@sap/cds 6.6.2 → 6.7.1

package/libx/_runtime/db/expand/rawToExpanded.js

@@ -111,7 +111,7 @@ class RawToExpanded {
         let expandedItems = this._getResultCache(toManyTree.concat(key))[mapping[GET_KEY_VALUE](false, entry)] || []
 
         // the expanded items may include the actives of the deleted drafts -> filter out
-        if (!cds.env.features.lean_draft && rootIsActiveEntity !== null) {
+        if (!cds.env.fiori.lean_draft && rootIsActiveEntity !== null) {
           if (mapping[TO_ACTIVE]) expandedItems = expandedItems.filter(ele => ele.IsActiveEntity !== false)
           else expandedItems = expandedItems.filter(ele => !!ele.IsActiveEntity === rootIsActiveEntity)
         }
@@ -144,7 +144,7 @@ class RawToExpanded {
           else if (rootIsActiveEntity) row[key] = parsed && parsed.IsActiveEntity !== false ? parsed : null
           else row[key] = parsed && parsed.IsActiveEntity === rootIsActiveEntity ? parsed : null
         }
-        if (mapping[CLEANUP_KEYS]) {
+        if (parsed && mapping[CLEANUP_KEYS]) {
           for (const key in mapping[CLEANUP_KEYS]) delete parsed[key]
         }
       } else {
@@ -153,7 +153,7 @@ class RawToExpanded {
         // Assume a DB will not return undefined, but always null
         this._convertValue(rawValue, conversionMapper.get(mapping), mapping, row, key)
 
-        isEntityNull = this._isNull(isEntityNull, rawValue)
+        isEntityNull = this._isNull(isEntityNull, rawValue, key)
       }
     }
 
@@ -173,12 +173,12 @@ class RawToExpanded {
    * @returns {boolean}
    * @private
    */
-  _isNull(isEntityNull, value) {
+  _isNull(isEntityNull, value, key) {
     if (isEntityNull === undefined) {
-      return value === null || value === undefined
+      return value === null || value === undefined || key === 'IsActiveEntity'
     }
 
-    return isEntityNull === true && (value === null || value === undefined)
+    return isEntityNull === true && (value === null || value === undefined || key === 'IsActiveEntity')
   }
 
   /**

package/libx/_runtime/db/generic/integrity.js

@@ -333,7 +333,7 @@ const _checkReferenceIntegrity = (entity, data, req, csn, run) => {
 }
 
 const _checkIntegrityWrapper = (req, csn, run) => async (data, entity) => {
-  if (cds.env.features.lean_draft && entity.name?.endsWith('.drafts')) return
+  if (cds.env.fiori.lean_draft && entity.name?.endsWith('.drafts')) return
   const errors = await _checkReferenceIntegrity(entity, data, req, csn, run)
   if (errors && errors.length !== 0) for (const err of errors) req.error(err)
 }

package/libx/_runtime/db/utils/columns.js

@@ -16,15 +16,15 @@ const getColumns = (entity, { _4db, onlyKeys } = { _4db: true, onlyKeys: false }
   if (!(entity && entity.elements)) return []
   const columnNames = []
   // REVISIT!!!
-  const elements = cds.env.features.lean_draft
-    ? entity.elements
-    : Object.getPrototypeOf(entity.elements) || entity.elements
+  const { structs = cds.env.features.ucsn_struct_conversion } = cds.env.effective.odata
+  const { lean_draft } = cds.env.fiori
+  const elements = lean_draft ? entity.elements : Object.getPrototypeOf(entity.elements) || entity.elements
   for (const elementName in elements) {
     const element = elements[elementName]
     if (onlyKeys && !element.key) continue
     if (element.isAssociation) continue
-    if (!cds.env.features.lean_draft && _4db && entity._isDraftEnabled && elementName in DRAFT_COLUMNS_MAP) continue
-    if ((cds.env.effective.odata.structs || cds.env.features.ucsn_struct_conversion) && element.elements) {
+    if (!lean_draft && _4db && entity._isDraftEnabled && elementName in DRAFT_COLUMNS_MAP) continue
+    if (structs && element.elements) {
       columnNames.push(...resolveStructured({ element, structProperties: [] }, false))
       continue
     }

package/libx/_runtime/fiori/generic/activate.js

@@ -146,8 +146,8 @@ const fioriGenericActivate = async function (req) {
 
   // REVISIT: should not be necessary
   r._ = Object.assign(r._, req._)
-  r.getUriInfo = () => req.getUriInfo()
-  r.getUrlObject = () => req.getUrlObject()
+  if (req.getUriInfo) r.getUriInfo = () => req.getUriInfo()
+  if (req.getUrlObject) r.getUrlObject = () => req.getUrlObject()
   r._.params = req.params
   r._.query = req.query
 
@@ -178,7 +178,7 @@ const fioriGenericActivate = async function (req) {
 
   // REVISIT: we need to use okra API here because it must be set in the batched request
   // status code must be set in handler to allow overriding for FE V2
-  req?._?.odataRes.setStatusCode(201)
+  req?._?.odataRes?.setStatusCode(201)
 
   return result
 }

package/libx/_runtime/fiori/generic/edit.js

@@ -164,7 +164,7 @@ const fioriGenericEdit = async function (req) {
 
   // REVISIT: we need to use okra API here because it must be set in the batched request
   // status code must be set in handler to allow overriding for FE V2
-  req?._?.odataRes.setStatusCode(201)
+  req?._?.odataRes?.setStatusCode(201)
 
   return results[0][0]
 }

package/libx/_runtime/fiori/generic/new.js

@@ -56,6 +56,10 @@ const fioriGenericNew = async function (req, next) {
 
   if (!cds.db) req.reject('NO_DATABASE_CONNECTION')
 
+  const isRoot = typeof req.query.INSERT.into === 'string' || req.query.INSERT.into.ref?.length === 1
+  // Only allowed for pseudo draft roots (entities with this action)
+  if (isRoot && !req.target['@Common.DraftRoot.ActivationAction']) req.reject(403, 'DRAFT_MODIFICATION_ONLY_VIA_ROOT')
+
   const navigationToMany = isNavigationToMany(req)
 
   const adminDataCQN = navigationToMany

package/libx/_runtime/fiori/lean-draft.js

@@ -1,6 +1,7 @@
 const cds = require('../cds'),
   { Object_keys } = cds.utils
 const LOG = cds.log('fiori|drafts')
+const original = Symbol('original')
 
 const DRAFT_ELEMENTS = new Set([
   'IsActiveEntity',
@@ -41,6 +42,14 @@ const _inProcessByUserXpr = lockShiftedNow => ({
   cast: { type: 'cds.String' }
 })
 
+/// It's important to wait for the completion of all promises, otherwise a rollback might happen too soon
+const _promiseAll = async array => {
+  const results = await Promise.allSettled(array)
+  const e = results.find(r => r.status === 'rejected')
+  if (e) throw e.reason
+  return results.map(r => r.value)
+}
+
 const _lock = {
   get shiftedNow() {
     return new Date(Math.max(0, Date.now() - DRAFT_CANCEL_TIMEOUT_IN_MIN() * 60 * 1000)).toISOString()
@@ -69,12 +78,14 @@ cds.ApplicationService.prototype.handle = async function (req) {
 
   if (
     !req.query ||
+    req.query.UPSERT || // skip UPSERTs (might have an additional INSERT)
     (!req.query.SELECT && !req.query.INSERT && !req.query.UPDATE && !req.query.DELETE) ||
     req.query._draftParams
   )
     return handle(req)
   const query = _cleansed(req.query, this.model)
-  _cleanseParams(req.params)
+  _cleanseParams(req.params, req.target)
+  if (req.data) _cleanseParams(req.data, req.target)
   const draftParams = query._draftParams
 
   const _newReq = (req, query, draftParams, event) => {
@@ -82,8 +93,11 @@ cds.ApplicationService.prototype.handle = async function (req) {
     query._target = undefined
     query._draftParams = draftParams
     cds.infer(query, this.model.definitions)
+
+    // REVISIT: This is extremely bad. We should be able to just create a copy without such hacks.
     const _req = cds.Request.for(req._) // REVISIT: this causes req._.data of WRITE reqs copied to READ reqs
-    if (query.SELECT) delete _req.data // which we fix here -> but this is an ugly workaround
+    // If we create a `READ` event based on a modifying request, we delete data
+    if (event === 'READ' && req.event !== 'READ') delete _req.data // which we fix here -> but this is an ugly workaround
     _req.query = query
     _req.event =
       event ||
@@ -93,19 +107,24 @@ cds.ApplicationService.prototype.handle = async function (req) {
       (query.DELETE && 'DELETE') ||
       req.event
     _req.target = query._target
+    _req._ = Object.assign({}, req._ || {}) // don't share the same `_` object
     _req._.params = req.params
     _req.params = req.params
     _req._.query = query
     _req._ = req._
-    _req.data = _req.query.UPDATE?.data || _req.query.INSERT?.entries?.[0]
-
-    // Dirty hack: delegate messages to original request by binding the getter _messages to req
-    let proto = req
-    let _messagesDescr
-    while (proto && !(_messagesDescr = Object.getOwnPropertyDescriptor(proto, '_messages')))
-      proto = Object.getPrototypeOf(proto)
-    Object.defineProperty(_req, '_messages', { ..._messagesDescr, get: _messagesDescr.get.bind(req) })
-
+    _req._isRest = req._isRest
+    _req._isOData = req._isOData
+    _req.isConcurrentResource = req.isConcurrentResource
+    _req.isConditional = req.isConditional
+    _req.validateEtag = req.validateEtag
+    const cqnData = _req.query.UPDATE?.data || _req.query.INSERT?.entries?.[0]
+    if (cqnData) _req.data = cqnData // must point to the same object
+    Object.defineProperty(_req, '_messages', {
+      get: function () {
+        return req._messages
+      }
+    })
+    if (req.tx) _req.tx = req.tx
     return _req
   }
 
@@ -155,7 +174,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
       deletes.push(
         DELETE.from('DRAFT.DraftAdministrativeData').where({ DraftUUID: draft.DraftAdministrativeData_DraftUUID })
       )
-    await Promise.all(deletes)
+    await _promiseAll(deletes)
     return req.data
   }
 
@@ -188,7 +207,8 @@ cds.ApplicationService.prototype.handle = async function (req) {
     delete res.DraftAdministrativeData
     const HasActiveEntity = res.HasActiveEntity
     delete res.HasActiveEntity
-    await Promise.all([
+    delete res.IsActiveEntity
+    await _promiseAll([
       run(DELETE.from(targetDraft).where(targetWhere)),
       DELETE.from('DRAFT.DraftAdministrativeData').where({ DraftUUID: DraftAdministrativeData_DraftUUID })
     ])
@@ -196,7 +216,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
     const result = await run(
       HasActiveEntity ? UPDATE(req.target).data(res).where(targetWhere) : INSERT.into(req.target).entries(res)
     )
-    req?._?.odataRes.setStatusCode(201)
+    req?._?.odataRes?.setStatusCode(201)
 
     return Object.assign(result, { IsActiveEntity: true })
 
@@ -252,11 +272,20 @@ cds.ApplicationService.prototype.handle = async function (req) {
       const updateData = { ...req.data }
       delete updateData.IsActiveEntity
       await run(UPDATE({ ref: draftsRef }).data(updateData))
-      return Object.assign(req.data, { IsActiveEntity: false })
+      req.data.IsActiveEntity = false
+      return req.data
     }
   }
 
   if (req.event === 'READ') {
+    if (
+      !Object.keys(draftParams).length &&
+      !req.query._target.name?.endsWith('DraftAdministrativeData') &&
+      !req.query._target.drafts
+    ) {
+      req.query = query
+      return handle(req)
+    }
     const read = req.query._target.name.endsWith('.drafts')
       ? Read.ownDrafts
       : draftParams.IsActiveEntity === false && draftParams.SiblingEntity_IsActiveEntity === null
@@ -281,8 +310,34 @@ cds.ApplicationService.prototype.handle = async function (req) {
     return result
   }
 
-  const _req = _newReq(req, query, draftParams, req.event)
-  const result = await handle(_req)
+  req.query = query
+  const result = await handle(req)
+  return result
+}
+
+// REVISIT: It's not optimal to first calculate the whole result array and only later
+//          delete unrequested properties. However, as a first step, we do it that way,
+//          especially since the current db driver always adds those fields.
+//          Once we switch to the new driver, we'll adapt it.
+const _requested = (result, query) => {
+  const originalQuery = query[original]
+  if (!result || !originalQuery) return result
+  const all = ['HasActiveEntity', 'HasDraftEntity']
+
+  const ignoredCols = new Set(all.concat('DraftAdministrativeData'))
+  const _isODataV2 = cds.context?.http?.req?.headers?.['x-cds-odata-version'] === 'v2'
+  if (!_isODataV2) ignoredCols.add('DraftAdministrativeData_DraftUUID')
+  for (const col of originalQuery.SELECT.columns || ['*']) {
+    const name = col.as || col.ref?.[0] || col
+    if (all.includes(name) || name === 'DraftAdministrativeData' || name === 'DraftAdministrativeData_DraftUUID')
+      ignoredCols.delete(name)
+    if (name === '*') all.forEach(c => ignoredCols.delete(c))
+  }
+  if (!ignoredCols.size) return result
+  const resArray = Array.isArray(result) ? result : [result]
+  for (const row of resArray) {
+    for (const ignoredCol of ignoredCols) delete row[ignoredCol]
+  }
   return result
 }
 
@@ -291,6 +346,13 @@ const Read = {
     LOG.debug('List Editing Status: Only Active')
     // DraftAdministrativeData is only accessible via drafts
     if (query._target.name.endsWith('.DraftAdministrativeData')) return run(query._drafts)
+    if (!query._target._isDraftEnabled) return run(query)
+    if (!query.SELECT.groupBy && query.SELECT.columns && !query.SELECT.columns.some(c => c === '*')) {
+      const keys = Object_keys(query._target.keys).filter(k => k !== 'IsActiveEntity')
+      for (const key of keys) {
+        if (!query.SELECT.columns.some(c => c.ref?.[0] === key)) query.SELECT.columns.push({ ref: [key] })
+      }
+    }
     const actives = await run(query)
     if (!actives || (Array.isArray(actives) && !actives.length) || !query._target.drafts) return actives
     let drafts
@@ -313,7 +375,7 @@ const Read = {
             DraftAdministrativeData_DraftUUID: null
           })
     )
-    return actives
+    return _requested(actives, query)
   },
   unchanged: async function (run, query) {
     LOG.debug('List Editing Status: Unchanged')
@@ -325,10 +387,10 @@ const Read = {
     draftsQuery.SELECT.columns = keys.map(k => ({ ref: [k] }))
 
     const drafts = await run(draftsQuery)
-    const res = Read.onlyActives(run, query.where(Read.whereNotIn(query._target, drafts)), {
+    const res = await Read.onlyActives(run, query.where(Read.whereNotIn(query._target, drafts)), {
       ignoreDrafts: true
     })
-    return res
+    return _requested(res, query)
   },
   ownDrafts: async function (run, query) {
     LOG.debug('List Editing Status: Own Draft')
@@ -356,11 +418,11 @@ const Read = {
     const drafts = await run(draftsQuery)
     Read.merge(query._target, drafts, [], row =>
       Object.assign(row, {
-        IsActiveEntity: false,
-        HasDraftEntity: false
+        HasDraftEntity: false,
+        IsActiveEntity: false
       })
     )
-    return drafts
+    return _requested(drafts, query)
   },
   all: async function (run, query) {
     LOG.debug('List Editing Status: All')
@@ -391,6 +453,13 @@ const Read = {
       else ownNewDrafts.push(draft)
     }
 
+    // We can't properly calculate `count`:
+    //   - Not all actives are retrieved (e.g. top = 0), hence there could be more deletes if more actives are requested,
+    //     hence we cannot count deletions based on data.
+    //   - We can't rely on the fact that `HasActiveEntity` always has an active counterpart because the filter
+    //     is applied on draft and active data respectively (you could fetch a draft but not an active instance).
+    //     However, there's not much we can do, so we use use this as a best guess.
+
     const count = isFirstPage ? ownNewDrafts.length + (isCount ? actives[0]?.$count : actives.$count) : actives.$count
     if (isCount) return { $count: count }
 
@@ -423,7 +492,7 @@ const Read = {
     })
     const res = isFirstPage ? [...ownNewDrafts, ...ownEditDrafts, ...actives] : actives
     if (query.SELECT.count) res.$count = count
-    return res
+    return _requested(res, query)
   },
   activesFromDrafts: async function (run, query, { isLocked = true }) {
     const draftsQuery = query._drafts
@@ -450,7 +519,7 @@ const Read = {
         ? Object.assign(row, other, { IsActiveEntity: true, HasDraftEntity: true, HasActiveEntity: false })
         : Object.assign({ IsActiveEntity: true, HasDraftEntity: false, HasActiveEntity: false })
     )
-    return actives
+    return _requested(actives, query)
   },
   unsavedChangesByAnotherUser: async function (run, query) {
     LOG.debug('List Editing Status: Unsaved Changes by Another User')
@@ -464,6 +533,7 @@ const Read = {
   whereIn: (target, data, not = false) => {
     const keys = Object_keys(target.keys).filter(k => k !== 'IsActiveEntity')
     const dataArray = data ? (Array.isArray(data) ? data : [data]) : []
+    if (not && !dataArray.length) return []
     return [
       { list: keys.map(k => ({ ref: [k] })) },
       not ? 'not in' : 'in',
@@ -529,29 +599,33 @@ const Read = {
   }
 }
 
-function _cleanseParams(params) {
+function _cleanseParams(params, target) {
+  if (!target?.drafts) return
   if (Array.isArray(params)) {
-    for (const param of params) _cleanseParams(param)
+    for (const param of params) _cleanseParams(param, target)
     return
   }
   if (typeof params === 'object') {
     for (const key in params) {
-      if (key === 'IsActiveEntity') delete params[key]
+      if (key === 'IsActiveEntity') {
+        const value = params[key]
+        delete params[key]
+        if (cds.env.fiori?.draft_compat) Object.defineProperty(params, key, { value, enumerable: false })
+      }
     }
   }
 }
 
-function _cleanseCols(columns, elements) {
-  if (typeof columns?.filter !== 'function') return columns
-  return (
-    columns &&
-    columns
-      .filter(c => !elements.has(c.ref?.[0]))
-      .map(c => {
-        if (c.expand) return { ...c, expand: _cleanseCols(c.expand, elements) }
-        return c
-      })
-  )
+function _cleanseCols(columns, elements, target) {
+  // TODO: sometimes target is undefined
+  if (!target || typeof columns?.filter !== 'function') return columns
+  const filtered = target?.drafts ? columns.filter(c => !elements.has(c.ref?.[0])) : columns
+  return filtered.map(c => {
+    if (c.expand && c.ref) {
+      return { ...c, expand: _cleanseCols(c.expand, elements, target.elements[c.ref[0]]?._target) }
+    }
+    return c
+  })
 }
 
 /**
@@ -559,10 +633,10 @@ function _cleanseCols(columns, elements) {
  */
 function _cleansed(query, model) {
   const draftParams = {} //> used to collect draft filter criteria
-  const q = _cleanseQuery(query, draftParams)
+  const q = _cleanseQuery(query, draftParams, model)
   if (query.SELECT) {
     const getDrafts = () => {
-      const draftsQuery = _cleanseQuery(query, {}) // could just clone `q` but the latter is ruined by database layer
+      const draftsQuery = _cleanseQuery(query, {}, model) // could just clone `q` but the latter is ruined by database layer
       draftsQuery._target = undefined
       const [root, ...tail] = draftsQuery.SELECT.from.ref
       const draft = model.definitions[root.id || root].drafts
@@ -572,7 +646,7 @@ function _cleansed(query, model) {
       cds.infer(draftsQuery, model.definitions)
       // draftsQuery._target = draftsQuery._target?.drafts || draftsQuery._target
       if (query.SELECT.columns && query._target.drafts)
-        draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS)
+        draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS, draft)
 
       if (draftsQuery._target.name.endsWith('.DraftAdministrativeData')) {
         draftsQuery.SELECT.columns = _tweakAdminCols(draftsQuery.SELECT.columns)
@@ -592,21 +666,30 @@ function _cleansed(query, model) {
   }
 
   Object.defineProperty(q, '_draftParams', { value: draftParams, enumerable: false })
+  q[original] = query
   return q
 
-  function _cleanseQuery(query, draftParams) {
+  function _cleanseQuery(query, draftParams, model) {
+    const target = query._target
     const q = cds.ql.clone(query)
 
     const ref = q.SELECT?.from.ref || q.UPDATE?.entity.ref || q.INSERT?.into.ref || q.DELETE?.from.ref
     const cqn = q.SELECT || q.UPDATE || q.INSERT || q.DELETE
 
     if (ref) {
-      const cleansedRef = ref.map(r => (r.where ? { ...r, where: _cleanseWhere(r.where, draftParams) } : r))
+      let entity
+      const cleansedRef = ref.map(r => {
+        entity = (entity && entity.elements[r.id || r]._target) || model.definitions[r.id || r]
+        if (!entity?.drafts) return r
+        return r.where ? { ...r, where: _cleanseWhere(r.where, draftParams) } : r
+      })
       if (q.SELECT) q.SELECT.from = { ...q.SELECT.from, ref: cleansedRef }
       else if (q.DELETE) q.DELETE.from = { ...q.DELETE.from, ref: cleansedRef }
       else if (q.UPDATE) q.UPDATE.entity = { ...q.UPDATE.entity, ref: cleansedRef }
       else if (q.INSERT) q.INSERT.into = { ...q.INSERT.into, ref: cleansedRef }
 
+      // This only works for simple cases of `SiblingEntity`, e.g. `root(ID=1,IsActiveEntity=false)/SiblingEntity`
+      // , check if there are more complicated use cases
       const siblingIdx = cleansedRef.findIndex(r => r === 'SiblingEntity')
       if (siblingIdx !== -1) {
         cleansedRef.splice(siblingIdx, 1)
@@ -614,10 +697,9 @@ function _cleansed(query, model) {
       }
     }
 
-    if (cqn.where) cqn.where = _cleanseWhere(cqn.where, draftParams)
-    if (cqn.columns) cqn.columns = _cleanseCols(q.SELECT.columns, DRAFT_ELEMENTS)
-    if (cqn.orderBy) cqn.orderBy = _cleanseWhere(cqn.orderBy, {})
-
+    if (target.drafts && cqn.where) cqn.where = _cleanseWhere(cqn.where, draftParams)
+    if (target.drafts && cqn.orderBy) cqn.orderBy = _cleanseWhere(cqn.orderBy, {})
+    if (cqn.columns) cqn.columns = _cleanseCols(cqn.columns, DRAFT_ELEMENTS, target)
     return q
   }
 
@@ -648,9 +730,9 @@ function _cleansed(query, model) {
               '=',
               { val: cds.context.user.id },
               'then',
-              { val: true },
+              'true',
               'else',
-              { val: false },
+              'false',
               'end'
             ],
             as: 'DraftIsCreatedByMe',
@@ -671,9 +753,9 @@ function _cleansed(query, model) {
               '>',
               { val: _lock.shiftedNow },
               'then',
-              { val: true },
+              'true',
               'else',
-              { val: false },
+              'false',
               'end'
             ],
             as: 'DraftIsProcessedByMe',
@@ -740,7 +822,10 @@ function expandStarStar(target, recursion = new Map()) {
 
 async function onNew(req) {
   LOG.debug('new draft')
-  const isRoot = typeof req.query.INSERT.into === 'string'
+  const isRoot = typeof req.query.INSERT.into === 'string' || req.query.INSERT.into.ref?.length === 1
+  // Only allowed for pseudo draft roots (entities with this action)
+  if (isRoot && !req.target.actives['@Common.DraftRoot.ActivationAction'])
+    req.reject(403, 'DRAFT_MODIFICATION_ONLY_VIA_ROOT')
   let DraftUUID
   if (isRoot) DraftUUID = cds.utils.uuid()
   else {
@@ -777,15 +862,29 @@ async function onNew(req) {
         })
         .where({ DraftUUID })
 
-  const draftData = Object.assign(
-    { DraftAdministrativeData_DraftUUID: DraftUUID, HasActiveEntity: false },
-    req.query.INSERT.entries[0]
-  )
+  const _assignDraftData = (obj, target) => {
+    const newObj = Object.assign({ DraftAdministrativeData_DraftUUID: DraftUUID, HasActiveEntity: false }, obj)
+    if (!target) return newObj
+
+    // Also support deep insertions
+    for (const key in newObj) {
+      if (!target.elements[key]?.isComposition) continue
+      if (Array.isArray(newObj[key]))
+        newObj[key] = newObj[key].map(v => _assignDraftData(v, target.elements[key]._target))
+      else if (typeof newObj[key] === 'object') {
+        newObj[key] = _assignDraftData(newObj[key], target.elements[key]._target)
+      }
+    }
+
+    return newObj
+  }
+
+  const draftData = _assignDraftData(req.query.INSERT.entries[0], req.target)
 
   delete draftData.IsActiveEntity
   const draftCQN = INSERT.into(req.target).entries(draftData)
 
-  await Promise.all([cds.run(adminDataCQN), this.run(draftCQN)])
+  await _promiseAll([cds.run(adminDataCQN), this.run(draftCQN)])
   req._.readAfterWrite = true
   return { ...draftData, IsActiveEntity: false }
 }
@@ -794,7 +893,7 @@ async function onEdit(req) {
   LOG.debug('edit active')
   const draftParams = req.query._draftParams
   if (req.query.SELECT.from.ref.length > 1 || draftParams.IsActiveEntity !== true) {
-    req.reject(400, 'Action "draftEdit" can only be called on the root entity')
+    req.reject(400, 'Action "draftEdit" can only be called on the root active entity')
   }
   const targetWhere = req.query.SELECT.from.ref[0].where
 
@@ -816,18 +915,29 @@ async function onEdit(req) {
     }
   }
   _addDraftColumns(req.target, cols)
-  const draftsCheck = SELECT.one(req.target.drafts)
+
+  const existingDraft = SELECT.one(req.target.drafts)
     .columns({ ref: ['DraftAdministrativeData'], expand: [_inProcessByUserXpr(_lock.shiftedNow)] })
     .where(targetWhere)
-    .forUpdate({ wait: 0 })
   // prevent service to check for own user
-  Object.defineProperty(draftsCheck, '_draftParams', { value: draftParams, enumerable: false })
+  Object.defineProperty(existingDraft, '_draftParams', { value: draftParams, enumerable: false })
+
+  const activeCQN = SELECT.one.from(req.target).columns(cols).where(targetWhere)
+  activeCQN._suppressLocalization = true // in the future we should be able to just set activeCQN.SELECT.localized = false
 
-  const [res, draft] = await Promise.all([
-    this.run(SELECT.one.from(req.target).columns(cols).where(targetWhere).forUpdate({ wait: 0 })),
+  const activeCheck = SELECT.one(req.target).columns([1]).where(targetWhere).forUpdate()
+  Object.defineProperty(activeCheck, '_draftParams', { value: draftParams, enumerable: false })
+  // It's not possible to use `FOR UPDATE` in HANA if the view contains joins/unions. Unfortunately, we can't resolve the table entity
+  // because we must trigger the app-service request on the target entity (which could be delegated to a remote service).
+  // The best we can do is to catch a potential error
+  await this.run(activeCheck).catch(_ => {})
+
+  const [res, draft] = await _promiseAll([
+    this.run(activeCQN),
     // no user check must be done here...
-    this.run(draftsCheck)
+    this.run(existingDraft)
   ])
+
   if (!res) req.reject(404)
   const preserveChanges = req.context?.data?.PreserveChanges
   const inProcessByUser = draft?.DraftAdministrativeData?.InProcessByUser
@@ -835,7 +945,7 @@ async function onEdit(req) {
     if (inProcessByUser || preserveChanges) req.reject(409, 'DRAFT_ALREADY_EXISTS')
     const keys = {}
     for (const key in req.target.drafts.keys) keys[key] = res[key]
-    await Promise.all([
+    await _promiseAll([
       DELETE.from('DRAFT.DraftAdministrativeData').where({ DraftUUID }),
       this.run(DELETE.from(req.target.drafts).where(keys))
     ])
@@ -862,7 +972,7 @@ async function onEdit(req) {
 
   // REVISIT: we need to use okra API here because it must be set in the batched request
   // status code must be set in handler to allow overriding for FE V2
-  req?._?.odataRes.setStatusCode(201)
+  req?._?.odataRes?.setStatusCode(201)
 
   return { ...res, IsActiveEntity: false } // REVISIT: Flatten?
 }
@@ -891,7 +1001,7 @@ async function onCancel(req) {
       DELETE.from('DRAFT.DraftAdministrativeData').where({ DraftUUID: draft.DraftAdministrativeData_DraftUUID })
     )
   if (draftParams.IsActiveEntity) deletes.push(this.run(DELETE.from({ ref: activeRef })))
-  await Promise.all(deletes)
+  await _promiseAll(deletes)
   return req.data
 }
 

package/libx/_runtime/hana/execute.js

@@ -225,7 +225,9 @@ function _processExpand(model, dbc, cqn, user, locale, txTimestamp) {
 function executeSelectCQN(model, dbc, query, user, locale, txTimestamp) {
   if (hasExpand(query)) {
     // expand: '**' or '*3' is handled by new impl
-    if (query.SELECT.columns.some(c => c.expand && typeof c.expand === 'string' && /^\*{1}[\d|*]+/.test(c.expand))) {
+    if (
+      query.SELECT.columns.some(c => c.expand && typeof c.expand[0] === 'string' && /^\*{1}[\d|*]+/.test(c.expand[0]))
+    ) {
       return expandV2(model, dbc, query, user, locale, txTimestamp, executeSelectCQN)
     }
     return _processExpand(model, dbc, query, user, locale, txTimestamp)