- Stop Polarion server
- Extract scripting.zip to <Polarion Installation>/polarion/extensions
- Start Polarion
By default the scripts are loaded from <Polarion Installation>/scripts, you can configure a different path in polarion.properties using the property com.polarion.scripting.scriptsfolder (e.g. com.polarion.scripting.scriptsfolder=c:/Polarion/custom-scripts).
The plugin com.polarion.scripting.servlet enables administrators to run scripts without installing them into the servers file system.With that functionality, it is possible to create a wiki page that runs a script on the server as soon as an administrator views that page.
A malicious user could create such a page and trick an administrator into running a dangerous script by viewing that page.If you trust the users that have write access to your Polarion installation that should not be an issue.
It's also possible to create a link that will run a script embedded into that link as soon as it is opened.An attacker from outside could trick an administrator into opening such an "scripting link" to run a malicious script.It is quite easy to recognize such a dangerous link, therefore this is more like a theoretical issue.
If you want to avoid any risk, you can easily uninstall the scripting servlet by removing <Polarion Installation>/polarion/extensions/scripting/eclipse/plugins/com.polarion.scripting.servlet_<version>.
Inside all scripts following variables are defined:
trackerService: A reference to the ITrackerService.
projectService: A reference to the IProjectService.
It is also possible to include scripts into the executed script by using the function include("path/relative/to/scripts/folder").
After installing the extension you will be able to use "ScriptCondition" and "ScriptFunction" as workflow condition/function defined in as a script.The condition and the function require two parameters:
script: Name of the script in the scripts folder to run as function/condition.
Inside the script you will be able to access the com.polarion.alm.tracker.workflow.ICallContext and the com.polarion.alm.tracker.workflow.IArguments that are passed to the com.polarion.alm.tracker.workflow.IFunction/com.polarion.alm.tracker.workflow.ICondition as variables with the name workflowContext and arguments.You can find details on the mentioned classes in the javadoc which is part of the SDK.
A workflow condition has to evaluate if a specific workflow action is available or not.
ExampleHave a look oncomment based testing example:/polarion/extensions/extension.jsp?extension=PE-14
JobsTo define a job that runs a script define a job with id "script.job" in the scheduler.The job has the required parameters:
scriptEngine: Name of the script in the scripts folder to run as function/condition.
Inside the script you will be able to access following variables:
logger: A com.polarion.platform.jobs.ILogger you can use to log messages for that job.
scope: A com.polarion.platform.context.IContext that repesents the scope of the job.
workDir: A java.io.File pointing to the working directory of the job.
jobUnit: The com.polarion.platform.jobs.IJobUnit that runs the script.
Every property defined inside the properties element of the job. The property in the example below would be accessible as variable with the name "myProperty" containing the value "myPropertyValue".
<job name="Script Job" id="script.job" cronExpression="" disabled="true" scope="system">
Scripting servlet - Run scripts directlyTo run a script without installing it into the scripting directory you can use the scripting servlet.Just point your browser to <Polarion Server>/polarion/scripting, there you will see an interface that you can use to input and run a script.The varaible visible to the script are the same as for script jobs (actually the script is run as job).
By default only administrators are allowed to run scripts via servlets as it is potentially dangerous.You can allow other user groups to use the scripting servlet by granting the com.polarion.scripting.servlet permission in the global permissions.xml configuration.