@sap/cds 5.4.3 → 5.5.0

package/libx/_runtime/common/composition/update.js

@@ -1,3 +1,5 @@
+const cds = require('../../cds')
+
 const { getCompositionTree } = require('./tree')
 const { getDeepInsertCQNs } = require('./insert')
 const { getDeepDeleteCQNs } = require('./delete')
@@ -13,6 +15,8 @@ const getError = require('../../common/error')
  */
 
 const _serializedKey = (entity, data) => {
+  if (data === null) return 'null'
+
   return JSON.stringify(
     ctUtils
       .keyElements(entity)
@@ -72,6 +76,10 @@ const _diffData = (newData, oldData, entity, newEntry, oldEntry, definitions) =>
     const oldVal = ctUtils.val(oldData[key])
 
     if (newVal !== undefined && newVal !== oldVal) {
+      if (entity.elements[key]._isStructured && Object.keys(newData[key]).length === 0) {
+        // empty structured -> skip
+        continue
+      }
       result[key] = newData[key]
       continue
     }
@@ -107,6 +115,8 @@ function _addSubDeepUpdateCQNForUpdateInsert({
   const selectDataByKey = _dataByKey(entity, selectData)
   const deepUpdateData = []
   for (const entry of data) {
+    if (entry === null) continue
+
     const key = ctUtils.key(entity, entry)
     const selectEntry = selectDataByKey.get(_serializedKey(entity, entry))
     _fillLinkFromStructuredData(entity, entry)
@@ -288,7 +298,8 @@ const getDeepUpdateCQNs = (definitions, cqn, selectData) => {
     definitions,
     rootEntityName: entityName,
     checkRoot: false,
-    resolveViews: !draft
+    resolveViews: !draft,
+    service: cds.db
   })
 
   const subCQNs = _addSubDeepUpdateCQN({ definitions, compositionTree, data: [entry], selectData, cqns: [], draft })

package/libx/_runtime/common/composition/utils.js

@@ -9,9 +9,7 @@ const addDraftSuffix = (draft, name) => {
 const whereKey = key => {
   const where = []
   Object.keys(key).forEach(keyPart => {
-    if (where.length > 0) {
-      where.push('and')
-    }
+    if (where.length > 0) where.push('and')
     where.push({ ref: [keyPart] }, '=', { val: key[keyPart] })
   })
   return where

package/libx/_runtime/common/constants/draft.js

@@ -30,5 +30,16 @@ module.exports = {
     { ref: ['HasActiveEntity'], cast: { type: 'cds.Boolean' } },
     { ref: ['HasDraftEntity'], cast: { type: 'cds.Boolean' } },
     { ref: ['DraftAdministrativeData_DraftUUID'] }
-  ]
+  ],
+  SCENARIO: {
+    ACTIVE: 'ACTIVE',
+    ACTIVE_WITHOUT_DRAFT: 'ACTIVE_WITHOUT_DRAFT',
+    ALL_ACTIVE: 'ALL_ACTIVE',
+    ALL_INACTIVE: 'ALL_INACTIVE',
+    DRAFT_ADMIN: 'DRAFT_ADMIN',
+    DRAFT_IN_PROCESS: 'DRAFT_IN_PROCESS',
+    DRAFT_WHICH_OWNER: 'DRAFT_WHICH_OWNER',
+    SIBLING_ENTITY: 'SIBLING_ENTITY',
+    UNION: 'UNION'
+  }
 }

package/libx/_runtime/common/generic/auth.js

@@ -26,9 +26,6 @@ const RESTRICTIONS = {
   DELETABLE: 'DeleteRestrictions.Deletable'
 }
 
-// REVISIT: remove everywhere
-const SYMBOL_FROM_ANNOTATION = Symbol.for('sap.cds.FROM_ANNOTATION')
-
 const _reject = req => {
   // unauthorized or forbidden?
   if (req.user._is_anonymous) {
@@ -46,10 +43,12 @@ const _reject = req => {
 
 const _getCurrentSubClause = (next, restrict) => {
   const escaped = next[0].replace(/\$/g, '\\$').replace(/\./g, '\\.')
-  const re = new RegExp(`([\\w\\.']*)\\s*=\\s*(${escaped})|(${escaped})\\s*=\\s*([\\w\\.']*)`)
-  const clause = restrict.where.match(re)
+  const re1 = new RegExp(`([\\w\\.']*)\\s*=\\s*(${escaped})|(${escaped})\\s*=\\s*([\\w\\.']*)`)
+  const re2 = new RegExp(`([\\w\\.']*)\\s*in\\s*(${escaped})|(${escaped})\\s*in\\s*([\\w\\.']*)`)
+  const clause = restrict.where.match(re1) || restrict.where.match(re2)
   if (!clause) {
-    throw new Error('user attribute array must be used with operator "="')
+    // NOTE: arrayed attr with "=" as operator is some kind of legacy case
+    throw new Error('user attribute array must be used with operator "=" or "in"')
   }
   return clause
 }
@@ -57,7 +56,18 @@ const _getCurrentSubClause = (next, restrict) => {
 const _processUserAttr = (next, restrict, user, attr) => {
   const clause = _getCurrentSubClause(next, restrict)
   const valOrRef = clause[1] || clause[4]
-  if (valOrRef.startsWith("'") && user[attr].includes(valOrRef.split("'")[1])) {
+  if (clause[0].match(/ in /)) {
+    if (!user[attr] || user[attr].length === 0) {
+      restrict.where = restrict.where.replace(clause[0], '1 = 2')
+    } else if (user[attr].length === 1) {
+      restrict.where = restrict.where.replace(clause[0], `${valOrRef} = '${user[attr][0]}'`)
+    } else {
+      restrict.where = restrict.where.replace(
+        clause[0],
+        `${valOrRef} in (${user[attr].map(ele => `'${ele}'`).join(', ')})`
+      )
+    }
+  } else if (valOrRef.startsWith("'") && user[attr].includes(valOrRef.split("'")[1])) {
     restrict.where = restrict.where.replace(clause[0], `${valOrRef} = ${valOrRef}`)
   } else {
     restrict.where = restrict.where.replace(
@@ -164,16 +174,10 @@ const _evalStatic = (op, vals) => {
   }
 }
 
-const _addSymbol = element => {
-  element = typeof element === 'string' ? new String(element) : element
-  element[SYMBOL_FROM_ANNOTATION] = true
-  return element
-}
-
 const _getMergedWhere = restricts => {
   const xprs = []
   restricts.forEach(ele => {
-    xprs.push('(', ...ele._xpr.map(ele => _addSymbol(ele)), ')', 'or')
+    xprs.push('(', ...ele._xpr, ')', 'or')
   })
   xprs.pop()
   return xprs
@@ -229,16 +233,9 @@ const _ensureTableAlias = (ref, aliases, targetFrom, model, hasExpand) => {
   } else {
     _adaptTableName(ref, nameObj.refIndex, nameObj.name)
   }
-
-  if (hasExpand && nameObj.aliasIndex === 0) {
-    _addSymbol(ref)
-  }
 }
 
 const _enhanceAnnotationSubSelect = (select, model, targetName, targetFrom, hasExpand) => {
-  if (select.from && select.from.ref) {
-    _addSymbol(select.from.ref)
-  }
   if (select.where) {
     for (const v of select.where) {
       if (v.ref && select.from.ref) {
@@ -368,8 +365,10 @@ const _getRestrictionForTarget = (resolvedApplicables, target) => {
 }
 
 const _addRestrictionsToRead = async (req, model, resolvedApplicables) => {
-  // context.query.where(['(', ...whereClause, ')'])
-  // REVISIT: better attach where(s) to query as additional filters for later materialization (when?!)
+  if (req.target._isDraftEnabled) {
+    req.query._draftRestrictions = resolvedApplicables.map(ra => ra._xpr)
+    return
+  }
 
   if (typeof req.query.SELECT.from === 'object')
     req.query.SELECT.from.ref = _addWheresToRef(req.query.SELECT.from.ref, model, resolvedApplicables)
@@ -377,6 +376,7 @@ const _addRestrictionsToRead = async (req, model, resolvedApplicables) => {
   const restrictionForTarget = _getRestrictionForTarget(resolvedApplicables, req.target)
   if (restrictionForTarget) {
     req.query.where(restrictionForTarget)
+    // REVISIT: remove with cds^6
     _enhanceAnnotationWhere(req.query, restrictionForTarget, model)
   }
 }
@@ -418,7 +418,7 @@ const _getRestrictedCount = async (req, model, resolvedApplicables) => {
   const restrictionForTarget = _getRestrictionForTarget(resolvedApplicables, req.target)
   if (restrictionForTarget) selectRestricted.where(restrictionForTarget)
 
-  const { n } = await dbtx.run(selectRestricted)
+  const { n } = await dbtx.run(cqn2cqn4sql(selectRestricted, model, { suppressSearch: true }))
   return n
 }
 
@@ -539,27 +539,49 @@ const _addNormalizedRestrictPerGrant = (grant, where, restrict, restricts, defin
   }
 }
 
-const _addNormalizedRestrict = (restrict, restricts, definition) => {
-  const where = restrict.where
+const _addNormalizedRestrict = (restrict, restricts, definition, definitions) => {
+  let where = restrict.where
     ? restrict.where.replace(/\$user/g, '$user.id').replace(/\$user\.id\./g, '$user.')
     : undefined
+
+  // NOTE: "exists toMany.toOne[prop = $user]" -> "exists toMany[exists toOne[prop = $user]]"
+  try {
+    if (where) {
+      // operate on a copy
+      let _where = where
+      const paths = where.match(/ (\w*)\.(\w*)/g) || []
+      for (let i = 0; i < paths.length; i++) {
+        const parts = paths[i].trim().split('.')
+        let current = definition
+        while (parts.length) {
+          current = current.elements[parts.shift()]
+          if (current.is2many) _where = _where.replace(current.name + '.', current.name + '[exists ') + ']'
+          if (current.target) current = definitions[current.target]
+        }
+      }
+      where = _where
+    }
+  } catch (e) {
+    // ignore
+  }
+
   restrict.grant = Array.isArray(restrict.grant) ? restrict.grant : [restrict.grant || '*']
   restrict.grant.forEach(grant => _addNormalizedRestrictPerGrant(grant, where, restrict, restricts, definition))
 }
 
-const _getNormalizedRestricts = definition => {
+const _getNormalizedRestricts = (definition, definitions) => {
   const restricts = []
 
   // own
   definition['@restrict'] &&
-    definition['@restrict'].forEach(restrict => _addNormalizedRestrict(restrict, restricts, definition))
+    definition['@restrict'].forEach(restrict => _addNormalizedRestrict(restrict, restricts, definition, definitions))
 
   // bounds
   if (definition.actions && Object.keys(definition.actions).some(k => definition.actions[k]['@restrict'])) {
     for (const k in definition.actions) {
       const action = definition.actions[k]
       if (action['@restrict']) {
-        restricts.push(..._getNormalizedRestricts(action))
+        restricts.push(..._getNormalizedRestricts(action, definitions))
       } else if (!definition['@restrict']) {
         // > no entity-level restrictions => unrestricted action
         restricts.push({ grant: action.name, to: ['any'], target: action.parent })
@@ -635,7 +657,7 @@ const _registerEntityRequiresHandlers = (entity, srv, { dependentEntity, interme
 
 const _registerEntityRestrictHandlers = (entity, srv, { dependentEntity, intermediateEntities } = {}) => {
   if (entity['@restrict'] || entity.actions) {
-    const restricts = _getNormalizedRestricts(entity)
+    const restricts = _getNormalizedRestricts(entity, srv.model.definitions)
     if (restricts.length > 0) {
       if (dependentEntity)
         srv.before(
@@ -657,7 +679,7 @@ const _registerOperationRequiresHandlers = (operation, srv) => {
 
 const _registerOperationRestrictHandlers = (operation, srv) => {
   if (operation['@restrict']) {
-    const restricts = _getNormalizedRestricts(operation)
+    const restricts = _getNormalizedRestricts(operation, srv.model.definitions)
     if (restricts.length > 0) {
       srv.before(_getLocalName(operation), _getRestrictsHandler(restricts, operation, srv.model))
     }

package/libx/_runtime/common/generic/crud.js

@@ -5,16 +5,7 @@ const getTemplate = require('../utils/template')
 const templateProcessor = require('../utils/templateProcessor')
 const replaceManagedData = require('../utils/dollar')
 
-const _onlyKeysRemain = req => {
-  // if custom handlers uses only expression like {col: {'+=': 1}},
-  // req.data will only contain the keys
-  if (req.query.UPDATE.with && Object.keys(req.query.UPDATE.with).length > 0) {
-    return false
-  }
-
-  const keys = Object.keys(req.target.keys)
-  return !Object.keys(req.data).some(k => !keys.includes(k))
-}
+const onlyKeysRemain = require('../utils/onlyKeysRemain')
 
 const _targetEntityDoesNotExist = async req => {
   const { query } = req
@@ -39,7 +30,7 @@ const _processorFn = req => {
   const { event, user, timestamp } = req
   const ts = new Date(timestamp).toISOString()
 
-  return (row, key, element, plain, isRoot) => {
+  return ({ row, key, plain }) => {
     const categories = plain.categories
 
     for (const category of categories) {
@@ -89,8 +80,8 @@ module.exports = function () {
 
     let result
 
-    // no changes, no op (otherwise, @cds.on.update gets new values), but we need to check existance
-    if (req.event === 'UPDATE' && _onlyKeysRemain(req)) {
+    // no changes, no op (otherwise, @cds.on.update gets new values), but we need to check existence
+    if (req.event === 'UPDATE' && onlyKeysRemain(req)) {
       if (await _targetEntityDoesNotExist(req)) {
         req.reject(404)
       }
@@ -98,6 +89,16 @@ module.exports = function () {
       result = req.data
     }
 
+    if (req.event === 'DELETE' && req.target._isSingleton) {
+      if (!req.target['@odata.singleton.nullable']) {
+        req.reject(400, 'SINGLETON_NOT_NULLABLE')
+      }
+
+      const singleton = await cds.tx(req).run(SELECT.one(req.target))
+      if (!singleton) req.reject(404)
+      req.query.where(singleton)
+    }
+
     if (!result) {
       result = await cds.tx(req).run(req.query, req.data)
     }

package/libx/_runtime/common/generic/input.js

@@ -16,9 +16,8 @@ const templateProcessor = require('../utils/templateProcessor')
 const { getDataFromCQN, setDataFromCQN } = require('../utils/data')
 const { isMandatory, isReadOnly } = require('../aspects/utils')
 
-const shouldSuppressErrorPropagation = ({ event, value, suppress = false }) => {
+const shouldSuppressErrorPropagation = ({ event, value }) => {
   return (
-    suppress ||
     event === 'NEW' ||
     event === 'PATCH' ||
     (event === 'UPDATE' && value.val === undefined) ||
@@ -35,7 +34,7 @@ const getSimpleCategory = category => {
 }
 
 const rowKeysGenerator = eventName => {
-  return ({ keyNames, row, template }) => {
+  return (keyNames, row, template) => {
     if (eventName === 'UPDATE') return
 
     for (const keyName of keyNames) {
@@ -96,7 +95,7 @@ const _processCategory = ({ row, key, category, isRoot, event, value, req, eleme
 const processorFn = (errors, req) => {
   const { event } = req
 
-  return (row, key, element, plain, isRoot, pathSegments, suppressErrorPropagation = false) => {
+  return ({ row, key, element, plain, isRoot, pathSegments }) => {
     const categories = plain.categories
     // ugly pointer passing for sonar
     const value = { mandatory: false, val: row && row[key] }
@@ -105,7 +104,7 @@ const processorFn = (errors, req) => {
       _processCategory({ row, key, category, isRoot, event, value, req, element })
     }
 
-    if (shouldSuppressErrorPropagation({ event, value, suppress: suppressErrorPropagation })) {
+    if (shouldSuppressErrorPropagation({ event, value })) {
       return
     }
 
@@ -211,34 +210,30 @@ function _handler(req) {
   _callError(req, errors)
 }
 
-const processorFnForActionsFunctions = (errors, opName) => (row, tKey, element) => {
-  const value = row && row[tKey]
+const processorFnForActionsFunctions =
+  (errors, opName) =>
+  ({ row, key, element }) => {
+    const value = row && row[key]
 
-  // REVISIT: Convert checkInputConstraints to template mechanism
-  checkInputConstraints({ element, value, errors, key: opName })
-}
-
-const KINDS_TO_VALIDATE = {
-  entity: 1,
-  type: 1
-}
+    // REVISIT: Convert checkInputConstraints to template mechanism
+    checkInputConstraints({ element, value, errors, key: opName })
+  }
 
 const _processActionFunctionRow = (row, param, key, errors, event, service) => {
   const values = Array.isArray(row[key]) ? row[key] : [row[key]]
-
   // unstructured
   for (const value of values) {
     checkInputConstraints({ element: param, value, errors, key })
   }
 
   // structured
-  if (param._type && KINDS_TO_VALIDATE[param._type.kind]) {
-    const template = getTemplate('app-input-operation', service, param._type, { pick: _pick })
-    if (template.elements.size) {
-      for (const value of values) {
-        const args = { processFn: processorFnForActionsFunctions(errors, key), row: value, template }
-        templateProcessor(args)
-      }
+  const template = getTemplate('app-input-operation', service, param, {
+    pick: _pick
+  })
+  if (template && template.elements.size) {
+    for (const value of values) {
+      const args = { processFn: processorFnForActionsFunctions(errors, key), row: value, template }
+      templateProcessor(args)
     }
   }
 }
@@ -246,7 +241,8 @@ const _processActionFunctionRow = (row, param, key, errors, event, service) => {
 const _processActionFunction = (row, eventParams, errors, event, service) => {
   for (const key in eventParams) {
     let param = eventParams[key]
-    if (!param._type && param.items) param = param.items
+    const _type = param.type
+    if (!_type && param.items) param = param.items
     _processActionFunctionRow(row, param, key, errors, event, service)
   }
 }
@@ -280,8 +276,9 @@ function _actionFunctionHandler(req) {
   // REVISIT: find better solution, maybe compiler?
   // resolve enums like format, range, etc.
   for (const param of Object.values(eventParams)) {
-    if (param._type) {
-      param.enum = param._type.enum
+    const _type = param.type && this.model && this.model.definitions[param.type]
+    if (_type) {
+      param.enum = _type.enum
     }
   }
 

package/libx/_runtime/common/generic/put.js

@@ -25,7 +25,7 @@ const _fillStructure = (row, parts, element, category, args) => {
 const processorFn = req => {
   const REST = req.constructor.name === 'RestRequest'
 
-  return (row, key, element, plain) => {
+  return ({ row, key, element, plain }) => {
     if (!row || row[key] !== undefined) return
 
     const { category, args } = plain

package/libx/_runtime/common/generic/sorting.js

@@ -5,7 +5,6 @@ const DRAFT_COLUMNS = ['IsActiveEntity', 'HasDraftEntity', 'HasActiveEntity']
 
 const _getStaticOrders = req => {
   const { target: entity, query } = req
-
   const defaultOrders = entity['@cds.default.order'] || entity['@odata.default.order'] || []
 
   if (!cds._deprecationWarningForDefaultSort && defaultOrders.length > 0) {
@@ -60,25 +59,26 @@ const _handler = function (req) {
 
   // remove defaultOrder if not part of group by
   if (select.groupBy && select.groupBy.length > 0) {
-    staticOrders = staticOrders.filter(d => {
-      return select.groupBy.find(e => e.ref[0] === d.by['='])
-    })
+    staticOrders = staticOrders.filter(d => select.groupBy.find(e => e.ref[0] === d.by['=']))
   }
 
+  if (!select.orderBy && staticOrders.length === 0) return
   select.orderBy = select.orderBy || []
+
   for (const defaultOrder of staticOrders) {
-    if (
-      !select.orderBy.some(orderBy => {
-        const managedKey = orderBy.ref && orderBy.ref.length > 1 && orderBy.ref.join('_')
-        const element = managedKey && req.target.elements[managedKey]
-        const isManagedKey = element && element.key && !element.is2one
-        // don't add duplicates
-        return (
-          (orderBy.ref && orderBy.ref.length === 1 && orderBy.ref[0] === defaultOrder.by['=']) ||
-          (isManagedKey && managedKey === defaultOrder.by['='])
-        )
-      })
-    ) {
+    const some = select.orderBy.some(orderBy => {
+      const managedKey = orderBy.ref && orderBy.ref.length > 1 && orderBy.ref.join('_')
+      const element = managedKey && req.target.elements[managedKey]
+      const isManagedKey = element && element.key && !element.is2one
+
+      // don't add duplicates
+      return (
+        (orderBy.ref && orderBy.ref.length === 1 && orderBy.ref[0] === defaultOrder.by['=']) ||
+        (isManagedKey && managedKey === defaultOrder.by['='])
+      )
+    })
+
+    if (!some) {
       const orderByItem = { ref: [defaultOrder.by['=']], sort: defaultOrder.desc ? 'desc' : 'asc' }
       select.orderBy.push(orderByItem)
     }

package/libx/_runtime/common/i18n/index.js

@@ -98,7 +98,7 @@ module.exports = (key, locale = '', args = {}) => {
 
   // for locale OR app default OR cds default
   let text = i18ns[locale][key] || i18ns[''][key] || i18ns.default[key]
-
+  if (!text) return
   // best effort replacement
   try {
     const matches = text.match(/\{[\w][\w]*\}/g) || []

package/libx/_runtime/common/i18n/messages.properties

@@ -71,6 +71,7 @@ ENTITY_IS_READ_ONLY=Entity "{0}" is read-only
 ENTITY_IS_NOT_CRUD=Entity "{0}" is not {1}
 ENTITY_IS_NOT_CRUD_VIA_NAVIGATION=Entity "{0}" is not {1} via association "{2}"
 ENTITY_IS_AUTOEXPOSED=Entity "{0}" is not explicitely exposed as part of the service
+EXPAND_IS_RESTRICTED=Navigation property "{0}" is not allowed for expand operation
 
 # rest protocol adapter
 INVALID_RESOURCE="{0}" is not a valid resource
@@ -87,3 +88,6 @@ CRUD_VIA_NAVIGATION_NOT_SUPPORTED=CRUD via navigations is not yet supported
 # draft
 DRAFT_ALREADY_EXISTS=A draft for this entity already exists
 DRAFT_LOCKED_BY_ANOTHER_USER=The entity is locked by another user
+
+# singleton
+SINGLETON_NOT_NULLABLE=The singleton entity is not nullable

package/libx/_runtime/common/utils/backlinks.js

@@ -33,15 +33,22 @@ const _getBacklinkNameFromOnCond = element => {
   }
 }
 
-const isBacklink = (element, parent, checkContained) => {
+const isBacklink = (element, parent, checkContained, backLinkName) => {
   if (!element._isAssociationStrict) return false
   if (!parent || !(element.keys || element.on)) return false
   if (element.target !== parent.name) return false
 
-  for (const parentElement of Object.values(parent.elements)) {
-    if ((!checkContained || parentElement._isContained) && _getBacklinkNameFromOnCond(parentElement) === element.name) {
-      return true
-    }
+  const _isBackLink = parentElement =>
+    (!checkContained || parentElement._isContained) && _getBacklinkNameFromOnCond(parentElement) === element.name
+
+  if (backLinkName) {
+    const parentElement = parent.elements[backLinkName]
+    return parentElement.isAssociation && _isBackLink(parentElement)
+  }
+  for (const parentElementName in parent.elements) {
+    const parentElement = parent.elements[parentElementName]
+    if (!parentElement.isAssociation) continue
+    if (_isBackLink(parentElement)) return true
   }
 
   return false

package/libx/_runtime/common/utils/cqn.js

@@ -12,6 +12,11 @@ const getEntityNameFromDeleteCQN = cqn => {
   return from
 }
 
+const getEntityNameFromUpdateCQN = cqn => {
+  return (cqn.UPDATE.entity.ref && cqn.UPDATE.entity.ref[0]) || cqn.UPDATE.entity.name || cqn.UPDATE.entity
+}
+
 module.exports = {
-  getEntityNameFromDeleteCQN
+  getEntityNameFromDeleteCQN,
+  getEntityNameFromUpdateCQN
 }