@sap/cds 6.1.3 → 6.2.1

package/libx/_runtime/messaging/enterprise-messaging.js

@@ -5,6 +5,7 @@ const optionsManagement = require('./enterprise-messaging-utils/options-manageme
 const EMManagement = require('./enterprise-messaging-utils/EMManagement.js')
 const optionsForSubdomain = require('./common-utils/optionsForSubdomain.js')
 const authorizedRequest = require('./common-utils/authorizedRequest')
+const getTenantInfo = require('./enterprise-messaging-utils/getTenantInfo')
 const sleep = require('util').promisify(setTimeout)
 const {
   registerDeployEndpoints,
@@ -26,6 +27,9 @@ const _checkAppURL = appURL => {
     )
 }
 
+const _oldMtx = () => cds.mtx
+const _multitenancyEnabled = () => cds.requires.multitenancy || _oldMtx()
+
 // REVISIT: It's bad to have to rely on the subdomain.
 // For all interactions where we perform the token exchange ourselves,
 // we will be able to use the zoneId instead of the subdomain.
@@ -77,8 +81,62 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
     })
   }
 
+  // New mtx based on @sap/cds-mtxs
+  async addMTXSHandlers() {
+    const deploymentSrv = await cds.connect.to('cds.xt.DeploymentService')
+    const provisioningSrv = await cds.connect.to('cds.xt.SaasProvisioningService')
+    deploymentSrv.impl(() => {
+      deploymentSrv.on('subscribe', async (req, next) => {
+        const res = await next()
+        const { tenant } = req.data
+        let subdomain
+        try {
+          const tenantInfo = await getTenantInfo(tenant) // @sap/cds-mtxs must provide that info
+          subdomain = tenantInfo.subdomain
+        } catch (e) {
+          this.LOG.error("'subscribe' is not yet implemented for @sap/cds-mtxs")
+          throw e
+        }
+        const management = await this.getManagement(subdomain).waitUntilReady()
+        await management.deploy()
+        return res
+      })
+      deploymentSrv.on('unsubscribe', async (req, next) => {
+        const res = await next()
+        const { tenant } = req.data
+        let subdomain
+        try {
+          const tenantInfo = await getTenantInfo(tenant) // @sap/cds-mtxs must provide that info
+          subdomain = tenantInfo.subdomain
+        } catch (e) {
+          this.LOG.error("'unsubscribe' is not yet implemented for @sap/cds-mtxs")
+          throw e
+        }
+        try {
+          const management = await this.getManagement(subdomain).waitUntilReady()
+          await management.undeploy()
+        } catch (error) {
+          this.LOG.error('Failed to delete messaging artifacts for subdomain', subdomain, '(', error, ')')
+        }
+        return res
+      })
+    })
+    provisioningSrv.impl(() => {
+      provisioningSrv.on('dependencies', async (req, next) => {
+        this.LOG._info && this.LOG.info('Include Enterprise-Messaging as SaaS dependency')
+        const res = (await next()) || []
+        const xsappname = this.options.credentials?.xsappname
+        if (xsappname) {
+          const exists = res.some(d => d.xsappname === xsappname)
+          if (!exists) res.push({ xsappname })
+        }
+        return res
+      })
+    })
+  }
+
   startListening() {
-    const doNotDeploy = cds.mtx && !this.options.deployForProvider
+    const doNotDeploy = _multitenancyEnabled() && !this.options.deployForProvider
     if (doNotDeploy) this.LOG._info && this.LOG.info('Skipping deployment of messaging artifacts for provider account')
     super.startListening({ doNotDeploy })
     if (!doNotDeploy && this.subscribedTopics.size) {
@@ -97,8 +155,9 @@ class EnterpriseMessaging extends AMQPWebhookMessaging {
   async listenToClient(cb) {
     _checkAppURL(this.optionsApp.appURL)
     registerWebhookEndpoints(BASE_PATH, this.queueName, this.LOG, cb)
-    if (cds.mtx) {
-      await this.addMTXHandlers()
+    if (_multitenancyEnabled()) {
+      if (_oldMtx()) await this.addMTXHandlers()
+      else await this.addMTXSHandlers()
       registerDeployEndpoints(BASE_PATH, this.queueName, async (tenantInfo, options) => {
         const result = { queue: this.queueName, succeeded: [], failed: [] }
         await Promise.all(

package/libx/_runtime/messaging/outbox/utils.js

@@ -32,7 +32,7 @@ const hasPersistentOutbox = (srv, tenant) => {
   if (!cds.requires.outbox || cds.requires.outbox.kind !== 'persistent-outbox') return false
   if (srv.options && srv.options.outbox && srv.options.outbox.kind && srv.options.outbox.kind !== 'persistent-outbox')
     return false
-  if (cds.mtx && tenant && _isProviderTenant(tenant)) return false // no persistence for provider account
+  if ((cds.mtx || cds.requires.multitenancy) && tenant && _isProviderTenant(tenant)) return false // no persistence for provider account
   return true
 }
 

package/libx/_runtime/messaging/redis-messaging.js

@@ -1,3 +1,4 @@
+// eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
 const redis = require('redis')
 const cds = require('../../../lib')
 const waitingTime = require('./common-utils/waitingTime')

package/libx/_runtime/remote/Service.js

@@ -6,6 +6,7 @@ const LOG = cds.log('remote')
 // disable sdk logger if not in debug mode
 if (!LOG._debug) {
   try {
+    // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
     const sdkUtils = require('@sap-cloud-sdk/util')
     sdkUtils.setGlobalLogLevel('error')
   } catch (err) {
@@ -143,8 +144,7 @@ const _addHandlerActionFunction = (srv, def, target) => {
   if (target) {
     srv.on(event, target, async function (req) {
       const shortEntityName = req.target.name.replace(`${this.namespace}.`, '')
-      if (this.kind === 'odata-v2')
-        return _handleV2BoundActionFunction(srv, def, req, `${shortEntityName}_${event}`, this.kind)
+      if (this.kind === 'odata-v2') return _handleV2BoundActionFunction(srv, def, req, event, this.kind)
       const url = `/${shortEntityName}(${_buildKeys(req, this.kind).join(',')})/${this.namespace}.${event}`
       return _handleBoundActionFunction(srv, def, req, url)
     })

package/libx/_runtime/remote/utils/client.js

@@ -59,12 +59,13 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
 
   // cloud sdk requires a new mechanism to differentiate the priority of headers
   // "custom" keeps the highest priority as before
+  const maxBodyLength = cds.env?.remote?.max_body_length
   requestConfig = {
-    ...(cds.env?.remote?.max_body_length && { maxBodyLength: cds.env.remote.max_body_length }),
     ...requestConfig,
     headers: {
       custom: { ...requestConfig.headers }
-    }
+    },
+    ...(maxBodyLength && { maxBodyLength })
   }
 
   return executeHttpRequestWithOrigin(destination, requestConfig, requestOptions)
@@ -72,6 +73,7 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
 
 const cloudSdk = () => {
   if (_cloudSdk) return _cloudSdk
+  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
   _cloudSdk = require('@sap-cloud-sdk/http-client')
   return _cloudSdk
 }
@@ -472,8 +474,11 @@ const getReqOptions = (req, query, service) => {
     if (typeof reqOptions.data === 'object' && !Buffer.isBuffer(reqOptions.data)) {
       reqOptions.headers['content-type'] = 'application/json'
       reqOptions.headers['content-length'] = Buffer.byteLength(JSON.stringify(reqOptions.data))
-    } else if (typeof reqOptions.data === 'string' || Buffer.isBuffer(reqOptions.data)) {
+    } else if (typeof reqOptions.data === 'string') {
+      reqOptions.headers['content-length'] = Buffer.byteLength(reqOptions.data)
+    } else if (Buffer.isBuffer(reqOptions.data)) {
       reqOptions.headers['content-length'] = Buffer.byteLength(reqOptions.data)
+      if (!_hasHeader(req.headers, 'content-type')) reqOptions.headers['content-type'] = 'application/octet-stream'
     }
   }
   reqOptions.url = formatPath(reqOptions.url)

package/libx/_runtime/remote/utils/data.js

@@ -78,9 +78,14 @@ const _convertValue = (ieee754Compatible, exponentialDecimals) => (value, elemen
     } else if (value === 'false') {
       value = false
     }
-  } else if (type === 'cds.Integer') {
+  } else if (type === 'cds.Integer' || type === 'cds.UInt8' || type === 'cds.Int16' || type === 'cds.Int32') {
     value = parseInt(value, 10)
-  } else if (type === 'cds.Decimal' || type === 'cds.DecimalFloat' || type === 'cds.Integer64') {
+  } else if (
+    type === 'cds.Decimal' ||
+    type === 'cds.DecimalFloat' ||
+    type === 'cds.Integer64' ||
+    type === 'cds.Int64'
+  ) {
     const bigValue = big(value)
     if (ieee754Compatible) {
       // TODO test with arrayed => element.items.scale?

package/libx/_runtime/sqlite/Service.js

@@ -17,6 +17,7 @@ const execute = require('./execute')
 
 const _new = url => {
   if (url && url !== ':memory:') url = cds.utils.path.resolve(cds.root, url)
+  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
   if (!_sqlite) _sqlite = require('sqlite3')
   return new Promise((resolve, reject) => {
     const dbc = new _sqlite.Database(url, err => {
@@ -102,8 +103,8 @@ module.exports = class SQLiteDatabase extends DatabaseService {
     const credentials = this.options.credentials || this.options || {}
     let dbUrl = credentials.database || credentials.url || credentials.host || ':memory:'
 
-    if (tenant && dbUrl.endsWith('.db')) {
-      dbUrl = dbUrl.split('.db')[0] + '_' + tenant + '.db'
+    if (tenant && dbUrl !== ':memory:') {
+      dbUrl = dbUrl.replace(/\.(db|sqlite)$/, `-${tenant}.$1`)
     }
     return dbUrl
   }
@@ -153,13 +154,13 @@ module.exports = class SQLiteDatabase extends DatabaseService {
    */
   // REVISIT: make tenant aware
   async deploy(model, options = {}) {
-    const createEntities = cds.compile.to.sql(model, options)
-    if (!createEntities || createEntities.length === 0) return // > nothing to deploy
+    let createEntities = cds.compile.to.sql(model, options)
+    if (createEntities.length === 0) return // > nothing to deploy
 
-    const dropViews = []
-    const dropTables = []
+    let dropViews = []
+    let dropTables = []
     for (const each of createEntities) {
-      const [, table, entity] = each.match(/^\s*CREATE (?:(TABLE)|VIEW)\s+"?([^\s"(]+)"?/im) || []
+      const [, table, entity] = each.match(/^CREATE (?:(TABLE)|VIEW)\s+"?([^\s"(]+)"?/im) || []
       if (table) dropTables.push({ DROP: { entity } })
       else dropViews.push({ DROP: { view: entity } })
     }
@@ -190,6 +191,12 @@ module.exports = class SQLiteDatabase extends DatabaseService {
     await this.run(async tx => {
       // This starts a new transaction if called from CLI, while joining
       // existing root tx, e.g. when called from DeploymenrService
+      const [ext] = await tx.run(`SELECT 1 from sqlite_master where name='cds_xt_Extensions'`)
+      if (ext) {
+        // Poor man's schema evolution for MTX upgrade operations
+        createEntities = createEntities.filter(ct => !ct.match(/^CREATE TABLE cds_xt_Extensions/im))
+        dropTables = dropTables.filter(dt => dt.DROP.entity !== 'cds_xt_Extensions')
+      }
       await tx.run(dropViews)
       await tx.run(dropTables)
       await tx.run(createEntities)
@@ -197,4 +204,8 @@ module.exports = class SQLiteDatabase extends DatabaseService {
 
     return true
   }
+
+  async disconnect(tenant) {
+    this.dbcs.delete(tenant)
+  }
 }

package/libx/_runtime/sqlite/conversion.js

@@ -39,15 +39,18 @@ const SQLITE_TYPE_CONVERSION_MAP = new Map([
   ['cds.Boolean', convertToBoolean],
   ['cds.Date', convertToDateString],
   ['cds.Integer64', convertInt64ToString],
+  ['cds.Int64', convertInt64ToString],
   ['cds.DateTime', convertToISONoMillis],
   ['cds.Timestamp', convertToISOTime]
 ])
 
 if (cds.env.features.bigjs) {
+  // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
   const Big = require('big.js')
   const convertToBig = value => new Big(value)
 
   SQLITE_TYPE_CONVERSION_MAP.set('cds.Integer64', convertToBig)
+  SQLITE_TYPE_CONVERSION_MAP.set('cds.Int64', convertToBig)
   SQLITE_TYPE_CONVERSION_MAP.set('cds.Decimal', convertToBig)
 }
 

package/libx/_runtime/sqlite/convertAssocToOneManaged.js

@@ -37,7 +37,7 @@ const _convert = (refEntries, req) => {
 }
 
 // REVISIT once sql can handle structured keys properly, this handler should not be required anymore
-const _handler = function (req) {
+const sqliteConvertAssocToOneManaged = function (req) {
   // do simple checks upfront and exit early
   if (!(req.query && req.query.SELECT) || typeof req.query === 'string') return
   if (!req.query.SELECT.orderBy && !req.query.SELECT.groupBy && !req.query.SELECT.where && !req.query.SELECT.having) {
@@ -49,6 +49,6 @@ const _handler = function (req) {
   _convert(_getConvertibleEntries(req), req)
 }
 
-_handler._initial = true
+sqliteConvertAssocToOneManaged._initial = true
 
-module.exports = _handler
+module.exports = sqliteConvertAssocToOneManaged

package/libx/_runtime/sqlite/localized.js

@@ -7,6 +7,8 @@ if (cds.env.i18n && Array.isArray(cds.env.i18n.for_sqlite) && !cds.env.i18n.for_
   LOG._warn && LOG.warn('No language configuration found in cds.env.i18n.for_sqlite')
 }
 
+const _translations = cds.env.i18n.for_sqlite.reduce((all, l) => ((all[l] = true), all), {})
+
 // REVISIT: this is actually configurable
 // there is no localized.en.<name>
 const getLocalize = (locale, model) => name => {
@@ -15,15 +17,13 @@ const getLocalize = (locale, model) => name => {
   // if we get here via onReadDraft, target is already localized
   // because of subrequest using SELECT.from as new target
   const target = model.definitions[ensureUnlocalized(name)]
-  const localizedView =
-    target &&
-    target['@cds.localized'] !== false &&
-    model.definitions[`localized.${locale !== 'en' ? locale + '.' : ''}${name}`]
+  if (target?.['@cds.localized'] === false) return name
 
-  return localizedView ? localizedView.name : name
+  const view = model.definitions[`localized${locale in _translations ? '.' + locale : ''}.${name}`]
+  return view?.name || name
 }
 
-const _handler = function (req) {
+const sqliteLocalized = function (req) {
   const { query } = req
 
   // do simple checks upfront and exit early
@@ -44,6 +44,6 @@ const _handler = function (req) {
   redirect(query, getLocalize(req.locale, this.model))
 }
 
-_handler._initial = true
+sqliteLocalized._initial = true
 
-module.exports = _handler
+module.exports = sqliteLocalized

package/libx/odata/afterburner.js

@@ -163,20 +163,27 @@ function _convertVal(element, value) {
   if (value === null) return value
   switch (element._type) {
     case 'cds.Integer':
+    case 'cds.UInt8':
+    case 'cds.Int16':
+    case 'cds.Int32':
       // eslint-disable-next-line no-case-declarations
       const n = Number(value)
       if (Number.isSafeInteger(n)) return n
       throw new Error('Not a valid integer') // TODO
+
     case 'cds.String':
     case 'cds.LargeString':
     case 'cds.Decimal':
     case 'cds.DecimalFloat':
     case 'cds.Double':
+    case 'cds.Int64':
     case 'cds.Integer64':
       if (typeof value === 'string') return value
       return String(value)
+
     case 'cds.Boolean':
       return typeof value === 'string' ? value === 'true' : value
+
     default:
       return value
   }
@@ -189,12 +196,13 @@ function _processSegments(from, model, namespace) {
   let path
   let keys = null
   let keyCount = 0
-  let incompleteKeys
+  let incompleteKeys = false
   let one
   let target
   for (let i = 0; i < ref.length; i++) {
     const seg = ref[i].id || ref[i]
-    let params = ref[i].where && where2obj(ref[i].where)
+    const whereRef = ref[i].where
+    let params = whereRef && where2obj(whereRef)
 
     if (incompleteKeys) {
       // > key
@@ -234,7 +242,7 @@ function _processSegments(from, model, namespace) {
       if (current.params && current.kind === 'entity') {
         // > View with params
         target = current
-        if (ref[i].where) {
+        if (whereRef) {
           keyCount += addRefToWhereIfNecessary(ref[i].where, current)
           _resolveAliasesInXpr(ref[i].where, current)
           _resolveAliasInParams(params, current)
@@ -265,10 +273,28 @@ function _processSegments(from, model, namespace) {
         // > entity
         target = current
         one = !!(ref[i].where || current._isSingleton)
+
+        let action
+        if (current.actions) {
+          const nextRef = typeof ref[i + 1] === 'string' && ref[i + 1]
+          const shortName = nextRef && nextRef.replace(namespace + '.', '')
+          action = shortName && current.actions[shortName]
+        }
+
         incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
-        if (ref[i].where) {
-          keyCount += addRefToWhereIfNecessary(ref[i].where, current)
-          _resolveAliasesInXpr(ref[i].where, current)
+
+        if (incompleteKeys && action) {
+          if (action['@cds.odata.bindingparameter.collection']) {
+            incompleteKeys = false
+          } else {
+            const msg = `Bound operations are not supported on entity collections.`
+            throw Object.assign(new Error(msg), { statusCode: 501 })
+          }
+        }
+
+        if (whereRef) {
+          keyCount += addRefToWhereIfNecessary(whereRef, current)
+          _resolveAliasesInXpr(whereRef, current)
           _resolveAliasInParams(params, current)
           // in case of Foo(1), params will be {} (before addRefToWhereIfNecessary was called)
           if (!Object.keys(params).length) params = where2obj(ref[i].where)
@@ -277,6 +303,11 @@ function _processSegments(from, model, namespace) {
         }
       } else if ({ action: 1, function: 1 }[current.kind]) {
         // > action or function
+        if (current.kind === 'action' && ref && ref[ref.length - 1]?.where?.length === 0) {
+          const msg = `Round brackets (parentheses) are not allowed for action calls.`
+          throw Object.assign(new Error(msg), { statusCode: 400 })
+        }
+
         if (i !== ref.length - 1) {
           const msg = `${i ? 'Unbound' : 'Bound'} ${current.kind} are only supported as the last path segment.`
           throw Object.assign(new Error(msg), { statusCode: 501 })
@@ -401,7 +432,8 @@ function _4service(service) {
     const { ref } = from
 
     // REVISIT: shouldn't be necessary
-    //Second findCsnTargetFor is required for concat query, where the root is already identified with the first query and subsequent queries already have correct root
+    // Second findCsnTargetFor is required for concat query, where the root is already identified with the first query
+    // and subsequent queries already have correct root
     /*
      * make first path segment fully qualified
      */

package/libx/odata/cqn2odata.js

@@ -121,8 +121,11 @@ const _format = (cur, elementName, target, kind, isLambda) => {
   if (hasValidProps(cur, 'val')) return encodeURIComponent(formatVal(cur.val, elementName, target, kind))
   if (hasValidProps(cur, 'xpr')) return `(${_xpr(cur.xpr, target, kind, isLambda)})`
   // REVISIT: How to detect the types for all functions?
-  if (hasValidProps(cur, 'func', 'args')) {
-    return kind === 'odata-v2' ? _odataV2Func(cur.func, cur.args) : `${cur.func}(${_args(cur.args)})`
+  if (hasValidProps(cur, 'func')) {
+    if (cur.args?.length) {
+      return kind === 'odata-v2' ? _odataV2Func(cur.func, cur.args) : `${cur.func}(${_args(cur.args)})`
+    }
+    return `${cur.func}()`
   }
 }
 
@@ -474,7 +477,7 @@ const parsers = {
   count: (cqnPart, url, kind, target, isCount) => !isCount && $count(cqnPart, kind),
   limit: (cqnPart, url, kind, target, isCount) => !isCount && $limit(cqnPart),
   one: (cqnPart, url, kind, target, isCount) => !isCount && $one(cqnPart, url, kind),
-  ref: (cqnPart, url, kind, target, isCount) => cqnPart[0].where && $where(cqnPart[0].where, target, kind)
+  ref: (cqnPart, url, kind, target, _isCount) => cqnPart[0].where && $where(cqnPart[0].where, target, kind)
 }
 
 function getOptions(cqnPart, url, kind, target, isCount) {

package/libx/odata/grammar.pegjs

@@ -238,6 +238,35 @@
       }
       return elements
     }
+
+    const _replaceAliasedInWhere = (where, alias, value, isFromWhere = false) =>  {
+      where?.forEach(element => {
+        if (element.val === alias) {
+          // TODO check if we want to store replaced aliases/values for req.data in actions/functions in CQN 
+          element.val = value.val
+        } else if (element.list === alias) {
+          element.list = value.list
+        } else if (element.func) {
+          element.args.forEach((arg, i) => {
+            if (arg.val === alias) {
+              arg.val = value.val
+            } else if (arg.func) {
+              _replaceAliasedInWhere(arg.args, alias, value, isFromWhere)
+            }
+          })
+        } else if (element.SELECT) {
+          _replaceAliased(element.SELECT, alias, value, isFromWhere)
+        }
+      });
+    }
+    const _replaceAliased = (select, alias, value, isFromWhere = false) =>  {
+      const {where, from} = select
+      _replaceAliasedInWhere(where, alias, value);
+
+      from?.ref?.forEach(element => {
+        _replaceAliasedInWhere(element.where, alias, value, true);
+      })
+    }
   }
 
 // ---------- Entity Paths ---------------
@@ -334,11 +363,13 @@
 
   QueryOption = option:ExpandOption { if(option && option.apply) SELECT.apply = option.apply} /
     "$skiptoken="   o skiptoken /
+    temporal /
     format /
     custom /
     aliasedParamEqualsVal
   // @OData spec for $expand:
-  // "Allowed system query options are $filter, $select, $orderby, $skip, $top, $count, $search, $expand and $apply (http://docs.oasis-open.org/odata/odata-data-aggregation-ext/v4.0/cs02/odata-data-aggregation-ext-v4.0-cs02.html#_The_expand_Transformation)."
+  // "Allowed system query options are $filter, $select, $orderby, $skip, $top, $count, $search, $expand and 
+  // $apply (https://go.sap.corp/0jzs)."
   ExpandOption =
     "$select="      o select ( COMMA select )* /
     "$expand="      o expand ( COMMA expand )* expandCount? /
@@ -350,6 +381,7 @@
     "$count="       o count /
     "$apply="       o trafos:transformations { return trafos }
 
+  temporal = ("$at" / "$from" / "$toInclusive" / "$to") "=" date
 
   select
     = col:('*' / ref) {
@@ -360,7 +392,7 @@
 
   expandCount 
     = "/$count" {
-      const err = new Error("EXPAND_COUNT_UNSUPPORTED");
+      const err = new Error('"/$count" is not supported for expand operation');
       err.statusCode=501;
       throw err;
     }
@@ -370,7 +402,7 @@
       expandOptions:(option:ExpandOption o ";"? { return option })*
       {
       	if (expandOptions.find(option => option && option.apply !== undefined)) {
-        	const err = new Error("EXPAND_APPLY_UNSUPPORTED");
+        	const err = new Error('"$apply" is not supported for expand operation');
       		err.statusCode=501;
       		throw err;
         }
@@ -468,12 +500,16 @@
         for (let i=0, k=0; i<any.length; ++i) {
           let each = any[i]
           if (each.ref && each.ref.length === 0 && any[i+1] === '=') {
-            xpr[k++] = { func:'contains', args:[{ref:id}, any[i+=2]] }
+            xpr[k++] = { func:'contains', args:[{ref:[id]}, any[i+=2]] }
           } else {
             xpr[k++] = each
           }
         }
         if (xpr.length < any.length) {
+          if (!nav.length) {
+            // no navigation
+            return xpr
+          }
           id = nav.pop()
           return ['exists', { ref: [...nav, { id, where: xpr }] }]
         } else {
@@ -493,7 +529,7 @@
       / comp:comparison { p.push(...comp) }
       / func:function { p.push(func) }
       / lambda:lambda { p.push(...lambda)}
-      / list:listFilter {p.push(...list)}
+      / list:listFilter { p.push(...list) }
     )
     ( ao:(AND/OR) more:inner_lambda { p.push(ao, ...more) } )*
     { return p }
@@ -512,7 +548,7 @@
   orderby
     = ref:(
         lambda {
-          const err = new Error("ORDERBY_LAMBDA_UNSUPPORTED");
+          const err = new Error('"$orderby" does not support lambda');
           err.statusCode=501;
           throw err;
         } /
@@ -560,14 +596,18 @@
       return {apply: mainTransformation}
     }
 
+  aliasedParamVal = val / jsonObject / jsonArray / "[" list:innerList "]" { return { list } }
+
   custom
     = [a-zA-Z0-9-_.~]+ "=" [^&]*
   aliasedParam "an aliased parameter (@param)" = "@" i:identifier { return "@" + i }
-  aliasedParamEqualsVal "@alias=value" = a:aliasedParam "=" v:([^&]*) {return a + "=" + v} 
+  aliasedParamEqualsVal = alias:aliasedParam "=" !aliasedParam value:aliasedParamVal {
+    _replaceAliased(SELECT, alias, value);
+  }
 
   format = "$format=" f:$([^&]*) {
     if (f.toLowerCase() !== "json") {
-      const err = new Error("ONLY_QUERY_PARAM_FORMAT_JSON_ALLOWED")
+      const err = new Error('Only query parameter "json" is allowed in "$format".')
       err.statusCode = 501
       throw err;
     }
@@ -581,10 +621,13 @@
       return [ a, op, b ]
     }
 
+  listFilterParam = aliased:aliasedParam { return { list: aliased } } / listRoundBrackets
+
   listFilter
-    = a:operand _ "in" _ b:listRoundBrackets {
+    = a:operand _ "in" _ b:listFilterParam {
       return [ a, "in", b ]
     }
+
   mathCalc
     = operand (_ ("add" / "sub" / "mul" / "div" / "mod") _ operand)*
   
@@ -621,36 +664,39 @@
 
   null "null" =  "null" {return {val: null }}
   
+  // REVISIT why not JSON.parse() and return JS object?
   jsonObject "a json object"
     = val:$("{" (jsonObject / [^}])* "}") {return {val}}
   
+  // REVISIT why not JSON.parse() and return JS array?
   jsonArray "a json array"
     = val:$("[" o "]" / "[" o "{" (jsonArray / [^\]])* "]") {return {val}}
 
+  // REVISIT: only used for contains(identifier, ["searchterm"]) <- use innerList instead?
   list "a list"
     = "[" any:$([^\]])* "]" // > needs improvment
     { return { list: any.replace(/"/g,'').split(',').map(ele => ({ val: ele })) } }
 
+  innerList = (val1:val val2:("," v:val { return v })* { return [val1, ...val2] })
+
   listRoundBrackets "a list"
-    = OPEN list:(val1:val val2:("," v:val { return v })* { return [val1, ...val2] }) CLOSE // > needs improvment
-    { 
-      return { list }
-    }
+    = OPEN list:innerList CLOSE // > needs improvment
+    { return {list} }
 
   
   functionName "a function name"
   = $[a-zA-Z]+
 
   function 
-    = func:functionName OPEN fnArgs:functionArgs CLOSE {
+    = func:functionName OPEN args:functionArgs CLOSE {
       if (strict && !(func.toLowerCase() in strict.functions)) {
         throw Object.assign(new Error(`"${func}" is an unknown function in OData URL spec (strict mode)`), { statusCode: 400 })
       }
-      return { func: func.toLowerCase(), args:[fnArgs.a,...fnArgs.more] }
+      return { func: func.toLowerCase(), args }
     }
 
   functionArgs
-    = a:operand more:( COMMA o:operand {return o} )* {return { a, more }}
+    = args:(a:operand more:( COMMA o:operand { return o } )* { return [ a, ...more ] })* { return args.length ? args[0] : args }
 
   boolish
     = func:("contains"i/"endswith"i/"startswith"i) OPEN a:operand COMMA b:operand CLOSE
@@ -758,13 +804,15 @@
     return {concat: [trafo1, ...trafo2]}
   }
 
-  computeTrafo = OPEN o computeExpr (o COMMA o computeExpr)* o CLOSE //REVISIT: support compute - current implementation is deviating from odata
+  // REVISIT: support compute - current implementation is deviating from odata
+  computeTrafo = OPEN o computeExpr (o COMMA o computeExpr)* o CLOSE
 
   computeExpr = where_clause asAlias
 
   commonFuncTrafo = OPEN o first:operand o COMMA o second:operand o CLOSE { return [first, second] }
 
-  identityTrafo = "identity" {return {identity: true }} //REVISIT: support identity
+  // REVISIT: support identity
+  identityTrafo = "identity" {return {identity: true }}
 
   topTrafo
     = OPEN o val:top o CLOSE {