@sap/cds 5.7.3 → 5.8.1

package/libx/_runtime/common/composition/update.js

@@ -37,6 +37,7 @@ const _dataByKey = (entity, data) => {
 function _addSubDeepUpdateCQNForDelete({ entity, data, selectData, deleteCQN }) {
   const dataByKey = _dataByKey(entity, data)
   for (const selectEntry of selectData) {
+    if (!selectEntry) continue
     const dataEntry = dataByKey.get(_serializedKey(entity, selectEntry))
     if (!dataEntry) {
       if (deleteCQN.DELETE.where.length > 0) {
@@ -67,7 +68,7 @@ function _fillLinkFromStructuredData(entity, entry) {
   }
 }
 
-const _diffData = (newData, oldData, entity, newEntry, oldEntry, definitions) => {
+const _diffData = (newData, oldData, entity, newEntry, oldEntry, model) => {
   const result = {}
 
   const keysSet = new Set(Object.keys(newData).concat(Object.keys(oldData)))
@@ -96,7 +97,7 @@ const _diffData = (newData, oldData, entity, newEntry, oldEntry, definitions) =>
         nav.isComposition &&
         nav.is2one &&
         newEntry[nav.name] !== undefined &&
-        !definitions[nav.target]._hasPersistenceSkip
+        !model.definitions[nav.target]._hasPersistenceSkip
       ) {
         result[key] = null
       }
@@ -106,15 +107,7 @@ const _diffData = (newData, oldData, entity, newEntry, oldEntry, definitions) =>
   return result
 }
 
-function _addSubDeepUpdateCQNForUpdateInsert({
-  entity,
-  entityName,
-  data,
-  selectData,
-  updateCQNs,
-  insertCQN,
-  definitions
-}) {
+function _addSubDeepUpdateCQNForUpdateInsert({ entity, entityName, data, selectData, updateCQNs, insertCQN, model }) {
   const selectDataByKey = _dataByKey(entity, selectData)
   const deepUpdateData = []
   for (const entry of data) {
@@ -127,7 +120,7 @@ function _addSubDeepUpdateCQNForUpdateInsert({
       deepUpdateData.push(entry)
       const newData = ctUtils.cleanDeepData(entity, entry)
       const oldData = ctUtils.cleanDeepData(entity, selectEntry)
-      const diff = _diffData(newData, oldData, entity, entry, selectEntry, definitions)
+      const diff = _diffData(newData, oldData, entity, entry, selectEntry, model)
       // empty updates will be removed later
       updateCQNs.push({ UPDATE: { entity: entityName, data: diff, where: ctUtils.whereKey(key) } })
     } else {
@@ -138,7 +131,7 @@ function _addSubDeepUpdateCQNForUpdateInsert({
   return deepUpdateData
 }
 
-function _addSubDeepUpdateCQNCollect(definitions, cqns, updateCQNs, insertCQN, deleteCQN) {
+async function _addSubDeepUpdateCQNCollect(model, cqns, updateCQNs, insertCQN, deleteCQN, req) {
   if (updateCQNs.length > 0) {
     cqns[0] = cqns[0] || []
     cqns[0].push(...updateCQNs)
@@ -146,7 +139,7 @@ function _addSubDeepUpdateCQNCollect(definitions, cqns, updateCQNs, insertCQN, d
 
   if (insertCQN.INSERT.entries.length > 0) {
     cqns[0] = cqns[0] || []
-    const deepInsertCQNs = getDeepInsertCQNs(definitions, insertCQN)
+    const deepInsertCQNs = getDeepInsertCQNs(model, insertCQN)
     deepInsertCQNs.forEach(insertCQN => {
       const intoCQN = cqns[0].find(cqn => {
         return cqn.INSERT && cqn.INSERT.into === insertCQN.INSERT.into
@@ -161,7 +154,7 @@ function _addSubDeepUpdateCQNCollect(definitions, cqns, updateCQNs, insertCQN, d
 
   if (deleteCQN.DELETE.where.length > 0) {
     cqns[0] = cqns[0] || []
-    const deepDeleteCQNs = getDeepDeleteCQNs(definitions, deleteCQN)
+    const deepDeleteCQNs = await getDeepDeleteCQNs(model, req, deleteCQN)
     deepDeleteCQNs.forEach((deleteCQNs, index) => {
       deleteCQNs.forEach(el => {
         cqns[index] = cqns[index] || []
@@ -180,7 +173,7 @@ const _addToData = (subData, entity, element, entry) => {
   subData.push(...unwrappedSubData)
 }
 
-function _addSubDeepUpdateCQNRecursion({ definitions, compositionTree, entity, data, selectData, cqns, draft }) {
+async function _addSubDeepUpdateCQNRecursion({ model, compositionTree, entity, data, selectData, cqns, draft, req }) {
   const selectDataByKey = _dataByKey(entity, selectData)
 
   for (const element of compositionTree.compositionElements) {
@@ -202,23 +195,24 @@ function _addSubDeepUpdateCQNRecursion({ definitions, compositionTree, entity, d
       }
     }
 
-    _addSubDeepUpdateCQN({
-      definitions,
+    await _addSubDeepUpdateCQN({
+      model,
       compositionTree: element,
       data: subData,
       selectData: selectSubData,
       cqns,
-      draft
+      draft,
+      req
     })
   }
 
   return cqns
 }
 
-const _addSubDeepUpdateCQN = ({ definitions, compositionTree, data, selectData, cqns, draft }) => {
+const _addSubDeepUpdateCQN = async ({ model, compositionTree, data, selectData, cqns, draft, req }) => {
   // We handle each level for deepUpdate, the moment we see that there will be an INSERT,
   // it'll be removed from our deepUpdateData (and handled deep separately).
-  const entity = definitions && definitions[compositionTree.source]
+  const entity = model.definitions[compositionTree.source]
 
   if (entity._hasPersistenceSkip) return Promise.resolve()
 
@@ -234,21 +228,22 @@ const _addSubDeepUpdateCQN = ({ definitions, compositionTree, data, selectData,
     selectData,
     updateCQNs,
     insertCQN,
-    definitions
+    model
   })
 
-  _addSubDeepUpdateCQNCollect(definitions, cqns, updateCQNs, insertCQN, deleteCQN)
+  await _addSubDeepUpdateCQNCollect(model, cqns, updateCQNs, insertCQN, deleteCQN, req)
 
   if (deepUpdateData.length === 0) return Promise.resolve()
 
   return _addSubDeepUpdateCQNRecursion({
-    definitions,
+    model,
     compositionTree,
     entity,
     data: deepUpdateData,
     selectData,
     cqns,
-    draft
+    draft,
+    req
   })
 }
 
@@ -256,11 +251,11 @@ const _addSubDeepUpdateCQN = ({ definitions, compositionTree, data, selectData,
  * exports
  */
 
-const hasDeepUpdate = (definitions, cqn) => {
+const hasDeepUpdate = (model, cqn) => {
   if (cqn && cqn.UPDATE && cqn.UPDATE.entity && (cqn.UPDATE.data || cqn.UPDATE.with)) {
     const updateEntity = cqn.UPDATE.entity
     const entityName = (updateEntity.ref && updateEntity.ref[0]) || updateEntity.name || updateEntity
-    const entity = definitions && definitions[ensureNoDraftsSuffix(entityName)]
+    const entity = model.definitions[ensureNoDraftsSuffix(entityName)]
 
     if (entity) {
       const keys = Object.keys(Object.assign({}, cqn.UPDATE.data || {}, cqn.UPDATE.with || {}))
@@ -271,7 +266,8 @@ const hasDeepUpdate = (definitions, cqn) => {
   return false
 }
 
-const getDeepUpdateCQNs = (definitions, cqn, selectData) => {
+const getDeepUpdateCQNs = async (model, req, selectData) => {
+  const { query } = req
   if (!Array.isArray(selectData)) selectData = [selectData]
 
   if (selectData.length === 0) return []
@@ -279,22 +275,31 @@ const getDeepUpdateCQNs = (definitions, cqn, selectData) => {
   if (selectData.length > 1) throw getError('Deep update can only be performed on a single instance')
 
   const cqns = []
-  const from = (cqn.UPDATE.entity.ref && cqn.UPDATE.entity.ref[0]) || cqn.UPDATE.entity.name || cqn.UPDATE.entity
+  const from =
+    (query.UPDATE.entity.ref && query.UPDATE.entity.ref[0]) || query.UPDATE.entity.name || query.UPDATE.entity
   const entityName = ensureNoDraftsSuffix(from)
   const draft = entityName !== from
-  const data = cqn.UPDATE.data ? deepCopyObject(cqn.UPDATE.data) : {}
-  const withObj = cqn.UPDATE.with ? deepCopyObject(cqn.UPDATE.with) : {}
-  const entity = definitions && definitions[entityName]
+  const data = query.UPDATE.data ? deepCopyObject(query.UPDATE.data) : {}
+  const withObj = query.UPDATE.with ? deepCopyObject(query.UPDATE.with) : {}
+  const entity = model.definitions[entityName]
   const entry = Object.assign({}, data, withObj, ctUtils.key(entity, selectData[0]))
   const compositionTree = getCompositionTree({
-    definitions,
+    definitions: model.definitions,
     rootEntityName: entityName,
     checkRoot: false,
     resolveViews: !draft,
     service: cds.db
   })
 
-  const subCQNs = _addSubDeepUpdateCQN({ definitions, compositionTree, data: [entry], selectData, cqns: [], draft })
+  const subCQNs = await _addSubDeepUpdateCQN({
+    model,
+    compositionTree,
+    data: [entry],
+    selectData,
+    cqns: [],
+    draft,
+    req
+  })
   subCQNs.forEach((subCQNs, index) => {
     cqns[index] = cqns[index] || []
     cqns[index].push(...subCQNs)

package/libx/_runtime/common/error/frontend.js

@@ -30,9 +30,8 @@ const _getFiltered = err => {
   Object.keys(err)
     .concat(['message'])
     .forEach(k => {
-      if (k === 'innererror' && process.env.NODE_ENV === 'production') {
-        return
-      }
+      // REVISIT: do not remove innererror with cds^6
+      if (k === 'innererror' && process.env.NODE_ENV === 'production' && !err[SKIP_SANITIZATION]) return
       if (ALLOWED_PROPERTIES.includes(k) || k.startsWith('@')) {
         error[k] = err[k]
       } else if (k === 'numericSeverity') {
@@ -90,6 +89,20 @@ const _anonymousUser = req => {
   return Object.defineProperty(new cds.User(), '_req', { enumerable: false, value: req })
 }
 
+// - for one unique value, we use it
+// - if at least one 5xx exists, we use 500
+// - else if at least one 4xx exists, we use 400
+// - else we use 500
+const _statusCodeFromDetails = details => {
+  const uniqueStatusCodes = new Set(
+    details.map(d => d.status || d.statusCode || d.code).map(c => (!isNaN(c) && Number(c)) || c)
+  )
+  if (uniqueStatusCodes.size === 1) return uniqueStatusCodes.values().next().value
+  if ([...uniqueStatusCodes].some(s => s >= 500)) return 500
+  if ([...uniqueStatusCodes].some(s => s >= 400)) return 400
+  return 500
+}
+
 const normalizeError = (err, req) => {
   const user = (req && req.user) || _anonymousUser(req)
   const locale = user.locale
@@ -98,8 +111,9 @@ const normalizeError = (err, req) => {
 
   // derive status code from err status OR root code OR matching detail codes
   let statusCode = err.status || err.statusCode || (_isAllowedError(error.code) && error.code)
-  if (!statusCode && error.details && error.details.every(ele => ele.code === error.details[0].code)) {
-    statusCode = _isAllowedError(error.details[0].code) < 505 && error.details[0].code
+  if (!statusCode && error.details) {
+    const detailsCode = _statusCodeFromDetails(error.details)
+    if (_isAllowedError(detailsCode)) statusCode = detailsCode
   }
 
   // make sure it's a number

package/libx/_runtime/common/generic/auth.js

@@ -5,7 +5,7 @@
 const cds = require('../../cds')
 const { SELECT } = cds.ql
 
-const { getRequiresAsArray } = require('../utils/auth')
+const { getRequiresAsArray } = require('../../auth/utils')
 const { cqn2cqn4sql } = require('../utils/cqn2cqn4sql')
 const { isActiveEntityRequested, removeIsActiveEntityRecursively } = require('../../fiori/utils/where')
 const { ensureNoDraftsSuffix } = require('../../fiori/utils/handler')
@@ -226,88 +226,6 @@ const _getMergedWhere = restricts => {
   return xprs
 }
 
-const _findTableName = (ref, aliases) => {
-  const maxLength = Math.max(...aliases.map(alias => alias.length))
-  let name = ''
-  for (let i = 0; i < ref.length; i++) {
-    name += name.length !== 0 ? `.${ref[i]}` : ref[i]
-
-    if (name >= maxLength) {
-      break
-    }
-
-    const aliasIndex = aliases.indexOf(name)
-    if (aliasIndex !== -1) {
-      return { refIndex: i, aliasIndex: aliasIndex, name: name }
-    }
-  }
-
-  return { refIndex: -1 }
-}
-
-const _getTableForColumn = (col, aliases, model) => {
-  for (let i = 0; i < aliases.length; i++) {
-    const index = aliases.length - i - 1
-    const alias = aliases[index]
-    if (Object.keys(model.definitions[alias].elements).includes(col)) {
-      return { index, table: alias.replace(/\./g, '_') }
-    }
-  }
-
-  return { index: -1 }
-}
-
-const _adaptTableName = (ref, index, name) => {
-  const tableName = name.replace(/\./g, '_')
-  ref.splice(0, index + 1, tableName)
-}
-
-const _ensureTableAlias = (ref, aliases, targetFrom, model, hasExpand) => {
-  const nameObj = _findTableName(ref, aliases)
-  if (nameObj.refIndex === -1) {
-    const { index, table } = _getTableForColumn(ref[0], aliases, model)
-    if (index !== -1) {
-      nameObj.aliasIndex = index
-      if (table === targetFrom.name && targetFrom.as) {
-        ref.unshift(targetFrom.as)
-      } else {
-        ref.unshift(table)
-      }
-    }
-  } else {
-    _adaptTableName(ref, nameObj.refIndex, nameObj.name)
-  }
-}
-
-const _enhanceAnnotationSubSelect = (select, model, targetName, targetFrom, hasExpand) => {
-  if (select.where) {
-    for (const v of select.where) {
-      if (v.ref && select.from.ref) {
-        _ensureTableAlias(v.ref, [targetName, select.from.ref[0]], targetFrom, model, hasExpand)
-      }
-    }
-  }
-}
-
-// Add alias symbols to refs if needed and mark ref (for expand) and SELECT.from (for draft)
-const _enhanceAnnotationWhere = (query, where, model) => {
-  const cqn2cqn4sqlOptions = { suppressSearch: true }
-  query = cqn2cqn4sql(query, model, cqn2cqn4sqlOptions)
-  const hasExpand = query.SELECT && query.SELECT.columns && query.SELECT.columns.some(col => col.expand)
-  const targetFrom = query.SELECT
-    ? { name: query.SELECT.from.ref[0].replace(/\./g, '_'), as: query.SELECT.from.as }
-    : {}
-  for (const w of where) {
-    if (w.ref) {
-      // REVISIT: can this case be removed permanently?
-      // _ensureTableAlias(w.ref, [query._target.name], targetFrom, model, hasExpand)
-    } else if (w.SELECT) {
-      _enhanceAnnotationSubSelect(w.SELECT, model, query._target.name, targetFrom, hasExpand)
-      w.SELECT.__targetFrom = targetFrom
-    }
-  }
-}
-
 const _getApplicables = (restricts, req) => {
   return restricts.filter(restrict => {
     const event = DRAFT2CRUD[req.event] || req.event
@@ -419,9 +337,26 @@ const _addRestrictionsToRead = async (req, model, resolvedApplicables) => {
 
   const restrictionForTarget = _getRestrictionForTarget(resolvedApplicables, req.target)
   if (restrictionForTarget) {
+    // adjust free subselects, if necessary
+    if (resolvedApplicables.some(ra => ra.where.match(/\s*exists\s*\(\s*select\s*1\s*/i))) {
+      for (const ele of restrictionForTarget) {
+        if (typeof ele !== 'object' || !ele.SELECT || !ele.SELECT.where) continue
+        for (const w of ele.SELECT.where) {
+          if (w.ref && w.ref.length > 2) {
+            let path = w.ref[0]
+            if (!model.definitions[path]) continue
+            let i = 1
+            for (; i < w.ref.length; i++) {
+              if (model.definitions[`${path}.${w.ref[i]}`]) path += `.${w.ref[i]}`
+              else break
+            }
+            w.ref = [path, ...w.ref.slice(i)]
+          }
+        }
+      }
+    }
+    // apply restriction
     req.query.where(restrictionForTarget)
-    // REVISIT: remove with cds^6
-    _enhanceAnnotationWhere(req.query, restrictionForTarget, model)
   }
 }
 

package/libx/_runtime/common/generic/crud.js

@@ -4,6 +4,7 @@ const { SELECT } = cds.ql
 const getTemplate = require('../utils/template')
 const templateProcessor = require('../utils/templateProcessor')
 const replaceManagedData = require('../utils/dollar')
+const { deepCopyArray } = require('../utils/copy')
 
 const onlyKeysRemain = require('../utils/onlyKeysRemain')
 
@@ -67,6 +68,7 @@ const _updateReqData = (req, that) => {
 }
 
 module.exports = cds.service.impl(function () {
+  // eslint-disable-next-line complexity
   this.on(['CREATE', 'READ', 'UPDATE', 'DELETE'], '*', async function (req) {
     if (typeof req.query !== 'string' && req.target && req.target._hasPersistenceSkip) {
       req.reject(501, 'PERSISTENCE_SKIP_NO_GENERIC_CRUD', [req.target.name])
@@ -77,6 +79,19 @@ module.exports = cds.service.impl(function () {
 
     let result
 
+    // validate that all elements in path exist on db, if necessary
+    // - INSERT has no where clause to do this in one roundtrip
+    // - SELECT returns [] -> really empty collection or invalid path?
+    let pathExistsQuery
+    const { ref } = (req.query.INSERT && req.query.INSERT.into) || (req.query.SELECT && req.query.SELECT.from) || {}
+    // REVISIT: why is copy necessary?
+    if (ref && ref.length > 1) pathExistsQuery = SELECT(1).from({ ref: deepCopyArray(ref.slice(0, -1)) })
+
+    if (req.event === 'CREATE' && pathExistsQuery) {
+      const res = await pathExistsQuery
+      if (res.length === 0) req.reject(404)
+    }
+
     // no changes, no op (otherwise, @cds.on.update gets new values), but we need to check existence
     if (req.event === 'UPDATE' && onlyKeysRemain(req)) {
       if (await _targetEntityDoesNotExist(req)) req.reject(404)
@@ -95,7 +110,13 @@ module.exports = cds.service.impl(function () {
       result = await cds.tx(req).run(req.query, req.data)
     }
 
-    if (req.event === 'READ') return result
+    if (req.event === 'READ') {
+      if ((result == null || result.length === 0) && pathExistsQuery) {
+        const res = await pathExistsQuery
+        if (res.length === 0) req.reject(404)
+      }
+      return result
+    }
 
     if (req.event === 'DELETE') {
       if (result === 0) req.reject(404)

package/libx/_runtime/common/i18n/messages.properties

@@ -55,6 +55,7 @@ NON_WRITABLE_VIEW={0} on views with join and/or union is not supported
 # db
 NO_DATABASE_CONNECTION=No database connection
 ENTITY_ALREADY_EXISTS=Entity already exists
+ENTITY_LOCKED=Entity locked
 UNIQUE_CONSTRAINT_VIOLATION=Unique constraint violation
 FK_CONSTRAINT_VIOLATION=Foreign key constraint violation
 
@@ -72,8 +73,8 @@ ENTITY_IS_NOT_CRUD=Entity "{0}" is not {1}
 ENTITY_IS_NOT_CRUD_VIA_NAVIGATION=Entity "{0}" is not {1} via association "{2}"
 ENTITY_IS_AUTOEXPOSED=Entity "{0}" is not explicitely exposed as part of the service
 EXPAND_IS_RESTRICTED=Navigation property "{0}" is not allowed for expand operation
-
 EXPAND_COUNT_UNSUPPORTED="$count" is not supported for expand operation
+ORDERBY_LAMBDA_UNSUPPORTED="$orderby" does not support lambda
 
 # rest protocol adapter
 INVALID_RESOURCE="{0}" is not a valid resource

package/libx/_runtime/common/utils/cqn.js

@@ -52,12 +52,8 @@ function targetFromPath(path, model) {
         ? definitions[current.elements[r.id].target]
         : definitions[r.id] || definitions[r.id.replace(/_drafts$/, '')]
     } else {
-      const next = current.elements[r]
-      if (next.isAssociation) {
-        current = definitions[next.target]
-      } else {
-        current = next
-      }
+      const next = current ? current.elements[r] : definitions[r]
+      current = next.isAssociation ? definitions[next.target] : next
     }
   }
   return current