npm - @sap/cds - Versions diffs - 5.6.2 → 5.7.2 - Mend

@sap/cds 5.6.2 → 5.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (183) hide show

package/CHANGELOG.md +133 -0
package/_i18n/i18n_fr.properties +4 -4
package/apis/cds.d.ts +7 -10
package/apis/connect.d.ts +3 -3
package/apis/core.d.ts +2 -4
package/apis/models.d.ts +2 -3
package/apis/ql.d.ts +0 -1
package/apis/services.d.ts +7 -3
package/bin/build/buildTaskFactory.js +16 -10
package/bin/build/buildTaskProviderFactory.js +3 -3
package/bin/build/constants.js +2 -1
package/bin/build/provider/buildTaskProviderInternal.js +14 -14
package/bin/build/provider/hana/2migration.js +2 -3
package/bin/build/provider/hana/index.js +34 -0
package/bin/build/provider/hana/migrationtable.js +90 -22
package/bin/build/provider/hana/template/undeploy.json +5 -0
package/bin/build/provider/node-cf/index.js +9 -2
package/bin/serve.js +16 -18
package/lib/compile/cdsc.js +15 -5
package/lib/compile/etc/_localized.js +4 -4
package/lib/compile/extend.js +8 -0
package/lib/compile/index.js +3 -1
package/lib/compile/minify.js +61 -0
package/lib/compile/resolve.js +4 -1
package/lib/compile/to/gql.js +9 -0
package/lib/compile/to/sql.js +26 -30
package/lib/connect/index.js +1 -1
package/lib/core/entities.js +0 -3
package/lib/core/infer.js +1 -0
package/lib/core/reflect.js +0 -34
package/lib/deploy.js +25 -17
package/lib/env/defaults.js +3 -1
package/lib/env/index.js +13 -4
package/lib/env/presets.js +38 -0
package/lib/env/requires.js +16 -11
package/lib/index.js +13 -11
package/lib/log/format/kibana.js +4 -2
package/lib/log/index.js +2 -2
package/lib/ql/Whereable.js +1 -0
package/lib/req/cds-context.js +79 -0
package/lib/req/context.js +5 -77
package/lib/req/request.js +1 -1
package/lib/serve/Service-api.js +8 -4
package/lib/serve/Service-dispatch.js +0 -7
package/lib/serve/Service-methods.js +6 -8
package/lib/serve/Transaction.js +35 -30
package/lib/serve/adapters.js +1 -4
package/lib/utils/axios.js +1 -1
package/libx/_runtime/audit/Service.js +44 -20
package/libx/_runtime/audit/generic/personal/access.js +16 -11
package/libx/_runtime/audit/generic/personal/modification.js +5 -5
package/libx/_runtime/audit/generic/personal/utils.js +46 -37
package/libx/_runtime/{common/auth → auth}/index.js +21 -7
package/libx/_runtime/{common/auth → auth}/strategies/JWT.js +2 -2
package/libx/_runtime/{common/auth → auth}/strategies/basic.js +2 -2
package/libx/_runtime/{common/auth → auth}/strategies/dummy.js +1 -1
package/libx/_runtime/{common/auth → auth}/strategies/mock.js +2 -2
package/libx/_runtime/{common/auth → auth}/strategies/utils/uaa.js +1 -1
package/libx/_runtime/{common/auth → auth}/strategies/utils/xssec.js +0 -0
package/libx/_runtime/{common/auth → auth}/strategies/xsuaa.js +2 -2
package/libx/_runtime/cds-services/adapter/odata-v4/Dispatcher.js +7 -2
package/libx/_runtime/cds-services/adapter/odata-v4/OData.js +0 -7
package/libx/_runtime/cds-services/adapter/odata-v4/ODataRequest.js +0 -8
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/action.js +3 -4
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/create.js +6 -7
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/delete.js +3 -4
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/error.js +2 -11
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/metadata.js +16 -6
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/read.js +26 -65
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/request.js +0 -7
package/libx/_runtime/cds-services/adapter/odata-v4/handlers/update.js +3 -66
package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/ExpressionToCQN.js +26 -0
package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/readToCQN.js +5 -5
package/libx/_runtime/cds-services/adapter/odata-v4/odata-to-cqn/utils.js +2 -2
package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/uri/UriParser.js +13 -10
package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-server/invocation/ConditionalRequestControlCommand.js +0 -7
package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-server/validator/ConditionalRequestValidator.js +0 -8
package/libx/_runtime/cds-services/adapter/odata-v4/utils/stream.js +54 -76
package/libx/_runtime/cds-services/adapter/rest/RestRequest.js +0 -7
package/libx/_runtime/cds-services/adapter/rest/handlers/create.js +3 -6
package/libx/_runtime/cds-services/adapter/rest/handlers/delete.js +3 -6
package/libx/_runtime/cds-services/adapter/rest/handlers/operation.js +3 -6
package/libx/_runtime/cds-services/adapter/rest/handlers/read.js +3 -6
package/libx/_runtime/cds-services/adapter/rest/handlers/update.js +3 -6
package/libx/_runtime/cds-services/adapter/rest/rest-to-cqn/index.js +2 -2
package/libx/_runtime/cds-services/adapter/rest/utils/parse-url.js +8 -4
package/libx/_runtime/cds-services/services/Service.js +0 -6
package/libx/_runtime/cds-services/services/utils/columns.js +10 -3
package/libx/_runtime/cds-services/services/utils/compareJson.js +4 -7
package/libx/_runtime/cds-services/services/utils/differ.js +4 -1
package/libx/_runtime/cds-services/services/utils/handlerUtils.js +1 -41
package/libx/_runtime/cds-services/util/assert.js +1 -262
package/libx/_runtime/cds.js +6 -9
package/libx/_runtime/common/aspects/entity.js +1 -1
package/libx/_runtime/common/composition/delete.js +4 -2
package/libx/_runtime/common/composition/update.js +22 -35
package/libx/_runtime/common/composition/utils.js +3 -7
package/libx/_runtime/common/error/standardError.js +11 -0
package/libx/_runtime/common/generic/auth.js +63 -33
package/libx/_runtime/common/generic/crud.js +11 -23
package/libx/_runtime/common/generic/input.js +20 -0
package/libx/_runtime/common/generic/paging.js +2 -2
package/libx/_runtime/common/generic/put.js +4 -10
package/libx/_runtime/common/generic/sorting.js +12 -30
package/libx/_runtime/common/perf/index.js +24 -0
package/libx/_runtime/common/utils/cqn.js +58 -1
package/libx/_runtime/common/utils/cqn2cqn4sql.js +297 -121
package/libx/_runtime/common/utils/csn.js +38 -56
package/libx/_runtime/common/utils/entityFromCqn.js +6 -6
package/libx/_runtime/common/utils/resolveView.js +4 -5
package/libx/_runtime/common/utils/rewriteAsterisks.js +46 -5
package/libx/_runtime/common/utils/search2cqn4sql.js +21 -9
package/libx/_runtime/common/utils/structured.js +35 -25
package/libx/_runtime/db/Service.js +0 -6
package/libx/_runtime/db/expand/expand-v2.js +130 -0
package/libx/_runtime/db/expand/expandCQNToJoin.js +38 -52
package/libx/_runtime/db/expand/index.js +3 -1
package/libx/_runtime/db/generic/arrayed.js +3 -1
package/libx/_runtime/db/generic/input.js +52 -10
package/libx/_runtime/db/generic/integrity.js +367 -26
package/libx/_runtime/db/generic/virtual.js +51 -13
package/libx/_runtime/db/query/update.js +9 -3
package/libx/_runtime/db/sql-builder/ExpressionBuilder.js +8 -9
package/libx/_runtime/{common → db}/utils/propagateForeignKeys.js +11 -14
package/libx/_runtime/fiori/generic/activate.js +1 -0
package/libx/_runtime/fiori/generic/before.js +2 -1
package/libx/_runtime/fiori/generic/edit.js +1 -0
package/libx/_runtime/fiori/generic/patch.js +1 -1
package/libx/_runtime/fiori/generic/read.js +155 -57
package/libx/_runtime/fiori/uiflex/handler/transformRESULT.js +0 -4
package/libx/_runtime/fiori/uiflex/index.js +1 -1
package/libx/_runtime/fiori/uiflex/{extensibility/index.js → service.js} +6 -4
package/libx/_runtime/fiori/utils/delete.js +7 -1
package/libx/_runtime/hana/Service.js +1 -8
package/libx/_runtime/hana/customBuilder/CustomSelectBuilder.js +5 -14
package/libx/_runtime/hana/execute.js +10 -4
package/libx/_runtime/hana/pool.js +55 -45
package/libx/_runtime/hana/search.js +7 -6
package/libx/_runtime/hana/search2cqn4sql.js +8 -5
package/libx/_runtime/hana/searchToContains.js +3 -1
package/libx/_runtime/index.js +5 -5
package/libx/_runtime/messaging/AMQPWebhookMessaging.js +3 -3
package/libx/_runtime/messaging/Outbox.js +53 -0
package/libx/_runtime/messaging/common-utils/AMQPClient.js +17 -10
package/libx/_runtime/messaging/common-utils/connections.js +14 -9
package/libx/_runtime/messaging/common-utils/waitingTime.js +2 -0
package/libx/_runtime/messaging/enterprise-messaging-shared.js +2 -3
package/libx/_runtime/messaging/enterprise-messaging-utils/registerEndpoints.js +2 -2
package/libx/_runtime/messaging/enterprise-messaging.js +21 -15
package/libx/_runtime/messaging/file-based.js +5 -5
package/libx/_runtime/messaging/message-queuing.js +2 -3
package/libx/_runtime/messaging/outbox/OutboxRunner.js +75 -0
package/libx/_runtime/messaging/outbox/utils.js +192 -0
package/libx/_runtime/messaging/service.js +16 -30
package/libx/_runtime/remote/Service.js +15 -0
package/libx/_runtime/remote/utils/client.js +15 -3
package/libx/_runtime/remote/utils/{dataConversion.js → data.js} +12 -2
package/libx/_runtime/sqlite/Service.js +7 -10
package/libx/_runtime/sqlite/customBuilder/CustomExpressionBuilder.js +19 -0
package/libx/_runtime/sqlite/execute.js +18 -12
package/libx/_runtime/types/api.js +2 -1
package/libx/gql/resolvers/parse/ast2cqn/columns.js +1 -1
package/libx/odata/{odata2cqn/afterburner.js → afterburner.js} +28 -16
package/libx/odata/{cqn2odata/index.js → cqn2odata.js} +1 -1
package/libx/odata/{odata2cqn/grammar.pegjs → grammar.pegjs} +182 -118
package/libx/odata/index.js +18 -15
package/libx/odata/parser.js +1 -0
package/libx/odata/utils.js +57 -0
package/libx/rest/RestAdapter.js +2 -6
package/libx/rest/utils/data.js +1 -6
package/package.json +4 -3
package/server.js +4 -5
package/srv/audit-log.cds +87 -0
package/{libx/_runtime/fiori/uiflex/extensibility/index.cds → srv/flex.cds} +0 -0
package/srv/flex.js +1 -0
package/srv/outbox.cds +11 -0
package/srv/outbox.js +0 -0
package/libx/_runtime/cds-services/adapter/perf/performance.js +0 -104
package/libx/_runtime/cds-services/adapter/perf/performanceMeasurement.js +0 -33
package/libx/odata/odata2cqn/index.js +0 -3
package/libx/odata/odata2cqn/parser.js +0 -1
package/libx/odata/readme.md +0 -1
package/libx/odata/utils/index.js +0 -64

package/libx/_runtime/cds-services/util/assert.js CHANGED Viewed

@@ -1,10 +1,5 @@
-const cds = require('../../cds')
-const { all, resolve } = require('../../common/utils/thenable')
-const { getDependents } = require('../../common/utils/csn')
 // REVISIT: replace with cds.Request
 const getEntry = require('../../common/error/entry')
-const crypto = require('crypto')
 const ISO_DATE_PART1 =
   '[1-9]\\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)'
@@ -27,11 +22,8 @@ const ASSERT_FORMAT = 'ASSERT_FORMAT'
 const ASSERT_DATA_TYPE = 'ASSERT_DATA_TYPE'
 const ASSERT_ENUM = 'ASSERT_ENUM'
 const ASSERT_NOT_NULL = 'ASSERT_NOT_NULL'
-const ASSERT_REFERENCE_INTEGRITY = 'ASSERT_REFERENCE_INTEGRITY'
 const ASSERT_DEEP_ASSOCIATION = 'ASSERT_DEEP_ASSOCIATION'
-const ASSERT_INTEGRITY_ANNOTATION = '@assert.integrity'
 const _enumValues = element => {
   return Object.keys(element).map(enumKey => {
     const enum_ = element[enumKey]
@@ -178,6 +170,7 @@ const checkComplexType = ([key, value], elements, ignoreNonModelledData) => {
 const _checkStaticElementByKey = (definition, key, value, result, ignoreNonModelledData) => {
   const elementsOrParameters = definition.elements || definition.params
+  if (!elementsOrParameters) return result
   const elementOrParameter = elementsOrParameters[key]
   if (!elementOrParameter) {
@@ -309,259 +302,6 @@ const checkStatic = (definition, data, ignoreNonModelledData = false) => {
   }, [])
 }
-const _checkExistsWhere = (entity, whereList, run) => {
-  const checks = whereList.map(where => {
-    if (where.length === 0) {
-      return true
-    }
-    const cqn = {
-      SELECT: {
-        columns: [{ val: 1, as: '_exists' }],
-        from: { ref: [entity.name || entity] },
-        where: where
-      }
-    }
-    if (cds.context) {
-      const hash = crypto.createHash('sha1').update(JSON.stringify(cqn)).digest('base64') // fastest hash
-      if (!cds.context.__alreadyExecutedIntegrityChecks) cds.context.__alreadyExecutedIntegrityChecks = new Map()
-      if (cds.context.__alreadyExecutedIntegrityChecks.has(hash)) {
-        return cds.context.__alreadyExecutedIntegrityChecks.get(hash)
-      } else {
-        const promise = run(cqn).then(exists => {
-          return exists.length !== 0
-        })
-        // we store the promise object in the map, it won't get executed twice when calling await Promise.all([promise, promise])
-        cds.context.__alreadyExecutedIntegrityChecks.set(hash, promise)
-        return promise
-      }
-    }
-    return run(cqn).then(exists => {
-      return exists.length !== 0
-    })
-  })
-  return all(checks)
-}
-const _checkExists = (entity, data, req, run) => {
-  if (!Array.isArray(data)) {
-    return _checkExists(entity, [data], req, run).then(result => {
-      return result[0]
-    })
-  }
-  const where = data.map(row => {
-    return Object.keys(entity.keys).reduce((where, name) => {
-      if (row[name] !== undefined && row[name] !== null) {
-        if (where.length > 0) {
-          where.push('and')
-        }
-        where.push({ ref: [name] }, '=', { val: row[name] })
-      }
-      return where
-    }, [])
-  })
-  return _checkExistsWhere(entity, where, run)
-}
-const _getFullForeignKeyName = (elementName, foreignKeyName) => `${elementName}_${foreignKeyName}`
-const _foreignKeyReducer = (key, foreignKeyName, row, element, ref) => {
-  const fullForeignKeyName = _getFullForeignKeyName(element.name, foreignKeyName)
-  if (ref.length > 1) {
-    // ref includes assoc name, so we need to replace it by foreign key name
-    const refWithFlatForeignKey = [...ref.slice(0, ref.length - 1), fullForeignKeyName]
-    key[foreignKeyName] = _getDataFromRef(row, refWithFlatForeignKey)
-  } else {
-    key[foreignKeyName] = Object.prototype.hasOwnProperty.call(row, fullForeignKeyName) ? row[fullForeignKeyName] : null
-  }
-  return key
-}
-const _buildForeignKey = (element, row, ref) => {
-  let foreignKey
-  if (element.keys) {
-    foreignKey = element.keys
-      .map(obj => obj.ref[obj.ref.length - 1])
-      .reduce((key, foreignKeyName) => {
-        return _foreignKeyReducer(key, foreignKeyName, row, element, ref)
-      }, {})
-  }
-  return foreignKey
-}
-const _getDataFromRef = (row, ref) => {
-  if (row === undefined) return
-  if (ref.length > 1) {
-    return _getDataFromRef(row[ref[0]], ref.slice(1))
-  }
-  return row[ref[0]]
-}
-const _getElement = (entity, ref) => {
-  if (ref.length > 1) {
-    // structured
-    return _getElement(entity.elements[ref[0]], ref.slice(1))
-  }
-  return entity.elements[ref[0]]
-}
-const _checkCreateUpdate = (result, ref, rootEntity, checks, data, req, run) => {
-  const resolvedElement = _getElement(rootEntity, ref)
-  return data.reduce((result, row) => {
-    if (resolvedElement.on) return result
-    const foreignKey = _buildForeignKey(resolvedElement, row, ref)
-    if (foreignKey === undefined) return result
-    checks.push(
-      _checkExists(resolvedElement._target, foreignKey, req, run).then(exists => {
-        if (!exists) {
-          result.push(assertError(ASSERT_REFERENCE_INTEGRITY, resolvedElement, foreignKey))
-        }
-      })
-    )
-    return result
-  }, result)
-}
-const _buildWhereDelete = (result, key, element, data) => {
-  return data
-    .map(d => {
-      return Object.keys(d).reduce((result, name) => {
-        if (key.ref[0] === name) {
-          if (result.length > 0) {
-            result.push('and')
-          }
-          result.push({ ref: [_getFullForeignKeyName(element.name, key.ref[0])] }, '=', { val: d[name] })
-        }
-        return result
-      }, result)
-    })
-    .reduce((accumulatedWhere, currentWhere, i) => {
-      if (i > 0) accumulatedWhere.push('or')
-      accumulatedWhere.push(...currentWhere)
-      return accumulatedWhere
-    }, [])
-}
-const _checkDelete = (result, key, entity, checks, req, csn, run, data) => {
-  const elements = csn.definitions[key].elements
-  const source = csn.definitions[key].name
-  const dependents = getDependents(req.target, csn) || []
-  const sourceDependent = dependents.find(dep => dep.parent.name === source)
-  if (!sourceDependent) return result
-  return Object.keys(elements).reduce((result, assoc) => {
-    if (!elements[assoc].target || !elements[assoc].keys) return result
-    const targetDependent = dependents.find(dep => dep.target.name === elements[assoc].target)
-    if (!targetDependent) return result
-    const where = elements[assoc].keys.reduce((buildWhere, key) => {
-      return _buildWhereDelete(buildWhere, key, elements[assoc], data)
-    }, [])
-    checks.push(
-      _checkExistsWhere(source, [where], run).then(exists => {
-        if (exists.includes(true)) {
-          result.push(assertError(ASSERT_REFERENCE_INTEGRITY, elements[assoc], req.data))
-        }
-      })
-    )
-    return result
-  }, result)
-}
-function _filterStructured(element, structuredAssocs, prefix) {
-  const elements = element.elements
-  for (const subElement in elements) {
-    if (_filterAssocs(elements[subElement], structuredAssocs, prefix)) {
-      structuredAssocs.push([...prefix, elements[subElement].name])
-    }
-  }
-}
-const _filterAssocs = (element, structuredAssocs, prefix = []) => {
-  if (element.elements) {
-    _filterStructured(element, structuredAssocs, [...prefix, element.name])
-  }
-  return (
-    element._isAssociationStrict &&
-    !element.virtual &&
-    !element.abstract &&
-    element[ASSERT_INTEGRITY_ANNOTATION] !== false &&
-    !element['@odata.contained'] &&
-    !element._target._hasPersistenceSkip
-  )
-}
-// can be removed ones we switch to db integrity check
-const checkReferenceIntegrity = (entity, data, req, csn, run) => {
-  const service = entity._service
-  if (entity[ASSERT_INTEGRITY_ANNOTATION] === false || (service && service[ASSERT_INTEGRITY_ANNOTATION] === false)) {
-    return
-  }
-  if (!Array.isArray(data)) data = [data]
-  const checks = []
-  let result
-  if (req.event === 'CREATE' || req.event === 'UPDATE') {
-    const structuredAssocRefs = []
-    const associationRefs = Object.keys(entity.elements)
-      .filter(elementName => _filterAssocs(entity.elements[elementName], structuredAssocRefs))
-      .map(name => [name])
-    result = [...associationRefs, ...structuredAssocRefs].reduce((createUpdateResult, ref) => {
-      return _checkCreateUpdate(createUpdateResult, ref, entity, checks, data, req, run)
-    }, [])
-  }
-  if (req.event === 'DELETE') {
-    // we are only interested in table-level references not all derived ones on view levels
-    // TODO: why?
-    while (entity.query && entity.query._target) {
-      entity = csn.definitions[entity.query._target.name]
-    }
-    result = Object.keys(csn.definitions)
-      .filter(
-        key =>
-          !csn.definitions[key]['@cds.persistence.skip'] &&
-          csn.definitions[key].elements !== undefined &&
-          // skip check for events, aspects and localized tables
-          csn.definitions[key].kind !== 'event' &&
-          csn.definitions[key].kind !== 'aspect' &&
-          csn.definitions[key].kind !== 'type' &&
-          !csn.definitions[key].name.startsWith('localized.')
-      )
-      .reduce((deleteResult, key) => {
-        return _checkDelete(deleteResult, key, entity, checks, req, csn, run, data)
-      }, [])
-  }
-  if (checks.length) {
-    return Promise.all(checks).then(() => {
-      return result
-    })
-  }
-  return resolve(result || [])
-}
 const checkKeys = (entity, data) => {
   if (!Array.isArray(data)) {
     return checkKeys(entity, [data])
@@ -583,7 +323,6 @@ module.exports = {
   checkStatic,
   checkInputConstraints,
   checkKeys,
-  checkReferenceIntegrity,
   assertError,
   checkIfAssocDeep
 }

package/libx/_runtime/cds.js CHANGED Viewed

@@ -22,15 +22,12 @@ Object.defineProperty(cds, '_mtxEnabled', {
  * (lazy) feature flags
  */
 // referential integrity
-Object.defineProperty(cds.env.features, '_foreign_key_constraints', {
-  get: () => cds.env.cdsc.beta && cds.env.cdsc.beta.foreignKeyConstraints,
-  configurable: true
-})
-let assertIntegrity = cds.env.features.assert_integrity
-Object.defineProperty(cds.env.features, 'assert_integrity', {
-  get: () => (assertIntegrity != null ? assertIntegrity : !cds.env.features._foreign_key_constraints),
-  set: val => {
-    assertIntegrity = val
+// REVISIT: why is _db_foreign_key_constraints necessary?
+Object.defineProperty(cds.env.features, '_db_foreign_key_constraints', {
+  get: () => {
+    const { assert_integrity: ai, assert_integrity_type: ait } = cds.env.features
+    if ((typeof ai === 'string' && ai.match(/individual/i)) || (ait && ait.match(/db/i))) return true
+    return false
   },
   configurable: true
 })

package/libx/_runtime/common/aspects/entity.js CHANGED Viewed

@@ -35,7 +35,7 @@ module.exports = class {
         '__isDraftEnabled',
         (this.associations && this.associations.DraftAdministrativeData) ||
           this.name.match(/\.DraftAdministrativeData$/) ||
-          this.own('@odata.draft.enabled') // > case: entity not in service (tests only?)
+          (this.own('@odata.draft.enabled') && this.own('@Common.DraftRoot.ActivationAction'))
       )
     )
   }

package/libx/_runtime/common/composition/delete.js CHANGED Viewed

@@ -140,7 +140,8 @@ const _addToCQNs = (cqns, subCQN, element, definitions, level) => {
   // Since `>2.5.2` compiler generates constraints for compositions of one like for annotations
   // Thus only single 2one case (`$self`-managed composition) has DELETE CASCADE
   // Here it's ignored to simplify i.e. handle all "2ones" in a same manner
-  if (!cds.env.features._foreign_key_constraints || _is2oneComposition(element, definitions)) {
+  // REVISIT: why is _db_foreign_key_constraints necessary?
+  if (!cds.env.features._db_foreign_key_constraints || _is2oneComposition(element, definitions)) {
     cqns[level].push(subCQN)
   }
 }
@@ -251,7 +252,8 @@ const getDeepDeleteCQNs = (definitions, cqn) => {
     _recursivelyAliasRefs(parentWhere, 'ALIAS0', parentAlias)
   }
   const setNullUpdates = []
-  if (cds.env.features._foreign_key_constraints && definitions[entityName].own('__oneCompositionParents')) {
+  // REVISIT: why is _db_foreign_key_constraints necessary?
+  if (cds.env.features._db_foreign_key_constraints && definitions[entityName].own('__oneCompositionParents')) {
     setNullUpdates.push(..._getSetNullParentForeignKeyCQNs(definitions, entityName, parentWhere, draft))
   }
   const subCascadeDeletes = _addSubCascadeDeleteCQN(definitions, compositionTree, parentWhere, 0, [], draft)

package/libx/_runtime/common/composition/update.js CHANGED Viewed

@@ -76,10 +76,13 @@ const _diffData = (newData, oldData, entity, newEntry, oldEntry, definitions) =>
     const oldVal = ctUtils.val(oldData[key])
     if (newVal !== undefined && newVal !== oldVal) {
+      if (!entity.elements[key]) continue
       if (entity.elements[key]._isStructured && Object.keys(newData[key]).length === 0) {
         // empty structured -> skip
         continue
       }
       result[key] = newData[key]
       continue
     }
@@ -135,36 +138,12 @@ function _addSubDeepUpdateCQNForUpdateInsert({
   return deepUpdateData
 }
-function _addSubDeepUpdateCQNCollectDelete(deleteCQNs, cqns, index) {
-  deleteCQNs.forEach(deleteCQN => {
-    if (
-      !cqns.find((subCQNs, subIndex) => {
-        if (subIndex > 0) {
-          const deleteIndex = subCQNs.findIndex(cqn => {
-            return cqn.DELETE && cqn.DELETE.from === deleteCQN.DELETE.from
-          })
-          if (deleteIndex > -1) {
-            if (subIndex < index) {
-              subCQNs.splice(deleteIndex, 1)
-            } else {
-              return true
-            }
-          }
-        }
-        return false
-      })
-    ) {
-      cqns[index] = cqns[index] || []
-      cqns[index].push(deleteCQN)
-    }
-  })
-}
 function _addSubDeepUpdateCQNCollect(definitions, cqns, updateCQNs, insertCQN, deleteCQN) {
   if (updateCQNs.length > 0) {
     cqns[0] = cqns[0] || []
     cqns[0].push(...updateCQNs)
   }
   if (insertCQN.INSERT.entries.length > 0) {
     cqns[0] = cqns[0] || []
     const deepInsertCQNs = getDeepInsertCQNs(definitions, insertCQN)
@@ -184,7 +163,10 @@ function _addSubDeepUpdateCQNCollect(definitions, cqns, updateCQNs, insertCQN, d
     cqns[0] = cqns[0] || []
     const deepDeleteCQNs = getDeepDeleteCQNs(definitions, deleteCQN)
     deepDeleteCQNs.forEach((deleteCQNs, index) => {
-      _addSubDeepUpdateCQNCollectDelete(deleteCQNs, cqns, index)
+      deleteCQNs.forEach(el => {
+        cqns[index] = cqns[index] || []
+        cqns[index].push(el)
+      })
     })
   }
 }
@@ -200,15 +182,17 @@ const _addToData = (subData, entity, element, entry) => {
 function _addSubDeepUpdateCQNRecursion({ definitions, compositionTree, entity, data, selectData, cqns, draft }) {
   const selectDataByKey = _dataByKey(entity, selectData)
   for (const element of compositionTree.compositionElements) {
     const subData = []
     const selectSubData = []
     for (const entry of data) {
       if (element.name in entry) {
         const selectEntry = selectDataByKey.get(_serializedKey(entity, entry))
         if (selectEntry && element.name in selectEntry) {
-          if (selectEntry[element.name] === null && Object.keys(entry[element.name]).length === 0) {
+          if (selectEntry[element.name] === null && entry[element.name] === null) {
             continue
           }
           _addToData(selectSubData, entity, element, selectEntry)
@@ -217,6 +201,7 @@ function _addSubDeepUpdateCQNRecursion({ definitions, compositionTree, entity, d
         _addToData(subData, entity, element, entry)
       }
     }
     _addSubDeepUpdateCQN({
       definitions,
       compositionTree: element,
@@ -226,6 +211,7 @@ function _addSubDeepUpdateCQNRecursion({ definitions, compositionTree, entity, d
       draft
     })
   }
   return cqns
 }
@@ -250,11 +236,11 @@ const _addSubDeepUpdateCQN = ({ definitions, compositionTree, data, selectData,
     insertCQN,
     definitions
   })
   _addSubDeepUpdateCQNCollect(definitions, cqns, updateCQNs, insertCQN, deleteCQN)
-  if (deepUpdateData.length === 0) {
-    return Promise.resolve()
-  }
+  if (deepUpdateData.length === 0) return Promise.resolve()
   return _addSubDeepUpdateCQNRecursion({
     definitions,
     compositionTree,
@@ -272,15 +258,16 @@ const _addSubDeepUpdateCQN = ({ definitions, compositionTree, data, selectData,
 const hasDeepUpdate = (definitions, cqn) => {
   if (cqn && cqn.UPDATE && cqn.UPDATE.entity && (cqn.UPDATE.data || cqn.UPDATE.with)) {
-    const entityName =
-      (cqn.UPDATE.entity.ref && cqn.UPDATE.entity.ref[0]) || cqn.UPDATE.entity.name || cqn.UPDATE.entity
+    const updateEntity = cqn.UPDATE.entity
+    const entityName = (updateEntity.ref && updateEntity.ref[0]) || updateEntity.name || updateEntity
     const entity = definitions && definitions[ensureNoDraftsSuffix(entityName)]
     if (entity) {
-      return !!Object.keys(Object.assign({}, cqn.UPDATE.data || {}, cqn.UPDATE.with || {})).find(k => {
-        return ctUtils.isCompOrAssoc(entity, k)
-      })
+      const keys = Object.keys(Object.assign({}, cqn.UPDATE.data || {}, cqn.UPDATE.with || {}))
+      return !!keys.find(k => ctUtils.isCompOrAssoc(entity, k))
     }
   }
   return false
 }

package/libx/_runtime/common/composition/utils.js CHANGED Viewed

@@ -32,13 +32,9 @@ const val = element => (element && element.val) || element
 const array = x => (Array.isArray(x) ? x : [x])
-const isCompOrAssoc = (entity, k, onlyToOne) => {
-  return (
-    entity.elements &&
-    entity.elements[k] &&
-    entity.elements[k].isAssociation &&
-    ((onlyToOne && entity.elements[k].is2one) || !onlyToOne)
-  )
+const isCompOrAssoc = (entity, elementName, onlyToOne) => {
+  const element = entity.elements && entity.elements[elementName]
+  return !!(element && element.isAssociation && ((onlyToOne && element.is2one) || !onlyToOne))
 }
 const cleanDeepData = (entity, data, onlyToOne = false) => {

package/libx/_runtime/common/error/standardError.js ADDED Viewed

@@ -0,0 +1,11 @@
+const isStandardError = err => {
+  return (
+    err instanceof TypeError ||
+    err instanceof ReferenceError ||
+    err instanceof SyntaxError ||
+    err instanceof RangeError ||
+    err instanceof URIError
+  )
+}
+module.exports = { isStandardError }

package/libx/_runtime/common/generic/auth.js CHANGED Viewed

@@ -8,7 +8,8 @@ const { SELECT } = cds.ql
 const { getRequiresAsArray } = require('../utils/auth')
 const { cqn2cqn4sql } = require('../utils/cqn2cqn4sql')
 const { isActiveEntityRequested, removeIsActiveEntityRecursively } = require('../../fiori/utils/where')
-const { ensureDraftsSuffix } = require('../../fiori/utils/handler')
+const { ensureNoDraftsSuffix } = require('../../fiori/utils/handler')
+const { rewriteExpandAsterisk } = require('../../common/utils/rewriteAsterisks')
 const WRITE = ['CREATE', 'UPDATE', 'DELETE']
 const MOD = { UPDATE: 1, DELETE: 1, EDIT: 1 }
@@ -41,6 +42,48 @@ const _reject = req => {
   }
 }
+const _getTarget = (ref, target, definitions) => {
+  if (cds.env.effective.odata.proxies) {
+    const target_ = target.elements[ref[0]]
+    if (ref.length === 1) {
+      return definitions[ensureNoDraftsSuffix(target_.target)]
+    }
+    return _getTarget(ref.slice(1), target_, definitions)
+  }
+  const target_ = target.elements[ref.join('_')]
+  return definitions[ensureNoDraftsSuffix(target_.target)]
+}
+const _getRestrictedExpand = (columns, target, definitions) => {
+  if (!columns || !target || columns === '*') return
+  const annotation = target['@Capabilities.ExpandRestrictions.NonExpandableProperties']
+  const restrictions = annotation && annotation.map(element => element['='])
+  rewriteExpandAsterisk(columns, target)
+  for (const col of columns) {
+    if (col.expand) {
+      if (restrictions && restrictions.length !== 0) {
+        const ref = col.ref.join('_')
+        const ref_ = restrictions.find(element => element.replace(/\./g, '_') === ref)
+        if (ref_) return ref_
+      }
+      // expand: '**' or '*3' is only possible within custom handler, no check needed
+      if (typeof col.expand === 'string' && /^\*{1}[\d|*]+/.test(col.expand)) {
+        continue
+      } else {
+        const restricted = _getRestrictedExpand(col.expand, _getTarget(col.ref, target, definitions), definitions)
+        if (restricted) return restricted
+      }
+    }
+  }
+}
 const _getCurrentSubClause = (next, restrict) => {
   const escaped = next[0].replace(/\$/g, '\\$').replace(/\./g, '\\.')
   const re1 = new RegExp(`([\\w\\.']*)\\s*=\\s*(${escaped})|(${escaped})\\s*=\\s*([\\w\\.']*)`)
@@ -367,7 +410,7 @@ const _getRestrictionForTarget = (resolvedApplicables, target) => {
 const _addRestrictionsToRead = async (req, model, resolvedApplicables) => {
   if (req.target._isDraftEnabled) {
-    req.query._draftRestrictions = resolvedApplicables.map(ra => ra._xpr)
+    req.query._draftRestrictions = resolvedApplicables
     return
   }
@@ -402,12 +445,11 @@ const _getUnrestrictedCount = async req => {
 const _getRestrictedCount = async (req, model, resolvedApplicables) => {
   const dbtx = cds.tx(req)
-  let target =
+  const target =
     (req.query.UPDATE && req.query.UPDATE.entity) ||
     (req.query.DELETE && req.query.DELETE.from) ||
     (req.query.SELECT && req.query.SELECT.from)
-  // REVISIT: req._ gets set in onDraftActivate to original req
-  if (req._ && req._.event === 'draftActivate') target = ensureDraftsSuffix(target)
   const selectRestricted = SELECT.one(['count(*) as n']).from(target)
   const whereRestricted = (req.query.UPDATE && req.query.UPDATE.where) || (req.query.DELETE && req.query.DELETE.where)
@@ -541,36 +583,9 @@ const _addNormalizedRestrictPerGrant = (grant, where, restrict, restricts, defin
 }
 const _addNormalizedRestrict = (restrict, restricts, definition, definitions) => {
-  let where = restrict.where
+  const where = restrict.where
     ? restrict.where.replace(/\$user/g, '$user.id').replace(/\$user\.id\./g, '$user.')
     : undefined
-  // NOTE: "exists toMany.toOne[prop = $user]" -> "exists toMany[exists toOne[prop = $user]]"
-  try {
-    if (where) {
-      // operate on a copy
-      let _where = where
-      // find all path expressions in order to normalize shorthand (i.e., inject "[exists ...]")
-      const paths = (where.match(/ (\w\.*)*/g) || []).filter(m => m.match(/\./) && m !== ' ')
-      for (let i = 0; i < paths.length; i++) {
-        const parts = paths[i].trim().split('.')
-        let current = definition
-        while (parts.length) {
-          current = current.elements[parts.shift()]
-          if (current.isAssociation && _where.includes(current.name + '.')) {
-            const matches = _where.match(new RegExp(`(${current.name}).(.*)]`))
-            _where = _where.replace(`${matches[1]}.`, `${current.name}[exists `)
-            _where = _where.replace(matches[2], `${matches[2]}]`)
-          }
-          if (current.target) current = definitions[current.target]
-        }
-      }
-      where = _where
-    }
-  } catch (e) {
-    // ignore
-  }
   restrict.grant = Array.isArray(restrict.grant) ? restrict.grant : [restrict.grant || '*']
   restrict.grant.forEach(grant => _addNormalizedRestrictPerGrant(grant, where, restrict, restricts, definition))
 }
@@ -888,9 +903,24 @@ const _secureDependentEntities = srv => {
   }
 }
+const _restrictExpand = service => {
+  service.on('READ', '*', (req, next) => {
+    const restricted = _getRestrictedExpand(
+      req.query.SELECT && req.query.SELECT.columns,
+      req.target,
+      service.model.definitions
+    )
+    if (restricted) {
+      return req.reject(400, 'EXPAND_IS_RESTRICTED', [restricted])
+    }
+    return next()
+  })
+}
 module.exports = cds.service.impl(function () {
   // @restrict, @requires, @readonly, @insertonly, and @Capabilities for entities
   _secureDependentEntities(this)
+  _restrictExpand(this)
   for (const k in this.entities) {
     const entity = this.entities[k]
     if (!_authDependsOnParents(entity)) _registerAuthHandlers(entity, this)