@sap/cds 6.4.0 → 6.5.0

package/libx/_runtime/fiori/generic/before.js

@@ -155,6 +155,13 @@ const _validateDraftBoundAction = async function (req) {
   if (result && result.length > 0) _validateDraft(req, result, isBoundAction)
 }
 
+const _allowEntityCollectionOnAction = action => {
+  return (
+    action['@cds.odata.bindingparameter.collection'] ||
+    (action.params && Object.values(action.params).some(e => e?.items?.type === '$self'))
+  )
+}
+
 const _registerBoundActionHandlers = function (entityName, actions) {
   if (!actions) return
 
@@ -164,7 +171,7 @@ const _registerBoundActionHandlers = function (entityName, actions) {
       action.name !== 'draftPrepare' &&
       action.name !== 'draftEdit' &&
       action.name !== 'draftActivate' &&
-      !action['@cds.odata.bindingparameter.collection']
+      !_allowEntityCollectionOnAction(action)
   )
 
   for (const action of boundActions) {

package/libx/_runtime/fiori/generic/edit.js

@@ -156,6 +156,11 @@ const fioriGenericEdit = async function (req) {
   }
 
   await Promise.all(insertCQNs.map(CQN => dbtx.run(CQN)))
+
+  // REVISIT: we need to use okra API here because it must be set in the batched request
+  // status code must be set in handler to allow overriding for FE V2
+  req?._?.odataRes.setStatusCode(201)
+
   return results[0][0]
 }
 

package/libx/_runtime/fiori/generic/read.js

@@ -37,15 +37,16 @@ const _findRootSubSelectFor = query => {
 
 // append where with clauses from @restrict
 const _getWhereWithAppendedDraftRestrictions = (where = [], req) => {
+  const restrictions = []
   if (req.query._draftRestrictions) {
     for (const each of req.query._draftRestrictions) {
       const xpr = each._xpr
       if (each.target.name === ensureUnlocalized(req.target.name)) {
-        if (where.length) where.push('and')
         // restriction might contain or clause -> use xpr for grouping
-        xpr.includes('or') ? where.push({ xpr }) : where.push(...xpr)
+        if (restrictions.length) restrictions.push('or')
+        xpr.includes('or') ? restrictions.push({ xpr }) : restrictions.push(...xpr)
       } else {
-        // > restriction inherited from parent via autoexposure
+        // restriction inherited from parent via autoexposure
         // find inner most sub select if available and append restriction to where clause
         const rootSubSelect = _findRootSubSelectFor({ SELECT: { where } })
         if (rootSubSelect && rootSubSelect.SELECT.from) {
@@ -62,6 +63,10 @@ const _getWhereWithAppendedDraftRestrictions = (where = [], req) => {
     }
   }
 
+  if (restrictions.length) {
+    if (where.length) where.push('and', { xpr: restrictions })
+    else where.push(...restrictions)
+  }
   return where
 }
 

package/libx/_runtime/fiori/lean-draft.js

@@ -33,7 +33,8 @@ cds.ApplicationService.prototype.handle = function (req) {
     // REVISIT: This is a bit hacky -> better way?
     query._target = undefined
     cds.infer(query, this.model.definitions)
-    const _req = cds.Request.for(req._)
+    const _req = cds.Request.for(req._) // REVISIT: this causes req._.data of WRITE reqs copied to READ reqs
+    if (query.SELECT) delete _req.data // which we fix here -> but this is an ugly workaround
     _req.query = query
     _req.event = req.event
     _req.target = query._target
@@ -575,6 +576,11 @@ async function onDraftEdit(req) {
 
   const targetDraft = req.target.drafts
   await INSERT.into(targetDraft).entries(res)
+
+  // REVISIT: we need to use okra API here because it must be set in the batched request
+  // status code must be set in handler to allow overriding for FE V2
+  req?._?.odataRes.setStatusCode(201)
+
   return { ...res, IsActiveEntity: false } // REVISIT: Flatten?
 }
 exports.onDraftEdit = onDraftEdit
@@ -612,6 +618,11 @@ async function onDraftActivate(req) {
   }
   const r = new cds.Request({ event, query, data: res })
   const result = await this.dispatch(r)
+
+  // REVISIT: we need to use okra API here because it must be set in the batched request
+  // status code must be set in handler to allow overriding for FE V2
+  req?._?.odataRes.setStatusCode(201)
+
   return Object.assign(result, { IsActiveEntity: true })
 }
 exports.onDraftActivate = onDraftActivate

package/libx/_runtime/hana/Service.js

@@ -93,7 +93,7 @@ class HanaDatabase extends DatabaseService {
   _registerBeforeHandlers() {
     this.before(['CREATE', 'UPDATE'], '*', this._input) // > has to run before rewrite
     this.before('READ', '*', search) // > has to run before rewrite
-    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE'], '*', this._rewrite)
+    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE', 'UPSERT'], '*', this._rewrite)
 
     this.before('READ', '*', localized) // > has to run after rewrite
     this.before('READ', '*', this._virtual)

package/libx/_runtime/hana/customBuilder/CustomSelectBuilder.js

@@ -4,6 +4,11 @@ const LOG = cds.log('hana|db|sql')
 const SelectBuilder = require('../../db/sql-builder').SelectBuilder
 
 class CustomSelectBuilder extends SelectBuilder {
+  constructor(obj, options, csn) {
+    super(obj, options, csn)
+    // $searchUsingContains property is set in the sub SELECT of the query, optimized search case
+    if (this._obj?._$searchUsingContains) this._options.$searchUsingContains = this._obj._$searchUsingContains
+  }
   get FunctionBuilder() {
     const FunctionBuilder = require('./CustomFunctionBuilder')
     Object.defineProperty(this, 'FunctionBuilder', { value: FunctionBuilder })
@@ -28,11 +33,6 @@ class CustomSelectBuilder extends SelectBuilder {
     return SelectBuilder
   }
 
-  getDefaultOptions() {
-    const options = { $searchUsingContains: !!this._obj.SELECT._$searchUsingContains }
-    return { ...super.getDefaultOptions(), ...options }
-  }
-
   _val(obj) {
     if (typeof obj.val === 'boolean') return { sql: obj.val ? 'true' : 'false', values: [] }
     return super._val(obj)

package/libx/_runtime/hana/execute.js

@@ -61,7 +61,7 @@ function _hdbGetResultForProcedure(rows, args, outParameters) {
   // merge table output params into scalar params
   if (args && args.length && outParameters) {
     const params = outParameters.filter(md => !(md.PARAMETER_NAME in rows))
-    for (let i = 0; i < args.length; i++) {
+    for (let i = 0; i < params.length; i++) {
       result[params[i].PARAMETER_NAME] = args[i]
     }
   }
@@ -82,14 +82,14 @@ function _hcGetResultForProcedure(stmt, resultSet, outParameters) {
   // merge table output params into scalar params
   const params = Array.isArray(outParameters) && outParameters.filter(md => !(md.PARAMETER_NAME in result))
   if (params && params.length) {
-    let i = 0
-    do {
-      const parameterName = params[i++].PARAMETER_NAME
+    for (let i = 0; i < params.length; i++) {
+      const parameterName = params[i].PARAMETER_NAME
       result[parameterName] = []
       while (resultSet.next()) {
         result[parameterName].push(resultSet.getValues())
       }
-    } while (resultSet.nextResult())
+      resultSet.nextResult()
+    }
   }
   return result
 }

package/libx/_runtime/hana/pool.js

@@ -79,7 +79,7 @@ async function credentials4(tenant, db) {
   }
 
   if (cds.xt?.serviceManager && !cds.env.requires['cds.xt.DeploymentService']?.['old-instance-manager']) {
-    return (await db._instance_manager.get(tenant)).credentials
+    return (await db._instance_manager.get(tenant, { disableCache: true })).credentials
   }
 
   return new Promise((resolve, reject) => {

package/libx/_runtime/hana/search2cqn4sql.js

@@ -1,8 +1,25 @@
+const cds = require('../cds')
 const { computeColumnsToBeSearched } = require('../cds-services/services/utils/columns')
 const searchToLike = require('../common/utils/searchToLike')
 const { isContainsPredicateSupported, search2Contains } = require('./search2Contains')
 const { addAliasToExpression } = require('../db/utils/generateAliases')
-
+const targetAlias = 'Target'
+const textsAlias = 'Texts'
+const _generateKeysWhereCondition = (entity, alias1, alias2) => {
+  const keys = Object.keys(entity.keys).filter(k => !entity.keys[k].isAssociation)
+  const where = []
+  keys.forEach(key => {
+    if (where.length > 0) where.push('and')
+    where.push({ ref: [alias1, key] }, '=', { ref: [alias2, key] })
+  })
+  return where
+}
+const _generateContainsColumns = (columns, entity) => {
+  const columnsTarget = addAliasToExpression(columns, targetAlias)
+  const columns2SearchText = columns.filter(col => col.ref && entity.elements[col.ref[col.ref.length - 1]].localized)
+  const columnsText = addAliasToExpression(columns2SearchText, textsAlias)
+  return [...columnsTarget, ...columnsText]
+}
 /**
  * Computes a CQN expression for a search query.
  *
@@ -24,67 +41,50 @@ const search2cqn4sql = (query, entity, options) => {
   const cqnSearchPhrase = query.SELECT.search
   if (!cqnSearchPhrase) return query
 
-  let { columns: columns2Search = computeColumnsToBeSearched(query, entity), locale } = options
   const localizedAssociation = entity.associations?.localized
-
-  // Resolve localized data at runtime if the localized association is defined for the target entity.
-  // Notice that if the localized association is defined, there should be at least one localized element.
   if (localizedAssociation) {
-    const onCondition = entity._relations[localizedAssociation.name].join(localizedAssociation.target, entity.name)
+    let { columns: columns2Search = computeColumnsToBeSearched(query, entity), locale } = options
+    const viewAlias = query.SELECT.from.as ? query.SELECT.from.as : 'LocalizedView'
+    if (!query.SELECT.from.as) {
+      _addAliasToQuery(query, viewAlias)
+    }
 
-    // REVISIT this is dirty but works for now
-    // replace $user_locale placeholder with the user locale or the HANA session context
-    onCondition[0].xpr[onCondition[0].xpr.length - 1] = { val: locale || "SESSION_CONTEXT('LOCALE')" }
+    const subQuery = cds.ql.SELECT.from(entity.name).columns(1)
+    subQuery.SELECT.from.as = targetAlias
+    const onCondition = _generateKeysWhereCondition(entity, targetAlias, textsAlias)
+    onCondition.push('and', { ref: [textsAlias, 'locale'] }, '=', { val: locale || "SESSION_CONTEXT('LOCALE')" })
 
-    // inner join the target table with the _texts table (the _texts table contains the translated texts)
-    const localizedEntityName = localizedAssociation.target
-    query.join(localizedEntityName).on(onCondition)
+    // left outer join the target table with the _texts table (the _texts table contains the translated texts)
+    subQuery.leftJoin(localizedAssociation.target, textsAlias).on(onCondition)
+    // add condition for equal keys of target table and localized view
+    subQuery.where(_generateKeysWhereCondition(entity, targetAlias, viewAlias))
+    const containsColumns = _generateContainsColumns(columns2Search, entity)
+    let expression
+    if (isContainsPredicateSupported(query, entity, columns2Search)) {
+      // generate CQN expression with `CONTAINS` predicate for the columns from the target and text table
+      expression = search2Contains(cqnSearchPhrase, containsColumns)
+      Object.defineProperty(subQuery, '_$searchUsingContains', { value: true, enumerable: true })
+    } else {
+      expression = searchToLike(cqnSearchPhrase, containsColumns)
+    }
 
-    // prevent SQL ambiguity error for columns with the same name
-    columns2Search = _addAliasToQuery(query, entity, columns2Search)
+    subQuery.where(expression)
 
-    // suppress the localize handler from redirecting the query's target to the localized view
-    Object.defineProperty(query, '_suppressLocalization', { value: true })
-  } // else --> resolve localized texts via localized view (default)
+    // suppress the localize handler from redirecting the subQuery's target to the localized view
+    Object.defineProperty(subQuery, '_suppressLocalization', { value: true })
+    query.where('exists', subQuery)
 
-  const useContains = !!localizedAssociation && isContainsPredicateSupported(query, entity, columns2Search)
-  let expression
-
-  if (useContains) {
-    expression = search2Contains(cqnSearchPhrase, columns2Search)
-    Object.defineProperty(query.SELECT, '_$searchUsingContains', { value: true, enumerable: true })
-  } else {
-    // No CONTAINS optimization possible. The search implementation for localized
-    // texts falls back to the LIKE predicate.
-    expression = searchToLike(cqnSearchPhrase, columns2Search)
+    return query
   }
-
-  // REVISIT: find out here if where or having must be used
-  query._aggregated || /* if new parser */ query.SELECT.groupBy ? query.having(expression) : query.where(expression)
-  return query
 }
 
-// The inner join modifies the original SELECT ... FROM query and adds ambiguity,
-// therefore add the table/entity name (as a preceding element) to the columns ref
-// to prevent a SQL ambiguity error.
-const _addAliasToQuery = (query, entity, columnsToBeSearched) => {
+const _addAliasToQuery = (query, alias) => {
   const SELECT = query.SELECT
-  const localizedEntityName = entity.associations?.localized.target
-  const elements = entity.elements
-  const entityName = entity.name
-  const getEntityName = columnRef => {
-    const columnName = columnRef[0]
-    const localizedElement = !!elements[columnName].localized
-    const targetEntityName = localizedElement ? localizedEntityName : entityName
-    return targetEntityName
-  }
-
-  SELECT.columns = addAliasToExpression(SELECT.columns, getEntityName)
-  columnsToBeSearched = addAliasToExpression(columnsToBeSearched, getEntityName)
-  SELECT.groupBy = addAliasToExpression(SELECT.groupBy, getEntityName)
-  SELECT.orderBy = addAliasToExpression(SELECT.orderBy, getEntityName)
-  SELECT.where = addAliasToExpression(SELECT.where, getEntityName)
-  return columnsToBeSearched
+  SELECT.from.as = alias
+  SELECT.columns = addAliasToExpression(SELECT.columns, alias)
+  SELECT.groupBy = addAliasToExpression(SELECT.groupBy, alias)
+  SELECT.orderBy = addAliasToExpression(SELECT.orderBy, alias)
+  SELECT.where = addAliasToExpression(SELECT.where, alias)
 }
 
 module.exports = search2cqn4sql

package/libx/_runtime/sqlite/Service.js

@@ -73,7 +73,7 @@ module.exports = class SQLiteDatabase extends DatabaseService {
 
   _registerBeforeHandlers() {
     this.before(['CREATE', 'UPDATE'], '*', this._input) // > has to run before rewrite
-    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE'], '*', this._rewrite)
+    this.before(['CREATE', 'READ', 'UPDATE', 'DELETE', 'UPSERT'], '*', this._rewrite)
 
     if (cds.env.features.lean_draft && cds.db?.kind !== 'better-sqlite')
       this.before('READ', '*', convertDraftAdminPathExpression)

package/libx/_runtime/sqlite/customBuilder/CustomUpsertBuilder.js

@@ -2,56 +2,38 @@ const InsertBuilder = require('../../db/sql-builder').InsertBuilder
 const getAnnotatedColumns = require('../../db/sql-builder/annotations')
 
 class CustomUpsertBuilder extends InsertBuilder {
-  // REVISIT: We need to copy over the implementation for annotation handling
-  build() {
-    this._outputObj = {
-      sql: ['INSERT', 'INTO'],
-      values: []
-    }
-
-    this._obj = { INSERT: this._obj.UPSERT, _target: this._obj._target }
+  annotatedColumns(entityName, csn) {
+    const { updateAnnotatedColumns } = getAnnotatedColumns(entityName, csn)
 
-    const entityName = this._into()
-
-    this._columnIndexesToDelete = []
-    const annotatedColumns = getAnnotatedColumns(entityName, this._csn)
-    // hack: treat update annotations as insert because of sql builder impl
-    if (annotatedColumns) {
-      annotatedColumns.insertAnnotatedColumns = annotatedColumns.updateAnnotatedColumns
-    }
-
-    if (this._obj.INSERT.columns) {
-      this._removeAlreadyExistingInsertAnnotatedColumnsFromMap(annotatedColumns)
-      this._columns(annotatedColumns)
+    if (updateAnnotatedColumns?.size) {
+      this.managedCols = Array.from(updateAnnotatedColumns.keys())
     }
 
-    if (this._obj.INSERT.values || this._obj.INSERT.rows) {
-      if (annotatedColumns && !this._obj.INSERT.columns) {
-        // if columns not provided get indexes from csn
-        this._getAnnotatedColumnIndexes(annotatedColumns)
-      }
-
-      this._values(annotatedColumns)
-    } else if (this._obj.INSERT.entries && this._obj.INSERT.entries.length !== 0) {
-      this._entries(annotatedColumns)
-    }
-
-    const insertSql = this._outputObj.sql.join(' ')
+    return { insertAnnotatedColumns: updateAnnotatedColumns }
+  }
 
-    const csnKeys = this._obj._target ? this._obj._target.keys : this._csn.definitions[this._obj.INSERT.into].keys
+  // REVISIT: We need to copy over the implementation for annotation handling
+  build() {
+    this._obj = { INSERT: this._obj.UPSERT, _target: this._obj._target }
+    super.build()
+    const csnKeys =
+      (this._obj._target ? this._obj._target.keys : this._csn.definitions[this._obj.INSERT.into].keys) || {}
     const keys = Object.keys(csnKeys).filter(k => !csnKeys[k].isAssociation)
-    const conflict = ` ON CONFLICT(${keys}) DO UPDATE SET `
     const updates = []
     const columns = this._obj.INSERT.columns || Object.keys(this._obj.INSERT.entries[0])
+    if (this.managedCols) {
+      columns.push(...this.managedCols)
+    }
+
     columns.forEach(col => {
       const col_ = col.replace(/\./g, '_')
       if (!keys.includes(col_)) updates.push(`${col_}=excluded.${col_}`)
     })
+    const conflict = updates.length
+      ? ` ON CONFLICT(${keys}) DO UPDATE SET ` + updates.join(', ')
+      : ` ON CONFLICT(${keys}) DO NOTHING`
 
-    if (updates.length) {
-      this._outputObj.sql = insertSql + conflict + updates.join(', ')
-    }
-
+    this._outputObj.sql = this._outputObj.sql + conflict
     return this._outputObj
   }
 }

package/libx/odata/afterburner.js

@@ -284,11 +284,14 @@ function _processSegments(from, model, namespace) {
         incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
 
         if (incompleteKeys && action) {
-          if (action['@cds.odata.bindingparameter.collection']) {
+          if (
+            action['@cds.odata.bindingparameter.collection'] ||
+            (action.params && Object.values(action.params).some(e => e?.items?.type === '$self'))
+          ) {
             incompleteKeys = false
           } else {
-            const msg = `Bound operations are not supported on entity collections.`
-            throw Object.assign(new Error(msg), { statusCode: 501 })
+            const msg = `"${action.name}" must be called on a single instance of "${current.name}".`
+            throw Object.assign(new Error(msg), { statusCode: 400 })
           }
         }
 

package/libx/odata/cqn2odata.js

@@ -318,7 +318,7 @@ const _parseColumnsV2 = (columns, prefix = []) => {
     }
 
     if (column === '*') {
-      select.push(encodeURIComponent(`${prefix.join('/')}/*`))
+      select.push(encodeURIComponent(prefix.length ? `${prefix.join('/')}/*` : '*'))
     }
   }
 

package/libx/rest/middleware/parse.js

@@ -40,8 +40,8 @@ module.exports = (req, res, next) => {
     case 'HEAD':
     case 'GET':
       if (operation) {
-        // function
-        req._operation = operation = definition.kind === 'function' ? definition : definition.actions[operation]
+        req._operation = operation = definition
+        if (operation.kind === 'action') cds.error('Action must be called by POST', { code: 400 })
         if (!unbound) query = one ? SELECT.one(_target) : SELECT.from(_target)
         else query = undefined
       } else {
@@ -50,8 +50,8 @@ module.exports = (req, res, next) => {
       break
     case 'POST':
       if (operation) {
-        // action
-        req._operation = operation = definition.kind === 'action' ? definition : definition.actions[operation]
+        req._operation = operation = definition
+        if (operation.kind === 'function') cds.error('Function must be called by GET', { code: 400 })
         if (!unbound) query = one ? SELECT.one(_target) : SELECT.from(_target)
         else query = undefined
       } else {
@@ -62,10 +62,32 @@ module.exports = (req, res, next) => {
       break
     case 'PUT':
     case 'PATCH':
+      if (operation) {
+        let errorMsg
+        if (definition) {
+          errorMsg = `${definition.kind.charAt(0).toUpperCase() + definition.kind.slice(1)} must be called by ${
+            definition.kind === 'action' ? 'POST' : 'GET'
+          }`
+        } else {
+          errorMsg = `That action/function must be called by POST/GET`
+        }
+        cds.error(errorMsg, { code: 400 })
+      }
       if (!one) throw { statusCode: 400, code: '400', message: `INVALID_${req.method}` }
       query = UPDATE(_target)
       break
     case 'DELETE':
+      if (operation) {
+        let errorMsg
+        if (definition) {
+          errorMsg = `${definition.kind.charAt(0).toUpperCase() + definition.kind.slice(1)} must be called by ${
+            definition.kind === 'action' ? 'POST' : 'GET'
+          }`
+        } else {
+          errorMsg = `That action/function must be called by POST/GET`
+        }
+        cds.error(errorMsg, { code: 400 })
+      }
       if (!one) cds.error('DELETE not allowed on collection', { code: 400 })
       query = DELETE.from(_target)
       break

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "6.4.0",
+  "version": "6.5.0",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [

package/server.js

@@ -47,7 +47,6 @@ module.exports = async function cds_server (options) {
   if (cds.requires.messaging)   await cds.connect.to ('messaging')
 
   // serve all services declared in models
-  if (cds.requires.middlewares) cds.middlewares.bootstrap(); else if (o.correlate) app.use (o.correlate)
   await cds.serve (o.service,o) .in (app)
   await cds.emit ('served', cds.services) //> hook for listeners
 
@@ -71,7 +70,7 @@ module.exports = async function cds_server (options) {
 //
 const defaults = {
 
-  cors, correlate,
+  cors,
 
   get static() { return cds.env.folders.app },  //> defaults to ./app
 
@@ -100,7 +99,7 @@ const _app_serve = function (endpoint) { return {
 }}
 
 
-function cors (req, res, next) {
+function cors (req, res, next) { // REVISIT: should that move into middlewares?
   const { origin } = req.headers
   if (origin) res.set('access-control-allow-origin', origin)
   if (origin && req.method === 'OPTIONS')
@@ -108,23 +107,6 @@ function cors (req, res, next) {
   next()
 }
 
-function correlate (req, res, next) {
-  // derive correlation id from req
-  const id = req.headers['x-correlation-id'] || req.headers['x-correlationid']
-    || req.headers['x-request-id'] || req.headers['x-vcap-request-id']
-    || cds.utils.uuid()
-  // new intermediate cds.context, if necessary
-  if (!cds.context) cds.context = { id }
-  // guarantee x-correlation-id going forward and set on res
-  req.headers['x-correlation-id'] = id
-  res.set('X-Correlation-ID', id)
-  // guaranteed access to cds.context._.req -> REVISIT
-  if (!cds.context._) cds.context._ = {}
-  if (!cds.context._.req) cds.context._.req = req
-  if (!cds.context._.res) cds.context._.res = res
-  next()
-}
-
 function express_static (dir) {
   return express.static (path.resolve (cds.root,dir))
 }