@sap/cds 5.9.8 → 6.0.1

package/libx/_runtime/common/aspects/Association.js

@@ -1,88 +1,74 @@
-// global.cds is used on purpose here!
-const cds = global.cds
+const cds = require('../../cds')
 
-// requesting logger without module on purpose!
-const LOG = cds.log()
+const { foreignKeyPropagations } = require('../utils/foreignKeyPropagations')
 
-const ODATA_CONTAINED = '@odata.contained'
+const _hasJoinCondition = e => e.isAssociation && e.on && e.on.length > 2
 
-const { isSelfManaged, isBacklink, getAnchor, getBacklink } = require('./utils')
-const { foreignKeyPropagations } = require('../utils/foreignKeyPropagations')
+const _isSelfRef = e => e.ref && e.ref[0] === '$self'
 
-const _logDeprecationForODataContained = () => {
-  if (!cds._deprecationWarningForODataContained) {
-    LOG._warn &&
-      LOG.warn(
-        'Annotation "@odata.contained" is deprecated and will be removed in an upcoming release. Use compositions instead of associations.'
-      )
-    cds._deprecationWarningForODataContained = true
-  }
+const _getBacklinkName = on => {
+  const i = on.findIndex(_isSelfRef)
+  if (i === -1) return
+  let ref
+  if (on[i + 1] && on[i + 1] === '=') ref = on[i + 2].ref
+  if (on[i - 1] && on[i - 1] === '=') ref = on[i - 2].ref
+  return ref && ref[ref.length - 1]
 }
 
-module.exports = class {
-  get _isAssociationStrict() {
-    return (
-      this.own('__isAssociationStrict') ||
-      this.set('__isAssociationStrict', !!(this.isAssociation && !this.isComposition))
-    )
-  }
+const isSelfManaged = e => {
+  if (!_hasJoinCondition(e)) return
+  return !!e.on.find(_isSelfRef)
+}
 
-  get _isAssociationEffective() {
-    this[ODATA_CONTAINED] && _logDeprecationForODataContained()
-    return (
-      this.own('__isAssociationEffective') ||
-      this.set(
-        '__isAssociationEffective',
-        this._isAssociationStrict && (!this[ODATA_CONTAINED] || this.name === 'DraftAdministrativeData')
-      )
-    )
+const _isUnManagedAssociation = (e, checkComposition) =>
+  e.isAssociation && (!checkComposition || e.isComposition) && _hasJoinCondition(e)
+
+const getAnchor = (e, checkComposition) => {
+  if (!(e._isAssociationStrict && (e.keys || e.on))) return
+  for (const anchor of Object.values(e._target.associations || {})) {
+    if (!_isUnManagedAssociation(anchor, checkComposition)) continue
+    if (_getBacklinkName(anchor.on) === e.name && anchor.target === e.parent.name) return anchor
   }
+}
 
-  get _isCompositionEffective() {
-    this[ODATA_CONTAINED] && _logDeprecationForODataContained()
-    return (
-      this.own('__isCompositionEffective') ||
-      this.set(
-        '__isCompositionEffective',
-        this.isComposition ||
-          (this._isAssociationStrict && this[ODATA_CONTAINED] && this.name !== 'DraftAdministrativeData')
-      )
-    )
+const getBacklink = (e, checkComposition) => {
+  if (!_isUnManagedAssociation(e, checkComposition)) return
+  const backlinkName = _getBacklinkName(e.on)
+  if (backlinkName) return e._target && e._target.elements && e._target.elements[backlinkName]
+}
+
+module.exports = class {
+  get _isAssociationStrict() {
+    return this.own('__isAssociationStrict', () => !this.isComposition)
   }
 
   get _isContained() {
-    this[ODATA_CONTAINED] && _logDeprecationForODataContained()
     return (
-      this.own('__isContained') ||
-      this.set(
-        '__isContained',
-        this.name !== 'DraftAdministrativeData_DraftUUID' &&
-          ((this.isAssociation && this[ODATA_CONTAINED]) || (this.isComposition && cds.env.effective.odata.containment))
-      )
+      this.own('__isContained') || this.set('__isContained', this.isComposition && cds.env.effective.odata.containment)
     )
   }
 
   get _isSelfManaged() {
-    return this.own('__isSelfManaged') || this.set('__isSelfManaged', isSelfManaged(this))
+    return this.own('__isSelfManaged', () => isSelfManaged(this))
   }
 
   get _isBacklink() {
-    return this.own('__isBacklink') || this.set('__isBacklink', isBacklink(this))
+    return this.own('__isBacklink', () => !!getAnchor(this))
   }
 
   get _isCompositionBacklink() {
-    return this.own('__isCompositionBacklink') || this.set('__isCompositionBacklink', isBacklink(this, true))
+    return this.own('__isCompositionBacklink', () => !!getAnchor(this, true))
   }
 
   get _anchor() {
-    return this.own('__anchor') || this.set('__anchor', getAnchor(this))
+    return this.own('__anchor', () => getAnchor(this))
   }
 
   get _backlink() {
-    return this.own('__backlink') || this.set('__backlink', getBacklink(this))
+    return this.own('__backlink', () => getBacklink(this))
   }
 
   get _foreignKeys() {
-    return this.own('__foreignKeys') || this.set('__foreignKeys', foreignKeyPropagations(this))
+    return this.own('__foreignKeys', () => foreignKeyPropagations(this))
   }
 }

package/libx/_runtime/common/aspects/any.js

@@ -1,27 +1,82 @@
-const { getRelations, isMandatory, isReadOnly } = require('./utils')
 const { foreignKey4 } = require('../../common/utils/foreignKeyPropagations')
 
 // NOTE: Please only add things which are relevant to _any_ type,
 // use specialized types otherwise (entity, Association, ...).
 module.exports = class {
   get _isStructured() {
-    return this.own('__isStructured') || this.set('__isStructured', !!this.elements && this.kind !== 'entity')
+    return this.own('__isStructured', () => !!this.elements && this.kind !== 'entity')
   }
 
   get _isMandatory() {
-    return this.own('__isMandatory') || this.set('__isMandatory', !this.isAssociation && isMandatory(this))
+    return this.own('__isMandatory', () => !this.isAssociation && isMandatory(this))
   }
 
   get _isReadOnly() {
-    return this.own('__isReadOnly') || this.set('__isReadOnly', !this.key && isReadOnly(this))
+    return this.own('__isReadOnly', () => !this.key && isReadOnly(this))
   }
 
   // REVISIT: Where to put?
   get _relations() {
-    return this.own('__relations') || this.set('__relations', getRelations(this))
+    return this.own('__relations', () => getRelations(this))
   }
 
   get _foreignKey4() {
-    return this.own('__foreignKey4') || this.set('__foreignKey4', foreignKey4(this))
+    return this.own('__foreignKey4', () => foreignKey4(this))
   }
 }
+
+const Relation = require('./relation')
+const _exposeRelation = relation => Object.defineProperty({}, '_', { get: () => relation })
+
+const _relationHandler = relation => ({
+  get: (target, name) => {
+    const path = name.split(',')
+    const prop = path.join('_')
+    if (!target[prop]) {
+      if (path.length === 1) {
+        // REVISIT: property 'join' must not be used in CSN to make this working
+        if (relation._has(prop)) return relation[prop]
+        const newRelation = Relation.to(relation, prop)
+        if (newRelation) {
+          target[prop] = new Proxy(_exposeRelation(newRelation), _relationHandler(newRelation))
+        }
+        return target[prop]
+      }
+      target[prop] = path.reduce((r, p) => r[p] || r.csn._relations[p], relation)
+      target[prop].path = path
+    }
+    return target[prop]
+  }
+})
+
+const getRelations = e => {
+  const newRelation = Relation.to(e)
+  return new Proxy(_exposeRelation(newRelation), _relationHandler(newRelation))
+}
+
+const CommonFieldControl = e => {
+  const cfr = e['@Common.FieldControl']
+  return cfr && cfr['#']
+}
+
+const isMandatory = e => {
+  return (
+    e['@assert.mandatory'] !== false &&
+    (e['@mandatory'] ||
+      e['@Common.FieldControl.Mandatory'] ||
+      e['@FieldControl.Mandatory'] ||
+      CommonFieldControl(e) === 'Mandatory')
+  )
+}
+
+const isReadOnly = e => {
+  return (
+    e['@readonly'] ||
+    e['@cds.on.update'] ||
+    e['@cds.on.insert'] ||
+    e['@Core.Computed'] ||
+    e['@Common.FieldControl.ReadOnly'] ||
+    e['@FieldControl.ReadOnly'] ||
+    CommonFieldControl(e) === 'ReadOnly'
+  )
+}

package/libx/_runtime/common/aspects/entity.js

@@ -1,12 +1,3 @@
-/*
-// global.cds is used on purpose here!
-const cds = global.cds
-*/
-
-const { getETag, hasPersonalData, hasSensitiveData } = require('./utils')
-
-let getSearchableColumns
-
 const _flat2struct = (def, prefix = '') => {
   const map = {}
   for (const ele in def.elements) {
@@ -19,90 +10,39 @@ const _flat2struct = (def, prefix = '') => {
 
 module.exports = class {
   get _isSingleton() {
-    return (
-      this.own('__isSingleton') ||
-      this.set(
-        '__isSingleton',
-        !!(this['@odata.singleton'] || (this['@odata.singleton.nullable'] && this['@odata.singleton'] !== false))
-      )
+    return this.own(
+      '__isSingleton',
+      () => this['@odata.singleton'] || (this['@odata.singleton.nullable'] && this['@odata.singleton'] !== false)
     )
   }
 
   get _hasPersistenceSkip() {
-    return (
-      this.own('__hasPersistenceSkip') ||
-      this.set(
-        '__hasPersistenceSkip',
-        !!(this.own('@cds.persistence.skip') && this.own('@cds.persistence.skip') !== 'if-unused')
-      )
+    return this.own(
+      '__hasPersistenceSkip',
+      () => this.own('@cds.persistence.skip') && this.own('@cds.persistence.skip') !== 'if-unused'
     )
   }
 
   get _isDraftEnabled() {
-    return (
-      this.own('__isDraftEnabled') ||
-      this.set(
-        '__isDraftEnabled',
-        !!(
-          (this.associations && this.associations.DraftAdministrativeData) ||
-          this.name.match(/\.DraftAdministrativeData$/) ||
-          (this.own('@odata.draft.enabled') && this.own('@Common.DraftRoot.ActivationAction'))
-        )
+    return this.own('__isDraftEnabled', () => {
+      return (
+        (this.associations && this.associations.DraftAdministrativeData) ||
+        this.name.match(/\.DraftAdministrativeData$/) ||
+        (this.own('@odata.draft.enabled') && this.own('@Common.DraftRoot.ActivationAction'))
       )
-    )
-  }
-
-  get _searchableColumns() {
-    // lazily require on first use
-    getSearchableColumns =
-      getSearchableColumns || require('../../cds-services/services/utils/columns').getSearchableColumns
-    return this.own('__searchableColumns') || this.set('__searchableColumns', getSearchableColumns(this))
+    })
   }
 
   get _etag() {
-    return this.own('__etag') || this.set('__etag', getETag(this))
-  }
-
-  /*
-   * audit logging
-   */
-
-  get _hasPersonalData() {
-    return this.own('__hasPersonalData') || this.set('__hasPersonalData', hasPersonalData(this))
-  }
-
-  get _hasSensitiveData() {
-    return this.own('__hasSensitiveData') || this.set('__hasSensitiveData', hasSensitiveData(this))
-  }
-
-  get _auditCreate() {
-    return (
-      this.own('__auditCreate') ||
-      this.set('__auditCreate', !!(this._hasPersonalData && this['@AuditLog.Operation.Insert']))
-    )
-  }
-
-  get _auditRead() {
-    return (
-      this.own('__auditRead') || this.set('__auditRead', !!(this._hasPersonalData && this['@AuditLog.Operation.Read']))
-    )
-  }
-
-  get _auditUpdate() {
-    return (
-      this.own('__auditUpdate') ||
-      this.set('__auditUpdate', !!(this._hasPersonalData && this['@AuditLog.Operation.Update']))
-    )
-  }
-
-  get _auditDelete() {
-    return (
-      this.own('__auditDelete') ||
-      this.set('__auditDelete', !!(this._hasPersonalData && this['@AuditLog.Operation.Delete']))
-    )
+    return this.own('__etag', () => {
+      for (const el in this.elements) {
+        const element = this.elements[el]
+        if (element['@odata.etag']) return element
+      }
+    })
   }
 
   get _flat2struct() {
-    return this.own('_flat2struct') || this.set('_flat2struct', _flat2struct(this))
+    return this.own('_flat2struct', () => _flat2struct(this))
   }
 }

package/libx/_runtime/common/composition/data.js

@@ -66,7 +66,7 @@ const _whereKeys = keys => {
   const where = []
   keys.forEach(key => {
     if (where.length) where.push('or')
-    where.push('(', ...ctUtils.whereKey(key), ')')
+    where.push({ xpr: [...ctUtils.whereKey(key)] })
   })
   return where
 }
@@ -137,7 +137,7 @@ const _subWhere = (result, element) => {
       const whereCQN = ctUtils.whereKey(whereObj)
       if (whereCQN.length) {
         if (where.length > 0) where.push('or')
-        where.push('(', ...whereCQN, ')')
+        where.push({ xpr: [...whereCQN] })
       }
     }
   }

package/libx/_runtime/common/composition/delete.js

@@ -84,16 +84,16 @@ function _getSubWhereAndEntities(element, parentWhere, draft, level = 0, composi
   }
 
   if (whereKeys.length > 0) {
-    where.push('(', ...whereKeys, ')', 'and')
+    where.push({ xpr: [...whereKeys] }, 'and')
   }
   if (staticWhereValues.length > 0) {
-    where.push('(', ...staticWhereValues, ')', 'and')
+    where.push({ xpr: [...staticWhereValues] }, 'and')
   }
   where.push('exists', {
     SELECT: {
       columns: [{ val: 1, as: '_exists' }],
       from: { ref: [entity2.entityName], as: entity2.alias },
-      where: parentWhere && parentWhere.length ? ['(', ...parentWhere, ')', 'and', '(', ...subWhere, ')'] : subWhere
+      where: parentWhere && parentWhere.length ? [{ xpr: [...parentWhere] }, 'and', { xpr: [...subWhere] }] : subWhere
     }
   })
 
@@ -137,7 +137,7 @@ function _getStaticWhere(allBackLinks, entity1) {
 
 const _addToCQNs = (cqns, subCQN, element, model, level) => {
   // REVISIT:
-  // The compiler generates foreign-key constraints (except if !cds.env.features._db_foreign_key_constraints)
+  // The compiler generates foreign-key constraints (if features.assert_integrity_type = 'DB')
   // and enables DELETE CASCADE. For these cases, the runtime doesn't need to delete compositions
   // manually, it's done by the database itself.
   // However, there are cases (unmanaged compositions), where this doesn't happen.
@@ -197,7 +197,7 @@ const hasDeepDelete = (model, cqn) => {
 
   const entity = model.definitions[ensureNoDraftsSuffix(from)]
 
-  if (entity) return !!Object.keys(entity.elements || {}).find(k => entity.elements[k]._isCompositionEffective)
+  if (entity) return !!Object.keys(entity.elements || {}).find(k => entity.elements[k].isComposition)
 
   return false
 }
@@ -229,14 +229,15 @@ const _getDataFromOncond = (onCond, parent) => {
 const getSetNullParentForeignKeyCQNs = async (model, req, dbQuery) => {
   const cqns = []
   const query = dbQuery || req.query
-  const origQuery = (req._tx instanceof cds.DatabaseService && req._ && req._.query) || req.query
+  // REVISIT: req._tx should not be used like that!
+  const origQuery = (req.tx instanceof cds.DatabaseService && req._ && req._.query) || req.query
   if (!dbQuery && origQuery && origQuery.DELETE && origQuery.DELETE.from.ref && origQuery.DELETE.from.ref.length > 1) {
     // delete via 2one navigation => parent is known => no need to SELECT
     const ref = origQuery.DELETE.from.ref
     const cqn = cqn2cqn4sql(UPDATE.entity({ ref: ref.slice(0, ref.length - 1) }), model)
     const { target: parent, elementName } = resolveNavigationTarget(cqn, ref, model)
     const element = parent.elements[elementName]
-    if (element && element._isCompositionEffective && element.is2one) {
+    if (element && element.isComposition && element.is2one) {
       const onCond = element && parent._relations[element.name].join('$$whatever', '$$parent')
       const data = _getDataFromOncond(onCond, parent)
       cqn.data(data)

package/libx/_runtime/common/composition/tree.js

@@ -32,7 +32,7 @@ const _foreignKeysToLinks = (element, inverse) =>
 const _resolvedElement = (element, service) => {
   if (!element.target) return element
   // skip forbidden view check if association to view with foreign key in target
-  const skipForbiddenViewCheck = element._isAssociationStrict && !element['@odata.contained']
+  const skipForbiddenViewCheck = element._isAssociationStrict
   const { target, mapping } = getTransition(element._target, service, skipForbiddenViewCheck)
   const newElement = { target: target.name, _target: target }
   Object.setPrototypeOf(newElement, element)
@@ -49,12 +49,12 @@ const _resolvedElement = (element, service) => {
 }
 
 const _navigationExistsInCompositionMap = (element, compositionMap) =>
-  compositionMap.has(element.target) && element._isCompositionEffective
+  compositionMap.has(element.target) && element.isComposition
 
 const _isUnManaged = element => element.on && !element._isSelfManaged
 
 const _isNonRecursiveNavigation = (element, rootEntityName) =>
-  rootEntityName !== element.target && element._isCompositionEffective
+  rootEntityName !== element.target && element.isComposition
 
 const _skipPersistence = (element, definitions) => definitions[element.target]._hasPersistenceSkip
 
@@ -111,7 +111,7 @@ const _getCompositionTreeRec = ({
         const targetEntity = definitions[element.target]
         for (const backLinkName in targetEntity.elements) {
           const _backLink = targetEntity.elements[backLinkName]
-          if (!_backLink._isAssociationEffective) continue
+          if (!_backLink._isAssociationStrict) continue
           if (
             _backLink._isCompositionBacklink &&
             _backLink.target === compositionElement.target &&
@@ -148,7 +148,7 @@ const _getCompositionTreeRec = ({
         service
       })
     } else if (
-      element._isAssociationEffective &&
+      element._isAssociationStrict &&
       element._isCompositionBacklink &&
       element.target === compositionTree.target &&
       compositionMap.has(element.target)
@@ -190,7 +190,7 @@ const _getCompositionTree = ({ definitions, rootEntityName, checkRoot = true, re
   const rootName = resolveViews ? _resolvedEntityName(rootEntityName, definitions) : rootEntityName
 
   if (checkRoot && !isRootEntity(definitions, rootEntityName)) {
-    throw getError(`Entity "${rootEntityName}" is not root entity`)
+    throw getError(400, `Entity "${rootEntityName}" is not root entity`)
   }
   const compositionTree = {}
   _getCompositionTreeRec({
@@ -217,7 +217,7 @@ const _cacheCompositionParentsOfOne = ({ definitions }) => {
     if (!parent.kind === 'entity' || !parent.elements) continue
     for (const elementName in parent.elements) {
       const element = parent.elements[elementName]
-      if (element._isCompositionEffective && element.is2one && !element._isSelfManaged) {
+      if (element.isComposition && element.is2one && !element._isSelfManaged) {
         const targetName = element.target
         const target = definitions[targetName]
         if (!target) continue
@@ -243,7 +243,7 @@ const _memoizeGetCompositionTree = fn => {
 
     // use ApplicationService as cache key for extensibility
     // REVISIT: context._tx is not a stable API -> pls do not rely on that
-    const cacheKey = (cds.context && cds.context._tx && Object.getPrototypeOf(cds.context._tx)) || definitions
+    const cacheKey = (cds.context && cds.context.tx && Object.getPrototypeOf(cds.context.tx)) || definitions
 
     const map = cache.get(cacheKey)
     const cachedResult = map && map.get(key)
@@ -266,14 +266,14 @@ const _memoizeGetCompositionTree = fn => {
 const getCompositionRoot = (definitions, entity) => {
   const associationElements = Object.keys(entity.elements)
     .map(key => entity.elements[key])
-    .filter(element => element._isAssociationEffective)
+    .filter(element => element._isAssociationStrict)
 
   for (const { target } of associationElements) {
     const parentEntity = definitions[target]
     for (const parentElementName in parentEntity.elements) {
       const parentElement = parentEntity.elements[parentElementName]
       if (
-        parentElement._isCompositionEffective &&
+        parentElement.isComposition &&
         parentElement.target === entity.name &&
         parentElement.target !== ensureNoDraftsSuffix(parentElement.parent.name)
       ) {

package/libx/_runtime/common/composition/update.js

@@ -43,7 +43,7 @@ function _addSubDeepUpdateCQNForDelete({ entity, data, selectData, deleteCQN })
       if (deleteCQN.DELETE.where.length > 0) {
         deleteCQN.DELETE.where.push('or')
       }
-      deleteCQN.DELETE.where.push('(', ...ctUtils.whereKey(ctUtils.key(entity, selectEntry)), ')')
+      deleteCQN.DELETE.where.push({ xpr: [...ctUtils.whereKey(ctUtils.key(entity, selectEntry))] })
     }
   }
 }
@@ -254,7 +254,8 @@ const _addSubDeepUpdateCQN = async ({ model, compositionTree, data, selectData,
 const hasDeepUpdate = (model, cqn) => {
   if (cqn && cqn.UPDATE && cqn.UPDATE.entity && (cqn.UPDATE.data || cqn.UPDATE.with)) {
     const updateEntity = cqn.UPDATE.entity
-    const entityName = (updateEntity.ref && updateEntity.ref[0]) || updateEntity.name || updateEntity
+    const entityName =
+      (updateEntity.ref && (updateEntity.ref[0].id || updateEntity.ref[0])) || updateEntity.name || updateEntity
     const entity = model.definitions[ensureNoDraftsSuffix(entityName)]
 
     if (entity) {

package/libx/_runtime/common/constants/events.js

@@ -0,0 +1,15 @@
+const MOD_EVENTS = { UPDATE: 1, DELETE: 1, EDIT: 1 }
+const WRITE_EVENTS = Object.assign({ CREATE: 1, NEW: 1, PATCH: 1, CANCEL: 1 }, MOD_EVENTS)
+const CRUD_EVENTS = Object.assign({ READ: 1 }, WRITE_EVENTS)
+const DRAFT_EVENTS = { PATCH: 1, CANCEL: 1, draftActivate: 1, draftPrepare: 1 }
+const DRAFT_MOD_EVENTS = { draftActivate: 1, EDIT: 1 }
+const CDS_EVENTS = Object.assign({}, CRUD_EVENTS, DRAFT_EVENTS)
+
+module.exports = {
+  MOD_EVENTS,
+  WRITE_EVENTS,
+  CRUD_EVENTS,
+  DRAFT_EVENTS,
+  CDS_EVENTS,
+  DRAFT_MOD_EVENTS
+}

package/libx/_runtime/common/error/entry.js

@@ -1,11 +1,11 @@
 /**
- * @param {number} [code] - The numeric code. Only if typeof msg === 'string'.
+ * @param {number|object} [code] - The numeric code. Only if typeof msg === 'string'.
  * @param {string|object} msg - The message or text key (string), or entry object (if more details are needed)
  * @param {number|string} [msg.code] - The numeric or text code.
  * @param {string} [msg.message] - The message or text key.
  * @param {string} [msg.target] - The target of the message.
  * @param {Array|object} [msg.args] - The placeholder values for messages with placeholders.
- * @param {any} [msg.<key>] - Additonal properties, e.g., for processing in custom logging (will not reach client).
+ * @param {any} [msg.<key>] - Additional properties, e.g., for processing in custom logging (will not reach client).
  * @param {string} [target] - The target of the message. Only if typeof msg === 'string'.
  * @param {Array|object} [args] - The placeholder values for messages with placeholders. Only if typeof msg === 'string'.
  * @returns {object} - The normalized entry
@@ -21,10 +21,16 @@ module.exports = (code, msg, target, args) => {
     // > params: msg, target?, args?
     ;[code, msg, target, args] = [undefined, code, msg, target]
   }
+
   if (target && typeof target === 'object') {
     // > params: code?, msg, args?
     ;[args, target] = [target]
   }
 
-  return { code, message: msg || (code && String(code)), target, args }
+  return {
+    code,
+    message: msg || (code && String(code)),
+    target,
+    args
+  }
 }

package/libx/_runtime/common/error/frontend.js

@@ -5,10 +5,8 @@
  *   [...]
  *   Error responses MAY contain annotations in any of its JSON objects.
  */
-
 const localeFrom = require('../../../../lib/req/locale')
 const { getErrorMessage } = require('./utils')
-
 let _i18n
 const i18n = (...args) => {
   if (!_i18n) _i18n = require('../i18n')
@@ -24,16 +22,12 @@ const {
 } = require('./constants')
 const ADDITIONAL_MSG_PROPERTIES = Object.keys(ADDITIONAL_MSG_PROPERTIES_MAP)
 
-const SKIP_SANITIZATION = '@cds.skip_sanitization'
-
 const _getFiltered = err => {
   const error = {}
 
   Object.keys(err)
     .concat(['message'])
     .forEach(k => {
-      // REVISIT: do not remove innererror with cds^6
-      if (k === 'innererror' && process.env.NODE_ENV === 'production' && !err[SKIP_SANITIZATION]) return
       if (k in ALLOWED_PROPERTIES_MAP || k.startsWith('@')) {
         error[k] = err[k]
       } else if (k === 'numericSeverity') {
@@ -44,10 +38,10 @@ const _getFiltered = err => {
   return error
 }
 
-const _rewrite = error => {
+const _rewriteDBError = error => {
   // REVISIT: db stuff probably shouldn't be here
   if (error.code === 'SQLITE_ERROR') {
-    error.code = '500'
+    error.code = 'null'
   } else if (
     (error.code.startsWith('SQLITE_CONSTRAINT') && error.message.match(/COMMIT/)) ||
     (error.code.startsWith('SQLITE_CONSTRAINT') && error.message.match(/FOREIGN KEY/)) ||
@@ -72,7 +66,7 @@ const _normalize = (err, locale, inner = false) => {
   error.code = String(error.code || 'null')
 
   // REVISIT: code and message rewriting
-  _rewrite(error)
+  _rewriteDBError(error)
 
   let statusCode = err.status || err.statusCode || (_isAllowedError(error.code) && error.code)
 
@@ -87,8 +81,8 @@ const _normalize = (err, locale, inner = false) => {
     statusCode = statusCode || _statusCodeFromDetails(childErrorCodes)
   }
 
-  // make sure it's a number, if it's an inner error don't set to 500, as will be set on root level if no other inner error has a statusCode
-  statusCode = statusCode ? Number(statusCode) : inner ? undefined : 500
+  // make sure it's a number if set, otherwise will be assigned as 500 in normalizeError
+  statusCode = statusCode ? Number(statusCode) : undefined
 
   return { error, statusCode }
 }
@@ -100,25 +94,25 @@ const _isAllowedError = errorCode => {
 // - for one unique value, we use it
 // - if at least one 5xx exists, we use 500
 // - else if at least one 4xx exists, we use 400
-// - else we use 500
 const _statusCodeFromDetails = uniqueStatusCodes => {
   if (uniqueStatusCodes.size === 1) return uniqueStatusCodes.values().next().value
   if ([...uniqueStatusCodes].some(s => s >= 500)) return 500
   if ([...uniqueStatusCodes].some(s => s >= 400)) return 400
-  return 500
 }
 
 const normalizeError = (err, req) => {
   const locale = req.locale || (req.locale = localeFrom(req))
-  const { error, statusCode } = _normalize(err, locale)
+  let { error, statusCode } = _normalize(err, locale)
 
-  // REVISIT: make === 500 in cds^6
-  // error[SKIP_SANITIZATION] is not an official API!!!
-  if (statusCode >= 500 && process.env.NODE_ENV === 'production' && !error[SKIP_SANITIZATION]) {
+  if ((!statusCode || (statusCode >= 500 && err._thrownByFramework)) && process.env.NODE_ENV === 'production') {
     // > return sanitized error to client
-    return { error: { code: `${statusCode}`, message: i18n(statusCode, locale) }, statusCode }
+    return {
+      error: { code: statusCode ? `${statusCode}` : '500', message: i18n(statusCode || 500, locale) },
+      statusCode: Number(statusCode) || 500
+    }
   }
-  delete error[SKIP_SANITIZATION]
+
+  if (!statusCode) statusCode = 500
 
   // no top level null codes
   if (error.code === 'null') {