@sap/cds 6.1.0 → 6.1.3

package/lib/req/context.js

@@ -12,11 +12,15 @@ const { EventEmitter } = require('events')
 class EventContext {
 
   /** Creates a new instance that inherits from cds.context */
-  static for (_) {
+  static for (_,_as_root) {
     const ctx = new this (_)
-    if (features.cds_tx_inheritance) {
-      const base = cds.context
-      if (base) ctx._set('_propagated', base)
+    const base = cds.context
+    if (base) {
+      ctx._set('_propagated', base) // we inherit from former cds.currents
+      if (!_as_root) {
+        if (!ctx.context) ctx._set('context', base.context) // all transaction handling works with root contexts
+        if (!ctx.tx && base.tx) ctx.tx = base.tx
+      }
     }
     return ctx
   }
@@ -38,7 +42,7 @@ class EventContext {
   //
 
   get emitter() {
-    return this.context._emitter || (this.context._emitter = new EventEmitter)
+    return this.context._emitter || this.context._set('_emitter', new EventEmitter)
   }
 
   async emit (event,...args) {
@@ -115,7 +119,8 @@ class EventContext {
   }
 
   get model() {
-    return super.model = this._propagated.model || this.http?.req.__model // IMPORTANT: Never use that anywhere else
+    const m = this._propagated.model || this.http?.req.__model // IMPORTANT: Never use that anywhere else
+    return this._set('model',m)
   }
   set model(m) {
     super.model = m
@@ -156,12 +161,11 @@ class EventContext {
    */
   set tx (tx) {
     Object.defineProperty (this,'tx',{value:tx}) //> allowed only once!
-    const ctx = tx.context
-    if (ctx && ctx !== this) {
-      if (!this.hasOwnProperty('context')) this.context = ctx // eslint-disable-line no-prototype-builtins
-
+    const root = tx.context?.context
+    if (root && root !== this) {
+      if (!this.hasOwnProperty('context')) this.context = root // eslint-disable-line no-prototype-builtins
       if (features.assert_integrity && features.assert_integrity_type == 'RT') {
-        const reqs = ctx._children || ctx._set('_children', {})
+        const reqs = root._children || root._set('_children', {})
         const all = reqs[tx.name] || (reqs[tx.name] = [])
         all.push(this)
       }

package/lib/srv/srv-api.js

@@ -56,6 +56,14 @@ class Service extends require('./srv-handlers') {
    * Querying API to send synchronous requests...
    */
   run (query, data) {
+    if (typeof query === 'function') {
+      const ctx = cds.context, fn = query
+      if (ctx?.tx && !ctx.tx._done) {
+        return fn (this.tx(ctx)) // with nested tx
+      } else {
+        return this.tx (fn) // with root tx
+      }
+    }
     const req = new Request ({ query, data })
     return this.dispatch (req)
   }

package/lib/srv/srv-dispatch.js

@@ -13,18 +13,23 @@ exports.dispatch = async function dispatch (req) { //NOSONAR
 
   // Ensure we are in a proper transaction
   if (!this.context) {
-    const gc = cds.context
-    if (gc && gc.tx && !gc.tx._done) return this.tx(gc).dispatch(req) // with nested tx
-    else return this.tx(tx => tx.dispatch(req)) // as root tx
+    const ctx = cds.context
+    if (ctx?.tx && !ctx.tx._done) {
+      return this.tx (ctx) .dispatch(req)      // with nested tx
+    } else {
+      return this.tx (tx => tx.dispatch(req))  // with root tx
+    }
   }
   if (!req.tx) req.tx = this // `this` is a tx from now on...
 
   // Inform potential listeners // REVISIT: -> this should move into protocol adapters
-  if (_is_root(req)) req._.req.emit ('dispatch',req)
+  let _is_root = req.constructor.name in { ODataRequest:1, RestRequest:2 }
+  if (_is_root) req._.req.emit ('dispatch',req)
 
   // Handle batches of queries
-  if (_is_array(req.query))
-    return Promise.all (req.query.map (q => this.dispatch ({query:q,__proto__:req,context:req.context})))
+  if (_is_array(req.query)) return Promise.all (req.query.map (
+    q => this.dispatch ({ query:q, context: req.context, __proto__:req })
+  ))
 
   // Ensure target and fqns
   if (!req.target) _ensure_target (this,req)
@@ -88,7 +93,6 @@ exports.handle = async function handle (req) {
 }
 
 
-const _is_root = (req) => /OData|REST/i.test(req.constructor.name)
 const _is_array = Array.isArray
 const _dummy = ()=>{} // REVISIT: required for some messaging tests which obviously still expect and call next()
 

package/lib/srv/srv-models.js

@@ -22,13 +22,13 @@ class ExtendedModels {
    */
   static middleware4 (srv) {
     if (!(srv instanceof cds.ApplicationService)) return [] //> no middleware to add // REVISIT: move to `srv.isExtensible`
-    if (srv.name?.startsWith('cds.xt.'))          return [] //> no middleware to add // REVISIT: move to `srv.isExtensible`
-    else return async (req,res,next) => {
+    if (!srv.isExtensible) return [] //> no middleware to add
+    else return async function cds_context_model (req,res,next) {
       if (!req.user?.tenant) return next()
       const ctx = cds.context = cds.EventContext.for({ http: { req, res } })
       ctx.user = req.user // REVISIT: should move to auth middleware?
       try {
-        ctx.model = req.__model = await this.model4 (ctx.tenant, ctx.features)
+        ctx.model = req.__model = await ExtendedModels.model4 (ctx.tenant, ctx.features)
       } catch (e) {
         LOG.error (Object.assign(e, { message: 'Unable to get service from service map due to error: ' + e.message }))
 
@@ -99,6 +99,7 @@ class ExtendedModels {
     if (model.then) return model //> promised model to avoid race conditions
 
     const {_cached} = model, interval = ExtendedModels.checkInterval
+    if (!_cached.touched)  return model
     if (Date.now() - _cached.touched < interval) return model //> checked recently
 
     else return this[key] = (async()=>{ // temporarily replace cache entry by promise to avoid race conditions...

package/lib/srv/srv-tx.js

@@ -1,6 +1,18 @@
 const cds = require('../index'), { cds_tx_protection } = cds.env.features
 const EventContext = require('../req/context')
-class RootContext extends EventContext {}
+class RootContext extends EventContext {
+  static for(_) {
+    if (_ instanceof EventContext) return _
+    else return super.for(_,'as root')
+  }
+}
+class NestedContext extends EventContext {
+  static for(_) {
+    if (_ instanceof EventContext) return _
+    else return super.for(_)
+  }
+}
+
 
 /**
  * This is the implementation of the `srv.tx(req)` method. It constructs
@@ -8,35 +20,28 @@ class RootContext extends EventContext {}
  * @returns { Transaction & import('./srv-api') }
  * @param { EventContext } ctx
  */
-module.exports = function tx (ctx,fn) { const srv = this
+function srv_tx (ctx,fn) { const srv = this
 
   if (srv.context) return srv // srv.tx().tx() -> idempotent
+  if (!ctx) return RootTransaction.for (srv)
+
+  // Creating root or nested txes for existing contexts
+  if (ctx instanceof EventContext) {
+    if (ctx.tx) return NestedTransaction.for (srv, ctx)
+    else return RootTransaction.for (srv, ctx)
+  }
 
   // Last arg may be a function -> srv.tx (tx => { ... })
   if (typeof ctx === 'function') [ ctx, fn ] = [ undefined, ctx ]
   if (typeof fn === 'function') {
-    const tx = srv.tx(ctx), fx = ()=> Promise.resolve(fn(tx)).then(tx.commit,tx.rollback)
-    const gc = cds.context, _has_tx = gc && gc.tx && !gc.tx._done
-    return _has_tx ? fx() : cds._context.run(tx,fx)
+    const tx = RootTransaction.for (srv, ctx)
+    return cds._context.run (tx, ()=> Promise.resolve(fn(tx)) .then (tx.commit, tx.rollback))
   }
 
-  if (ctx) {
-    if (ctx.context) ctx = ctx.context
-
-    // REVISIT: This is for compatibility with former srv.tx(req) usages
-    if (ctx instanceof EventContext) {
-      if (ctx.tx) return NestedTransaction.for (srv, ctx)
-      else return RootTransaction.for (srv, ctx)
-    }
-
-    // REVISIT: This is for compatibility with AFC only
-    if (ctx._txed_before) return NestedTransaction.for (srv, ctx._txed_before)
-    else Object.defineProperty(ctx, '_txed_before', { value: ctx = RootContext.for(ctx) })
-    return RootTransaction.for (srv, ctx)
-  }
-
-  // `ctx` is a plain context object or undefined
-  return RootTransaction.for (srv, RootContext.for(ctx))
+  // REVISIT: following is for compatibility with AFC only -> we should get rid of that
+  if (ctx._txed_before) return NestedTransaction.for (srv, ctx._txed_before)
+  else Object.defineProperty (ctx, '_txed_before', { value: ctx = RootContext.for(ctx) })
+  return RootTransaction.for (srv, ctx)
 }
 
 
@@ -45,17 +50,16 @@ class Transaction {
   /**
    * Returns an already started tx for given srv, or creates a new instance
    */
-  static for (srv,root) {
-    let txs = root.transactions
-    if (!txs) Object.defineProperty(root, 'transactions', {value: txs = new Map})
-    if (srv._real_srv) srv = srv._real_srv // REVISIT: srv._real_srv is a qirty hack for current Okra Adapters
+  static for (srv, ctx) {
+    const txs = ctx.context.transactions || ctx.context._set ('transactions', new Map)
+    if (srv._real_srv) srv = srv._real_srv // REVISIT: srv._real_srv is a dirty hack for current Okra Adapters
     let tx = txs.get (srv)
-    if (!tx) txs.set (srv, tx = new this (srv,root))
+    if (!tx) txs.set (srv, tx = new this (srv,ctx))
     return tx
   }
 
-  constructor (srv,root) {
-    const tx = { __proto__:srv, context:root }
+  constructor (srv, ctx) {
+    const tx = { __proto__:srv, _kind: new.target.name, context: ctx }
     const proto = new.target.prototype
     tx.commit   = proto.commit.bind(tx)
     tx.rollback = proto.rollback.bind(tx)
@@ -107,11 +111,12 @@ class Transaction {
 class RootTransaction extends Transaction {
 
   /**
-   * Register the new transaction with the root context.
-   * @param {EventContext} root
+   * Register the new transaction with the given context.
+   * @param {EventContext} ctx
    */
-  static for (srv,root) {
-    return root.tx = super.for (srv,root)
+  static for (srv, ctx) {
+    ctx = RootContext.for (ctx?.tx?._done ? {} : ctx)
+    return ctx.tx = super.for (srv, ctx)
   }
 
   /**
@@ -153,16 +158,21 @@ class RootTransaction extends Transaction {
 
 class NestedTransaction extends Transaction {
 
+  static for (srv,ctx) {
+    ctx = NestedContext.for (ctx)
+    return super.for (srv, ctx)
+  }
+
   /**
-   * Registers event listeners with the root context, to commit or rollback
+   * Registers event listeners with the given context, to commit or rollback
    * when the root tx is about to commit or rollback.
-   * @param {import ('../req/context')} root
+   * @param {EventContext} ctx
    */
-  constructor (srv,root) {
-    super (srv,root)
-    root.before ('succeeded', ()=> this.commit())
-    root.before ('failed', ()=> this.rollback())
-    if ('end' in srv) root.once ('done', ()=> srv.end())
+  constructor (srv,ctx) {
+    super (srv,ctx)
+    ctx.before ('succeeded', ()=> this.commit())
+    ctx.before ('failed', ()=> this.rollback())
+    if ('end' in srv) ctx.once ('done', ()=> srv.end())
   }
 
 }
@@ -193,3 +203,5 @@ const _begin = async function (req) {
   delete this.dispatch
   return this.dispatch (req)
 }
+
+module.exports = srv_tx

package/lib/utils/cds-utils.js

@@ -70,17 +70,17 @@ exports.mkdirp = async function (...path) {
 
 exports.rmdir = (...path) => {
   const d = resolve (cds.root,...path)
-  return (fs.promises.rm || fs.promises.rmdir) (d, {recursive:true})
+  return fs.promises.rm (d, {recursive:true})
 }
 
 exports.rimraf = (...path) => {
   const d = resolve (cds.root,...path)
-  return (fs.promises.rm || fs.promises.rmdir) (d, {recursive:true,force:true})
+  return fs.promises.rm (d, {recursive:true,force:true})
 }
 
 exports.rm = async function rm (x) {
   const y = resolve (cds.root,x)
-  return (fs.promises.rm || fs.promises.unlink)(y)
+  return fs.promises.rm(y)
 }
 
 exports.copy = async function copy (x,y) {

package/lib/utils/resources/index.js

@@ -8,22 +8,22 @@ const TEMP_DIR = fs.realpathSync(require('os').tmpdir())
 
 const packTarArchive = async (files, root, flat = false) => {
   if (typeof files === 'string') return await packArchiveCLI(files)
-  
+
   let tgzBuffer, temp
   try {
-    temp = await fs.promises.mkdtemp(`${TEMP_DIR}${path.sep}tar-`)    
+    temp = await fs.promises.mkdtemp(`${TEMP_DIR}${path.sep}tar-`)
     for (const file of files) {
       const fname = flat ? path.basename(file) : path.relative(root, file)
       const destination = path.join(temp, fname)
       const dirname = path.dirname(destination)
       if (!await exists(dirname)) await fs.promises.mkdir(dirname, { recursive: true })
-      await fs.promises.copyFile(file, destination)      
+      await fs.promises.copyFile(file, destination)
     }
 
     tgzBuffer = await packArchiveCLI(temp)
   } finally {
     if (await exists(temp)) {
-      await (fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true })
+      await fs.promises.rm(temp, { recursive: true, force: true })
     }
   }
 
@@ -38,7 +38,7 @@ const unpackTarArchive = async (buffer, folder) => {
   try {
     await unpackArchiveCLI(tgz, folder)
   } finally {
-    if (await exists(temp)) await (fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true })
+    if (await exists(temp)) await fs.promises.rm(temp, { recursive: true, force: true })
   }
 }
 

package/lib/utils/resources/tar.js

@@ -27,7 +27,7 @@ const packArchiveCLI = async (root) => {
   }
   finally {
     if (await exists(temp)) {
-      await (fs.promises.rm || fs.promises.rmdir)(temp, { recursive: true, force: true })
+      await fs.promises.rm(temp, { recursive: true, force: true })
     }
   }
 }

package/libx/_runtime/auth/index.js

@@ -183,7 +183,7 @@ module.exports = (srv, options = srv.options) => {
     (process.env.NODE_ENV === 'production' && config.credentials && config.restrict_all_services)
   ) {
     if (!logged) LOG._debug && LOG.debug(`Enforcing authenticated users for all services`)
-    app.use(_enforce_authenticated_user)
+    app.use(cap_enforce_login)
   }
 
   // so we don't log the same stuff multiple times
@@ -199,7 +199,7 @@ const _strategy4 = config => {
   throw new Error(`Authentication kind "${config.kind}" is not supported`)
 }
 
-const _enforce_authenticated_user = (req, res, next) => {
+const cap_enforce_login = (req, res, next) => {
   if (req.user && req.user.is('authenticated-user')) return next() // pass if user is authenticated
   if (!req.user || req.user._is_anonymous) {
     if (req.user && req.user._challenges) res.set('WWW-Authenticate', req.user._challenges.join(';'))

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/read.js

@@ -81,7 +81,8 @@ const _getCount = async (tx, readReq) => {
     // REVISIT: this process appears to be rather clumsy
     // Copy CQN including from, where and search + changing columns
     const select = SELECT.from(readReq.query.SELECT.from)
-    select.SELECT.columns = [{ func: 'count', args: [{ val: '1' }], as: '$count' }]
+    // { val: 1 } is used on purpose, as "numbers" are not used as param in prepared stmt
+    select.SELECT.columns = [{ func: 'count', args: [{ val: 1 }], as: '$count' }]
 
     if (readReq.query.SELECT.where) select.SELECT.where = readReq.query.SELECT.where
     if (readReq.query.SELECT.search) select.SELECT.search = readReq.query.SELECT.search

package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-commons/utils/PrimitiveValueDecoder.js

@@ -68,8 +68,6 @@ const MULTI_LINE_STRING_VALIDATION = new RegExp('^' + SRID + 'MultiLineString\\(
 const MULTI_POLYGON_VALIDATION = new RegExp('^' + SRID + 'MultiPolygon\\((' + MULTI_POLYGON + ')\\)$', 'i')
 const COLLECTION_VALIDATION = new RegExp('^' + SRID + 'Collection\\((' + MULTI_GEO_LITERAL + ')\\)$', 'i')
 
-const BASE64 = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}={2})$/
-
 function _getBase64(val) {
   if (isInvalidBase64string(val)) return
   // convert url-safe to standard base64

package/libx/_runtime/cds-services/adapter/odata-v4/okra/odata-server/deserializer/DeserializerFactory.js

@@ -40,8 +40,10 @@ class DeserializerFactory {
         let additionalInformation = { hasDelta: false }
         const deserializer = new ResourceJsonDeserializer(edm, jsonContentTypeInfo)
         return (edmObject, value) => {
+          const body = deserializer[name](edmObject, value, expand, additionalInformation)
+
           return {
-            body: deserializer[name](edmObject, value, expand, additionalInformation),
+            body,
             expand,
             additionalInformation
           }

package/libx/_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite.js

@@ -4,8 +4,6 @@ const {
   Request,
   ql: { SELECT }
 } = cds
-const LOG = cds.log()
-const { normalizeError } = require('../../../../common/error/frontend')
 
 const { getDeepSelect, getSimpleSelectCQN } = require('./handlerUtils')
 const { hasDeepUpdate } = require('../../../../common/composition/update')

package/libx/_runtime/cds-services/services/utils/compareJson.js

@@ -155,7 +155,9 @@ const _skipToMany = (entity, prop) => {
 }
 
 const _iteratePropsInNewEntry = (newEntry, keys, result, oldEntry, entity) => {
-  for (const prop in newEntry) {
+  // On app-service layer, generated foreign keys are not enumerable,
+  // include them here too.
+  for (const prop of Object.getOwnPropertyNames(newEntry)) {
     if (keys.includes(prop)) {
       _addKeysToResult(result, prop, newEntry, oldEntry)
       continue

package/libx/_runtime/cds-services/util/assert.js

@@ -277,6 +277,9 @@ const checkIfAssocDeep = (element, value, req) => {
     // managed to one
     Object.keys(value).forEach(prop => {
       if (typeof value[prop] !== 'object') {
+        const foreignKey = element._foreignKeys.find(fk => fk.childElement.name === prop)
+        if (foreignKey) return
+
         const key = element.keys.find(element => element.ref[0] === prop)
         if (key) return
 

package/libx/_runtime/common/generic/input.js

@@ -11,6 +11,7 @@ const cds = require('../../cds')
 const LOG = cds.log('app')
 const { enrichDataWithKeysFromWhere } = require('../utils/keys')
 const { DRAFT_COLUMNS_MAP } = require('../../common/constants/draft')
+const propagateForeignKeys = require('../utils/propagateForeignKeys')
 const { checkInputConstraints, assertTargets } = require('../../cds-services/util/assert')
 const getTemplate = require('../utils/template')
 const templateProcessor = require('../utils/templateProcessor')
@@ -126,6 +127,11 @@ const _processCategory = (req, category, value, elementInfo, assertMap) => {
   const { row, key, element, isRoot } = elementInfo
   category = _getSimpleCategory(category)
 
+  if (category === 'propagateForeignKeys') {
+    propagateForeignKeys(key, row, element._foreignKeys, element.isComposition, { enumerable: false })
+    return
+  }
+
   // remember mandatory
   if (category === 'mandatory') {
     value.mandatory = true
@@ -186,6 +192,11 @@ const _pick = element => {
   // collect actions to apply
   const categories = []
 
+  // REVISIT: element._foreignKeys.length seems to be a very broad check
+  if (element.isAssociation && element._foreignKeys.length) {
+    categories.push({ category: 'propagateForeignKeys' })
+  }
+
   if (element['@assert.range'] || element['@assert.enum'] || element['@assert.format']) {
     categories.push('assert')
   }
@@ -241,7 +252,10 @@ async function _handler(req) {
   if (!req.query) return // FIXME: the code below expects req.query to be defined
   if (!req.target) return
 
-  const template = getTemplate('app-input', this, req.target, { pick: _pick })
+  const template = getTemplate('app-input', this, req.target, {
+    pick: _pick,
+    ignore: element => element._isAssociationStrict
+  })
   if (template.elements.size === 0) return
 
   const errors = []
@@ -301,7 +315,8 @@ const _processActionFunctionRow = (row, param, key, errors, event, service) => {
 
   // structured
   const template = getTemplate('app-input-operation', service, param, {
-    pick: _pick
+    pick: _pick,
+    ignore: element => element._isAssociationStrict
   })
 
   if (template && template.elements.size) {

package/libx/_runtime/common/generic/put.js

@@ -64,7 +64,10 @@ function _handler(req) {
   const { elements } = req.target
   for (const k in req.data) if (k in elements && elements[k]['@Core.MediaType']) return
 
-  const template = getTemplate('app-put', this, req.target, { pick: _pick })
+  const template = getTemplate('app-put', this, req.target, {
+    pick: _pick,
+    ignore: element => element._isAssociationStrict
+  })
   if (template.elements.size === 0) return
 
   // REVISIT: req.data should point into req.query

package/libx/_runtime/common/generic/temporal.js

@@ -1,5 +1,4 @@
 const cds = require('../../cds')
-const LOG = cds.log('app')
 
 const _getDateFromQueryOptions = str => {
   if (str) {
@@ -11,8 +10,6 @@ const _getDateFromQueryOptions = str => {
 
 const _isDate = dateStr => !dateStr.includes(':')
 const _isTimestamp = dateStr => dateStr.includes('.')
-const _isWarningRequired = (warning, queryOptions) =>
-  !warning && queryOptions && (queryOptions['sap-valid-from'] || queryOptions['sap-valid-to'])
 const _isAsOfNow = queryOptions =>
   !queryOptions || (!queryOptions['sap-valid-at'] && !queryOptions['sap-valid-to'] && !queryOptions['sap-valid-from'])
 

package/libx/_runtime/common/utils/binary.js

@@ -1,8 +1,6 @@
 const getTemplate = require('./template')
 const templateProcessor = require('./templateProcessor')
 
-const BASE64 = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}={0,1}|[A-Za-z0-9+/]{2}={0,2})$/
-
 // convert the standard base64 encoding to the URL-safe variant
 const toBase64url = value =>
   (Buffer.isBuffer(value) ? value.toString('base64') : value).replace(/\//g, '_').replace(/\+/g, '-')
@@ -17,12 +15,13 @@ const isInvalidBase64string = value => {
   if (Buffer.isBuffer(value)) return // ok
 
   // convert to standard base64 string; let it crash if typeof value !== 'string'
-  const base64 = value.replace(/_/g, '/').replace(/-/g, '+')
+  const base64value = value.replace(/_/g, '/').replace(/-/g, '+')
   const normalized = normalizeBase64string(value)
 
   // example of invalid base64 string --> 'WTGTdDsD/k21LnFRb+uNcAi=' <-- '...i=' must be '...g='
   // see https://datatracker.ietf.org/doc/html/rfc4648#section-4
-  return !base64.match(BASE64) || base64.replace(/=/g, '') !== normalized.replace(/=/g, '')
+  if (base64value.replace(/=/g, '') !== normalized.replace(/=/g, '')) return true
+  return base64value.length > normalized.length
 }
 
 const _picker = element => {

package/libx/_runtime/common/utils/keys.js

@@ -27,13 +27,18 @@ function _getOnCondElements(onCond, onCondElements = []) {
   return onCondElements
 }
 
-function _modifyWhereWithNavigations(where, newWhere, entityKey, targetKey) {
-  if (where) {
+function _mergeWhere(base, additional) {
+  if (additional?.length) {
     // copy where else query will be modified
-    const whereCopy = deepCopyArray(where)
-    if (newWhere.length > 0) newWhere.push('and')
-    newWhere.push(...whereCopy)
+    const whereCopy = deepCopyArray(additional)
+    if (base.length > 0) base.push('and')
+    base.push(...whereCopy)
   }
+  return base
+}
+
+function _modifyWhereWithNavigations(where, newWhere, entityKey, targetKey) {
+  _mergeWhere(newWhere, where)
 
   newWhere.forEach(element => {
     if (element.ref && element.ref[0] === targetKey) {
@@ -85,7 +90,10 @@ function _getWhereFromUpdate(query, target, model) {
     return where
   }
 
-  return query.UPDATE.where
+  const where = query.UPDATE.where || []
+  if (query.UPDATE.entity.ref?.length === 1 && query.UPDATE.entity.ref[0].where)
+    return _mergeWhere(query.UPDATE.entity.ref[0].where, where)
+  return where
 }
 
 // params: data, req, service/tx