntity reqEntity = getRequestEntity(contentStream, sourceMimetype, sourceExtension, targetExtension, timeoutMs,
+                    args, sj);
+
+            request(logger, sourceExtension, targetExtension, reqEntity, writer, sj.toString());
+        }
+        catch (IOException e)
+        {
+            throw new AlfrescoRuntimeException("Failed to read content from reader", e);
+        }
     }
 
-    HttpEntity getRequestEntity(ContentReader reader, String sourceMimetype, String sourceExtension,
-                                        String targetExtension, long timeoutMs, String[] args, StringJoiner sj)
+    HttpEntity getRequestEntity(ContentReader reader, String sourceMimetype, String sourceExtension, String targetExtension,
+            long timeoutMs, String[] args, StringJoiner sj)
     {
-        MultipartEntityBuilder builder = MultipartEntityBuilder.create();
-        ContentType contentType = ContentType.create(sourceMimetype);
-        builder.addBinaryBody("file", reader.getContentInputStream(), contentType, "tmp."+sourceExtension);
-        builder.addTextBody("targetExtension", targetExtension);
-        sj.add("targetExtension" + '=' + targetExtension);
-        for (int i=0; i< args.length; i+=2)
-        {
-            if (args[i+1] != null)
-            {
-                builder.addTextBody(args[i], args[i + 1]);
-
-                sj.add(args[i] + '=' + args[i + 1]);
-            }
-        }
-
-        if (timeoutMs > 0)
-        {
-            String timeoutMsString = Long.toString(timeoutMs);
-            builder.addTextBody("timeout", timeoutMsString);
-            sj.add("timeout=" + timeoutMsString);
-        }
-        return builder.build();
+        return getRequestEntity(reader.getContentInputStream(), sourceMimetype, sourceExtension, targetExtension, timeoutMs, args, sj);
     }
 
     void request(Log logger, String sourceExtension, String targetExtension, HttpEntity reqEntity, ContentWriter writer, String args)
@@ -331,6 +321,33 @@ public class RemoteTransformerClient
         return httpclient.execute(httpGet);
     }
 
+    private HttpEntity getRequestEntity(InputStream contentStream, String sourceMimetype, String sourceExtension,
+            String targetExtension, long timeoutMs, String[] args, StringJoiner sj)
+    {
+        MultipartEntityBuilder builder = MultipartEntityBuilder.create();
+        ContentType contentType = ContentType.create(sourceMimetype);
+        builder.addBinaryBody("file", contentStream, contentType, "tmp." + sourceExtension);
+        builder.addTextBody("targetExtension", targetExtension);
+        sj.add("targetExtension" + '=' + targetExtension);
+        for (int i = 0; i < args.length; i += 2)
+        {
+            if (args[i + 1] != null)
+            {
+                builder.addTextBody(args[i], args[i + 1]);
+
+                sj.add(args[i] + '=' + args[i + 1]);
+            }
+        }
+
+        if (timeoutMs > 0)
+        {
+            String timeoutMsString = Long.toString(timeoutMs);
+            builder.addTextBody("timeout", timeoutMsString);
+            sj.add("timeout=" + timeoutMsString);
+        }
+        return builder.build();
+    }
+
     // Strip out just the error message in the response
     private String getErrorMessage(HttpEntity resEntity) throws IOException
     {

repository/src/main/java/org/alfresco/repo/domain/audit/AbstractAuditDAOImpl.java

@@ -1,28 +1,28 @@
-/*
- * #%L
- * Alfresco Repository
- * %%
- * Copyright (C) 2005 - 2016 Alfresco Software Limited
- * %%
- * This file is part of the Alfresco software. 
- * If the software was purchased under a paid Alfresco license, the terms of 
- * the paid license agreement will prevail.  Otherwise, the software is 
- * provided under the following open source license terms:
- * 
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- * 
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- * 
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- * #L%
- */
+/*
+ * #%L
+ * Alfresco Repository
+ * %%
+ * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software. 
+ * If the software was purchased under a paid Alfresco license, the terms of 
+ * the paid license agreement will prevail.  Otherwise, the software is 
+ * provided under the following open source license terms:
+ * 
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
 package org.alfresco.repo.domain.audit;
 
 import java.io.IOException;
@@ -452,37 +452,86 @@ public abstract class AbstractAuditDAOImpl implements AuditDAO
             org.alfresco.service.cmr.audit.AuditQueryParameters parameters,
             int maxResults)
     {
-        String searchKey = null;
-        Serializable searchValue = null;
-        if (parameters.getSearchKeyValues().size() > 0)
-        {
-            // Only handle one pair for now
-            Pair<String, Serializable> searchKeyValue = parameters.getSearchKeyValues().get(0);
-            searchKey = searchKeyValue.getFirst();
-            searchValue = searchKeyValue.getSecond();
-        }
-        
         AuditQueryRowHandler rowHandler = new AuditQueryRowHandler(callback);
         findAuditEntries(
                 rowHandler,
-                parameters.isForward(),
-                parameters.getApplicationName(),
-                parameters.getUser(),
-                parameters.getFromId(),
-                parameters.getToId(),
-                parameters.getFromTime(),
-                parameters.getToTime(),
                 maxResults,
-                searchKey,
-                searchValue);
+                parameters);
     }
     
     protected abstract void findAuditEntries(
             AuditQueryRowHandler rowHandler,
-            boolean forward,
-            String applicationName, String user,
-            Long fromId, Long toId,
-            Long fromTime, Long toTime,
             int maxResults,
-            String searchKey, Serializable searchValue);
+            org.alfresco.service.cmr.audit.AuditQueryParameters restParameters);
+
+    protected AuditQueryParameters convertFromRestAuditQueryParameters(org.alfresco.service.cmr.audit.AuditQueryParameters restParameters)
+    {
+        AuditQueryParameters dbParameters = new AuditQueryParameters();
+
+        String appName = restParameters.getApplicationName();
+        if (appName != null)
+        {
+            // Look up the application's ID (this is unique)
+            Pair<Long, Serializable> appNamePair = propertyValueDAO.getPropertyValue(appName);
+            if (appNamePair == null)
+            {
+                // No such value
+                return null;
+            }
+            dbParameters.setAuditAppNameId(appNamePair.getFirst());
+        }
+
+        String user = restParameters.getUser();
+        if (user != null)
+        {
+            // Look up the application's ID (this is unique)
+            Pair<Long, Serializable> userPair = propertyValueDAO.getPropertyValue(user);
+            if (userPair == null)
+            {
+                // No such value
+                return null;
+            }
+            dbParameters.setAuditUserId(userPair.getFirst());
+        }
+
+        dbParameters.setAuditFromId(restParameters.getFromId());
+        dbParameters.setAuditToId(restParameters.getToId());
+        dbParameters.setAuditFromTime(restParameters.getFromTime());
+        dbParameters.setAuditToTime(restParameters.getToTime());
+
+        String searchKey = null;
+        Serializable searchValue = null;
+        if (restParameters.getSearchKeyValues().size() > 0)
+        {
+            // Only handle one pair for now
+            Pair<String, Serializable> searchKeyValue = restParameters.getSearchKeyValues().get(0);
+            searchKey = searchKeyValue.getFirst();
+            searchValue = searchKeyValue.getSecond();
+        }
+        if (searchKey != null)
+        {
+            // Look up the ID of the search key
+            Pair<Long, Serializable> searchKeyPair = propertyValueDAO.getPropertyValue(searchKey);
+            if (searchKeyPair == null)
+            {
+                // No such value
+                return null;
+            }
+            dbParameters.setSearchKeyId(searchKeyPair.getFirst());
+        }
+        if (searchValue != null)
+        {
+            // Look up the ID of the search key
+            Pair<Long, Serializable> searchValuePair = propertyValueDAO.getPropertyValue(searchValue);
+            if (searchValuePair == null)
+            {
+                // No such value
+                return null;
+            }
+            dbParameters.setSearchValueId(searchValuePair.getFirst());
+        }
+        dbParameters.setForward(restParameters.isForward());
+
+        return dbParameters;
+    }
 }

repository/src/main/java/org/alfresco/repo/domain/audit/AuditDAO.java

@@ -244,4 +244,16 @@ public interface AuditDAO
     {
         return -1;
     }
+
+    /**
+     * Issue an audit query to retrieve count of records for a given application and properties
+     *
+     * @param applicationName   name of the application to be queried
+     * @param parameters        audit parameters provided by the <code>where</code> clause on the ReST API
+     * @return                  a map containing min/max and the associated value
+     */
+    default int getAuditEntriesCountByAppAndProperties(String applicationName, org.alfresco.service.cmr.audit.AuditQueryParameters parameters)
+    {
+        return -1;
+    }
 }

repository/src/main/java/org/alfresco/repo/domain/audit/ibatis/AuditDAOImpl.java

@@ -66,6 +66,7 @@ public class AuditDAOImpl extends AbstractAuditDAOImpl
     private static final String INSERT_ENTRY = "alfresco.audit.insert.insert_AuditEntry";
     private static final String SELECT_MINMAX_ENTRY_FOR_APP = "alfresco.audit.select_MinMaxAuditEntryId";
     private static final String SELECT_COUNT_ENTRIES_FOR_APP = "alfresco.audit.select_CountAuditEntryId";
+    private static final String SELECT_COUNT_ENTRIES_FOR_APP_WITH_PROPERTIES = "select_CountAuditEntryIdWithWhereClause";
     
     @SuppressWarnings("unused")
     private static final String SELECT_ENTRIES_SIMPLE = "alfresco.audit.select_AuditEntriesSimple";
@@ -235,68 +236,29 @@ public class AuditDAOImpl extends AbstractAuditDAOImpl
         return result;
     }
 
+    @Override
+    public int getAuditEntriesCountByAppAndProperties(String applicationName, org.alfresco.service.cmr.audit.AuditQueryParameters parameters)
+    {
+        AuditQueryParameters dbParameters = convertFromRestAuditQueryParameters(parameters);
+
+        int result = template.selectOne(SELECT_COUNT_ENTRIES_FOR_APP_WITH_PROPERTIES, dbParameters);
+
+        return result;
+    }
+
     @SuppressWarnings("unchecked")
     @Override
     protected void findAuditEntries(
             final AuditQueryRowHandler rowHandler,
-            boolean forward,
-            String appName, String user,
-            Long fromId, Long toId,
-            Long fromTime, Long toTime,
             int maxResults,
-            String searchKey, Serializable searchValue)
+            org.alfresco.service.cmr.audit.AuditQueryParameters restParameters)
     {
-        AuditQueryParameters params = new AuditQueryParameters();
-        if (appName != null)
+        AuditQueryParameters params = convertFromRestAuditQueryParameters(restParameters);
+        if (params==null)
         {
-            // Look up the application's ID (this is unique)
-            Pair<Long, Serializable> appNamePair = propertyValueDAO.getPropertyValue(appName);
-            if (appNamePair == null)
-            {
-                // No such value
-                return;
-            }
-            params.setAuditAppNameId(appNamePair.getFirst());
+            return;
         }
-        if (user != null)
-        {
-            // Look up the application's ID (this is unique)
-            Pair<Long, Serializable> userPair = propertyValueDAO.getPropertyValue(user);
-            if (userPair == null)
-            {
-                // No such value
-                return;
-            }
-            params.setAuditUserId(userPair.getFirst());
-        }
-        params.setAuditFromId(fromId);
-        params.setAuditToId(toId);
-        params.setAuditFromTime(fromTime);
-        params.setAuditToTime(toTime);
-        if (searchKey != null)
-        {
-            // Look up the ID of the search key
-            Pair<Long, Serializable> searchKeyPair = propertyValueDAO.getPropertyValue(searchKey);
-            if (searchKeyPair == null)
-            {
-                // No such value
-                return;
-            }
-            params.setSearchKeyId(searchKeyPair.getFirst());
-        }
-        if (searchValue != null)
-        {
-            // Look up the ID of the search key
-            Pair<Long, Serializable> searchValuePair = propertyValueDAO.getPropertyValue(searchValue);
-            if (searchValuePair == null)
-            {
-                // No such value
-                return;
-            }
-            params.setSearchValueId(searchValuePair.getFirst());
-        }
-        params.setForward(forward);
-        
+
         if (maxResults > 0)
         {
             // Query without getting the values.  We gather all the results and batch-fetch the audited

repository/src/main/java/org/alfresco/repo/jscript/AlfrescoContextFactory.java

@@ -0,0 +1,201 @@
+/*
+ * #%L
+ * Alfresco Repository
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software. 
+ * If the software was purchased under a paid Alfresco license, the terms of 
+ * the paid license agreement will prevail.  Otherwise, the software is 
+ * provided under the following open source license terms:
+ * 
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco.repo.jscript;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.mozilla.javascript.Callable;
+import org.mozilla.javascript.Context;
+import org.mozilla.javascript.ContextFactory;
+import org.mozilla.javascript.Scriptable;
+
+/**
+ * Custom factory that allows to apply configured limits during script executions
+ * 
+ * @see ContextFactory
+ */
+public class AlfrescoContextFactory extends ContextFactory
+{
+    private static final Log LOGGER = LogFactory.getLog(AlfrescoContextFactory.class);
+
+    private int optimizationLevel = -1;
+    private int maxScriptExecutionSeconds = -1;
+    private int maxStackDepth = -1;
+    private long maxMemoryUsedInBytes = -1L;
+    private int observeInstructionCount = -1;
+
+    private AlfrescoScriptThreadMxBeanWrapper threadMxBeanWrapper;
+
+    private final int INTERPRETIVE_MODE = -1;
+
+    @Override
+    protected Context makeContext()
+    {
+        AlfrescoScriptContext context = new AlfrescoScriptContext();
+
+        context.setOptimizationLevel(optimizationLevel);
+
+        // Needed for both time and memory measurement
+        if (maxScriptExecutionSeconds > 0 || maxMemoryUsedInBytes > 0L)
+        {
+            if (observeInstructionCount > 0)
+            {
+                LOGGER.info("Enabling observer count...");
+                context.setGenerateObserverCount(true);
+                context.setInstructionObserverThreshold(observeInstructionCount);
+            }
+            else
+            {
+                LOGGER.info("Disabling observer count...");
+                context.setGenerateObserverCount(false);
+            }
+        }
+
+        // Memory limit
+        if (maxMemoryUsedInBytes > 0)
+        {
+            context.setThreadId(Thread.currentThread().getId());
+        }
+
+        // Max stack depth
+        if (maxStackDepth > 0)
+        {
+            if (optimizationLevel != INTERPRETIVE_MODE)
+            {
+                LOGGER.warn("Changing optimization level from " + optimizationLevel + " to " + INTERPRETIVE_MODE);
+            }
+            // stack depth can only be set when no optimizations are applied
+            context.setOptimizationLevel(INTERPRETIVE_MODE);
+            context.setMaximumInterpreterStackDepth(maxStackDepth);
+        }
+
+        return context;
+    }
+
+    @Override
+    protected void observeInstructionCount(Context cx, int instructionCount)
+    {
+        AlfrescoScriptContext acx = (AlfrescoScriptContext) cx;
+
+        if (acx.isLimitsEnabled())
+        {
+            // Time limit
+            if (maxScriptExecutionSeconds > 0)
+            {
+                long currentTime = System.currentTimeMillis();
+                if (currentTime - acx.getStartTime() > maxScriptExecutionSeconds * 1000)
+                {
+                    throw new Error("Maximum script time of " + maxScriptExecutionSeconds + " seconds exceeded");
+                }
+            }
+
+            // Memory
+            if (maxMemoryUsedInBytes > 0 && threadMxBeanWrapper != null && threadMxBeanWrapper.isThreadAllocatedMemorySupported())
+            {
+
+                if (acx.getStartMemory() <= 0)
+                {
+                    acx.setStartMemory(threadMxBeanWrapper.getThreadAllocatedBytes(acx.getThreadId()));
+                }
+                else
+                {
+                    long currentAllocatedBytes = threadMxBeanWrapper.getThreadAllocatedBytes(acx.getThreadId());
+                    if (currentAllocatedBytes - acx.getStartMemory() >= maxMemoryUsedInBytes)
+                    {
+                        throw new Error("Memory limit of " + maxMemoryUsedInBytes + " bytes reached");
+                    }
+                }
+            }
+        }
+    }
+
+    @Override
+    protected Object doTopCall(Callable callable, Context cx, Scriptable scope, Scriptable thisObj, Object[] args)
+    {
+        AlfrescoScriptContext acx = (AlfrescoScriptContext) cx;
+        acx.setStartTime(System.currentTimeMillis());
+        return super.doTopCall(callable, cx, scope, thisObj, args);
+    }
+
+    public int getOptimizationLevel()
+    {
+        return optimizationLevel;
+    }
+
+    public void setOptimizationLevel(int optimizationLevel)
+    {
+        this.optimizationLevel = optimizationLevel;
+    }
+
+    public int getMaxScriptExecutionSeconds()
+    {
+        return maxScriptExecutionSeconds;
+    }
+
+    public void setMaxScriptExecutionSeconds(int maxScriptExecutionSeconds)
+    {
+        this.maxScriptExecutionSeconds = maxScriptExecutionSeconds;
+    }
+
+    public int getMaxStackDepth()
+    {
+        return maxStackDepth;
+    }
+
+    public void setMaxStackDepth(int maxStackDepth)
+    {
+        this.maxStackDepth = maxStackDepth;
+    }
+
+    public long getMaxMemoryUsedInBytes()
+    {
+        return maxMemoryUsedInBytes;
+    }
+
+    public void setMaxMemoryUsedInBytes(long maxMemoryUsedInBytes)
+    {
+        this.maxMemoryUsedInBytes = maxMemoryUsedInBytes;
+        if (maxMemoryUsedInBytes > 0)
+        {
+            this.threadMxBeanWrapper = new AlfrescoScriptThreadMxBeanWrapper();
+            if (!threadMxBeanWrapper.isThreadAllocatedMemorySupported())
+            {
+                LOGGER.warn("com.sun.management.ThreadMXBean was not found on the classpath. "
+                        + "This means that the limiting the memory usage for a script will NOT work.");
+            }
+        }
+    }
+
+    public int getObserveInstructionCount()
+    {
+        return observeInstructionCount;
+    }
+
+    public void setObserveInstructionCount(int observeInstructionCount)
+    {
+        this.observeInstructionCount = observeInstructionCount;
+    }
+}

repository/src/main/java/org/alfresco/repo/jscript/AlfrescoScriptContext.java

@@ -0,0 +1,81 @@
+/*
+ * #%L
+ * Alfresco Repository
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software. 
+ * If the software was purchased under a paid Alfresco license, the terms of 
+ * the paid license agreement will prevail.  Otherwise, the software is 
+ * provided under the following open source license terms:
+ * 
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco.repo.jscript;
+
+import org.mozilla.javascript.Context;
+
+/**
+ * Custom Rhino context that holds data as start time and memory
+ * 
+ * @see Context
+ */
+public class AlfrescoScriptContext extends Context
+{
+    private long startTime;
+    private long threadId;
+    private long startMemory;
+    private boolean limitsEnabled = false;
+
+    public long getStartTime()
+    {
+        return startTime;
+    }
+
+    public void setStartTime(long startTime)
+    {
+        this.startTime = startTime;
+    }
+
+    public long getThreadId()
+    {
+        return threadId;
+    }
+
+    public void setThreadId(long threadId)
+    {
+        this.threadId = threadId;
+    }
+
+    public long getStartMemory()
+    {
+        return startMemory;
+    }
+
+    public void setStartMemory(long startMemory)
+    {
+        this.startMemory = startMemory;
+    }
+
+    public boolean isLimitsEnabled()
+    {
+        return limitsEnabled;
+    }
+
+    public void setLimitsEnabled(boolean limitsEnabled)
+    {
+        this.limitsEnabled = limitsEnabled;
+    }
+}

repository/src/main/java/org/alfresco/repo/jscript/AlfrescoScriptThreadMxBeanWrapper.java

@@ -0,0 +1,78 @@
+/*
+ * #%L
+ * Alfresco Repository
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software. 
+ * If the software was purchased under a paid Alfresco license, the terms of 
+ * the paid license agreement will prevail.  Otherwise, the software is 
+ * provided under the following open source license terms:
+ * 
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco.repo.jscript;
+
+import java.lang.management.ManagementFactory;
+import java.lang.management.ThreadMXBean;
+
+/**
+ * Allows to monitor memory usage
+ */
+public class AlfrescoScriptThreadMxBeanWrapper
+{
+
+    private ThreadMXBean threadMXBean = null;
+    private boolean threadAllocatedMemorySupported = false;
+
+    private final String THREAD_MX_BEAN_SUN = "com.sun.management.ThreadMXBean";
+
+    public AlfrescoScriptThreadMxBeanWrapper()
+    {
+        checkThreadAllocatedMemory();
+    }
+
+    public long getThreadAllocatedBytes(long threadId)
+    {
+        if (threadMXBean != null && threadAllocatedMemorySupported)
+        {
+            return ((com.sun.management.ThreadMXBean) threadMXBean).getThreadAllocatedBytes(threadId);
+        }
+
+        return -1;
+    }
+
+    public void checkThreadAllocatedMemory()
+    {
+        try
+        {
+            Class<?> clazz = Class.forName(THREAD_MX_BEAN_SUN);
+            if (clazz != null)
+            {
+                this.threadAllocatedMemorySupported = true;
+                this.threadMXBean = (com.sun.management.ThreadMXBean) ManagementFactory.getThreadMXBean();
+            }
+        }
+        catch (Exception e)
+        {
+            this.threadAllocatedMemorySupported = false;
+        }
+    }
+
+    public boolean isThreadAllocatedMemorySupported()
+    {
+        return threadAllocatedMemorySupported;
+    }
+}

repository/src/main/java/org/alfresco/repo/jscript/RhinoScriptProcessor.java

@@ -57,10 +57,12 @@ import org.alfresco.service.namespace.QName;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.mozilla.javascript.Context;
+import org.mozilla.javascript.ContextFactory;
 import org.mozilla.javascript.ImporterTopLevel;
 import org.mozilla.javascript.Script;
 import org.mozilla.javascript.Scriptable;
-import org.mozilla.javascript.ScriptableObject;
+import org.mozilla.javascript.ScriptableObject;
+import org.mozilla.javascript.Undefined;
 import org.mozilla.javascript.WrapFactory;
 import org.mozilla.javascript.WrappedException;
 import org.springframework.beans.factory.InitializingBean;
@@ -108,7 +110,24 @@ public class RhinoScriptProcessor extends BaseProcessor implements ScriptProcess
     /** Cache of runtime compiled script instances */
     private final Map<String, Script> scriptCache = new ConcurrentHashMap<String, Script>(256);
     
-    
+    /** Rhino optimization level */
+    private int optimizationLevel = -1;
+
+    /** Maximum seconds a script is allowed to run */
+    private int maxScriptExecutionSeconds = -1;
+
+    /** Maximum of call stack depth (in terms of number of call frames) */
+    private int maxStackDepth = -1;
+
+    /** Maximum memory (bytes) a script can use */
+    private long maxMemoryUsedInBytes = -1L;
+
+    /** Number of (bytecode) instructions that will trigger the observer */
+    private int observerInstructionCount = 100;
+
+    /** Custom context factory */
+    public static AlfrescoContextFactory contextFactory;
+
     /**
      * Set the default store reference
      * 
@@ -143,6 +162,51 @@ public class RhinoScriptProcessor extends BaseProcessor implements ScriptProcess
     {
         this.shareSealedScopes = shareSealedScopes;
     }
+
+    /**
+     * @param optimizationLevel
+     *            -1 interpretive mode, 0 no optimizations, 1-9 optimizations performed
+     */
+    public void setOptimizationLevel(int optimizationLevel)
+    {
+        this.optimizationLevel = optimizationLevel;
+    }
+
+    /**
+     * @param maxScriptExecutionSeconds
+     *            the number of seconds a script is allowed to run
+     */
+    public void setMaxScriptExecutionSeconds(int maxScriptExecutionSeconds)
+    {
+        this.maxScriptExecutionSeconds = maxScriptExecutionSeconds;
+    }
+
+    /**
+     * @param maxStackDepth
+     *            the number of call stack depth allowed
+     */
+    public void setMaxStackDepth(int maxStackDepth)
+    {
+        this.maxStackDepth = maxStackDepth;
+    }
+
+    /**
+     * @param maxMemoryUsedInBytes
+     *            the number of memory a script can use
+     */
+    public void setMaxMemoryUsedInBytes(long maxMemoryUsedInBytes)
+    {
+        this.maxMemoryUsedInBytes = maxMemoryUsedInBytes;
+    }
+
+    /**
+     * @param observerInstructionCount
+     *            the number of instructions that will trigger {@link ContextFactory#observeInstructionCount}
+     */
+    public void setObserverInstructionCount(int observerInstructionCount)
+    {
+        this.observerInstructionCount = observerInstructionCount;
+    }
 
     /**
      * @see org.alfresco.service.cmr.repository.ScriptProcessor#reset()
@@ -449,6 +513,8 @@ public class RhinoScriptProcessor extends BaseProcessor implements ScriptProcess
     private Object executeScriptImpl(Script script, Map<String, Object> model, boolean secure, String debugScriptName)
         throws AlfrescoRuntimeException
     {
+        Scriptable scope = null;
+
         long startTime = 0;
         if (callLogger.isDebugEnabled())
         {
@@ -465,14 +531,16 @@ public class RhinoScriptProcessor extends BaseProcessor implements ScriptProcess
             // Create a thread-specific scope from one of the shared scopes.
             // See http://www.mozilla.org/rhino/scopes.html
             cx.setWrapFactory(secure ? wrapFactory : sandboxFactory);
-            Scriptable scope;
+
+            // Enables or disables execution limits based on secure flag
+            enableLimits(cx, secure);
+
             if (this.shareSealedScopes)
             {
                 Scriptable sharedScope = secure ? this.nonSecureScope : this.secureScope;
                 scope = cx.newObject(sharedScope);
                 scope.setPrototype(sharedScope);
                 scope.setParentScope(null);
-
             }
             else
             {
@@ -545,7 +613,8 @@ public class RhinoScriptProcessor extends BaseProcessor implements ScriptProcess
             throw new AlfrescoRuntimeException(err.getMessage(), err);
         }
         finally
-        {
+        {
+            unsetScope(model, scope);
             Context.exit();
             
             if (callLogger.isDebugEnabled())
@@ -638,6 +707,9 @@ public class RhinoScriptProcessor extends BaseProcessor implements ScriptProcess
      */
     public void afterPropertiesSet() throws Exception
     {
+        // Initialize context factory
+        initContextFactory();
+
         // Initialize the secure scope
         Context cx = Context.enter();
         try
@@ -695,4 +767,129 @@ public class RhinoScriptProcessor extends BaseProcessor implements ScriptProcess
         }
         return scope;
     }
+
+    /**
+     * Clean supplied scope and unset it from any model instance where it has been injected before
+     *
+     * @param model
+     *            Data model containing objects from where scope will be unset
+     * @param scope
+     *            The scope to clean
+     */
+    private void unsetScope(Map<String, Object> model, Scriptable scope)
+    {
+        if (scope != null)
+        {
+            Object[] ids = scope.getIds();
+            if (ids != null)
+            {
+                for (Object id : ids)
+                {
+                    try
+                    {
+                        deleteProperty(scope, id.toString());
+                    }
+                    catch (Exception e)
+                    {
+                        logger.info("Unable to delete id: " + id, e);
+                    }
+                }
+            }
+        }
+
+        if (model != null)
+        {
+            for (String key : model.keySet())
+            {
+                try
+                {
+                    deleteProperty(scope, key);
+
+                    Object obj = model.get(key);
+                    if (obj instanceof Scopeable)
+                    {
+                        ((Scopeable) obj).setScope(null);
+                    }
+                }
+                catch (Exception e)
+                {
+                    logger.info("Unable to unset model object " + key + " : ", e);
+                }
+            }
+        }
+    }
+
+    /**
+     * Deletes a property from the supplied scope, if property is not removable, then is set to null
+     *
+     * @param scope
+     *            the scope object from where property will be removed
+     * @param name
+     *            the property name to delete
+     */
+    private void deleteProperty(Scriptable scope, String name)
+    {
+        if (scope != null && name != null)
+        {
+            if (!ScriptableObject.deleteProperty(scope, name))
+            {
+                ScriptableObject.putProperty(scope, name, null);
+            }
+            scope.delete(name);
+        }
+    }
+
+    /**
+     * Initializes the context factory with limits configuration
+     */
+    private synchronized void initContextFactory()
+    {
+        if (contextFactory == null)
+        {
+            contextFactory = new AlfrescoContextFactory();
+            contextFactory.setOptimizationLevel(optimizationLevel);
+
+            if (maxScriptExecutionSeconds > 0)
+            {
+                contextFactory.setMaxScriptExecutionSeconds(maxScriptExecutionSeconds);
+            }
+
+            if (maxMemoryUsedInBytes > 0L)
+            {
+                contextFactory.setMaxMemoryUsedInBytes(maxMemoryUsedInBytes);
+            }
+
+            if (maxStackDepth > 0)
+            {
+                contextFactory.setMaxStackDepth(maxStackDepth);
+            }
+
+            if (maxScriptExecutionSeconds > 0 || maxMemoryUsedInBytes > 0L)
+            {
+                contextFactory.setObserveInstructionCount(observerInstructionCount);
+            }
+
+            ContextFactory.initGlobal(contextFactory);
+        }
+    }
+
+    /**
+     * If script is considered secure no limits will be applied, otherwise, the limits are enabled and the script can be
+     * interrupted in case a limit has been reached.
+     *
+     * @param cx
+     *            the Rhino scope
+     * @param secure
+     *            true if script execution is considered secure (e.g, deployed at classpath level)
+     */
+    private void enableLimits(Context cx, boolean secure)
+    {
+        if (cx != null)
+        {
+            if (cx instanceof AlfrescoScriptContext)
+            {
+                ((AlfrescoScriptContext) cx).setLimitsEnabled(!secure);
+            }
+        }
+    }
 }

repository/src/main/java/org/alfresco/repo/search/impl/solr/SolrJSONResultSet.java

@@ -267,7 +267,11 @@ public class SolrJSONResultSet implements SearchEngineResultSet {
                         ArrayList<Pair<String, Integer>> facetValues = new ArrayList<Pair<String, Integer>>(facetArraySize/2);
                         for(int i = 0; i < facetArraySize; i+=2)
                         {
-                            String facetEntryName = facets.getString(i);
+                            String facetEntryName = "Null";
+                            if(!facets.isNull(i))
+                            {
+                                facetEntryName = facets.getString(i);
+                            }
                             Integer facetEntryCount = Integer.valueOf(facets.getInt(i+1));
                             Pair<String, Integer> pair = new Pair<String, Integer>(facetEntryName, facetEntryCount);
                             facetValues.add(pair);

repository/src/main/java/org/alfresco/service/cmr/audit/AuditService.java

@@ -252,4 +252,16 @@ public interface AuditService
     {
         return -1;
     }
+
+    /**
+     * Issue an audit query to retrieve min / max audit record id for a given application and properties
+     *
+     * @param applicationName               the name of the application
+     * @param parameters                    audit parameters provided by the <code>where</code> clause on the ReST API
+     * @return                              a map containing min/max and the associated value
+     */
+    default int getAuditEntriesCountByAppAndProperties(String applicationName, AuditQueryParameters parameters)
+    {
+        return -1;
+    }
 }