@sap/cds 6.7.2 → 6.8.2

package/libx/_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite.js

@@ -54,7 +54,11 @@ const readAfterWrite = async (req, srv, { operation, isBefore } = { isBefore: fa
     if (_isDraftAction(req)) query.where({ IsActiveEntity: req.event === 'draftActivate' })
   } else if (req.event === 'NEW' || req.event === 'PATCH') {
     const { result } = operation
-    query = getSimpleSelectCQN(req.target, result)
+    if (req.query.UPDATE?.entity?.ref[0]?.where) {
+      query = SELECT.one(req.query.UPDATE.entity)
+    } else {
+      query = getSimpleSelectCQN(req.target, result)
+    }
   } else if (req.event === 'UPDATE' && !hasDeepUpdate(srv.model, req.query)) {
     query = Array.isArray(req.data) ? SELECT.from(req.query.UPDATE.entity) : SELECT.one(req.query.UPDATE.entity)
   } else {
@@ -62,13 +66,14 @@ const readAfterWrite = async (req, srv, { operation, isBefore } = { isBefore: fa
   }
   Object.defineProperty(query.SELECT, '_4odata', { value: true })
   _ensureKeysAreSelected(query)
+
   // gracefully set location and no body if no read auth or not readable capability
   let result
   try {
     const _req = new Request({ query, event: 'READ', _: req._, params: req.params })
     result = await srv.dispatch(_req)
     if (result && req.target._isDraftEnabled) removeDraftUUIDIfNecessary(req)(result)
-    if (result === null && !isBefore && (_isWriteWithResponse(req) || _isDraftAction(req))) {
+    if (result == null && !isBefore && (_isWriteWithResponse(req) || _isDraftAction(req))) {
       // > something must be written and no READ error <=> @restrict or static where
       _req.reject({
         code: 404,
@@ -82,10 +87,12 @@ const readAfterWrite = async (req, srv, { operation, isBefore } = { isBefore: fa
     _handleReadError(e, req)
     result = null
   }
+
   // draft actions have own logic to set location header
-  if (result === null && _isWriteWithResponse(req) && !_isDraftAction(req)) {
+  if (result == null && _isWriteWithResponse(req) && !_isDraftAction(req)) {
     setLocationHeader(req, srv)
   }
+
   return result
 }
 

package/libx/_runtime/cds-services/services/Service.js

@@ -78,14 +78,9 @@ class ApplicationService extends cds.Service {
               if (Array.isArray(data)) return data.map(d => _addIsActiveEntity(d, IsActiveEntity))
               if (_key in data) data.IsActiveEntity = IsActiveEntity
             }
-            this.on('READ', each, async (_, next) => {
+            this.on('READ', each, async (req, next) => {
               const data = await next()
-              _addIsActiveEntity(data, true)
-              return data
-            })
-            this.on('READ', each, async (_, next) => {
-              const data = await next()
-              _addIsActiveEntity(data, false)
+              _addIsActiveEntity(data, !req.target?.isDraft)
               return data
             })
           }

package/libx/_runtime/cds-services/services/utils/differ.js

@@ -39,7 +39,7 @@ module.exports = class Differ {
   _diffDelete(req) {
     const { DELETE } = (req._ && req._.query) || req.query
     const query = SELECT.from(DELETE.from).columns(this._createSelectColumnsForDelete(req.target))
-    if (DELETE.where) query.where(...DELETE.where)
+    if (DELETE.where) query.where(DELETE.where)
 
     return cds
       .tx(req)

package/libx/_runtime/cds-services/util/assert.js

@@ -112,10 +112,33 @@ const _checkISODateTime = value => (_checkString(value) && ISO_DATE_TIME_REGEX.t
 
 const _checkISOTimestamp = value => (_checkString(value) && ISO_TIMESTAMP_REGEX.test(value)) || value instanceof Date
 
-const _checkInRange = (val, range) => {
-  return _checkISODate(val)
-    ? (new Date(val) - new Date(range[0])) * (new Date(val) - new Date(range[1])) <= 0
-    : (val - range[0]) * (val - range[1]) <= 0
+const _checkDateValue = (val, r1, r2) => {
+  const dateVal = new Date(val)
+  return (dateVal - new Date(r1)) * (dateVal - new Date(r2)) <= 0
+}
+
+const _toDate = val => `2000-01-01T${val}Z`
+
+const _checkInRange = (val, range, type) => {
+  switch (type) {
+    case 'cds.Date':
+      return _checkISODate(val) && _checkDateValue(val, range[0], range[1])
+    case 'cds.DateTime':
+      return _checkISODateTime(val) && _checkDateValue(val, range[0], range[1])
+    case 'cds.Timestamp':
+      return _checkISOTimestamp(val) && _checkDateValue(val, range[0], range[1])
+    case 'cds.Time':
+      return _checkISOTime(val) && _checkDateValue(_toDate(val), _toDate(range[0]), _toDate(range[1]))
+    default:
+      return (val - range[0]) * (val - range[1]) <= 0
+  }
+}
+
+const _resolveCDSType = element => {
+  if (element.type.startsWith('cds.')) return element.type
+  if (!element.type) return
+
+  return _resolveCDSType(element.__proto__)
 }
 
 // process.env.CDS_ASSERT_FORMAT_FLAGS not official!
@@ -227,7 +250,7 @@ const _checkEnumElement = (element, value, errors, key, pathSegmentsInfo) => {
 
 const _checkRangeElement = (element, value, errors, key, pathSegmentsInfo) => {
   const rangeElements = element['@assert.range'] && !_getEnumElement(element) ? element['@assert.range'] : undefined
-  if (rangeElements && !_checkInRange(value, rangeElements)) {
+  if (rangeElements && !_checkInRange(value, rangeElements, _resolveCDSType(element))) {
     const args = [value, ...element['@assert.range']]
     errors.push(assertError({ code: ASSERT_RANGE, args }, element, value, key, pathSegmentsInfo))
   }

package/libx/_runtime/common/aspects/any.js

@@ -40,11 +40,14 @@ const _relationHandler = relation => ({
         if (newRelation) {
           target[prop] = new Proxy(_exposeRelation(newRelation), _relationHandler(newRelation))
         }
+
         return target[prop]
       }
-      target[prop] = path.reduce((r, p) => r[p] || r.csn._relations[p], relation)
+
+      target[prop] = path.reduce((relation, value) => relation[value] || relation.csn._relations[value], relation)
       target[prop].path = path
     }
+
     return target[prop]
   }
 })

package/libx/_runtime/common/generic/auth/utils.js

@@ -40,54 +40,51 @@ const _getCurrentSubClause = (next, restrict) => {
   const escaped = next[0].replace(/\$/g, '\\$').replace(/\./g, '\\.')
   const re1 = new RegExp(`([\\w\\.']*)\\s*=\\s*(${escaped})|(${escaped})\\s*=\\s*([\\w\\.']*)`)
   const re2 = new RegExp(`([\\w\\.']*)\\s*in\\s*(${escaped})|(${escaped})\\s*in\\s*([\\w\\.']*)`)
-  const clause = restrict.where.match(re1) || restrict.where.match(re2)
+  const re3 = new RegExp(`(${escaped})\\s*is\\s*null`)
+  const re4 = new RegExp(`(${escaped})\\s*is\\s*not\\s*null`)
+  const clause =
+    restrict.where.match(re3) || restrict.where.match(re4) || restrict.where.match(re1) || restrict.where.match(re2)
 
   if (clause) return clause
 
   // NOTE: arrayed attr with "=" as operator is some kind of legacy case
-  throw new Error('user attribute array must be used with operator "=" or "in"')
+  throw new Error('user attribute array must be used with operator "=", "in", "is null", or "is not null"')
 }
 
-const _processUserAttr = (next, restrict, user, attr) => {
+const _isNull = (userAttrs, attr) =>
+  userAttrs[attr] == null || (Array.isArray(userAttrs[attr]) && userAttrs[attr].length === 0)
+const _isNotNull = (userAttrs, attr) =>
+  userAttrs[attr] != null && Array.isArray(userAttrs[attr]) && userAttrs[attr].length > 0
+
+const _processUserAttr = (next, restrict, userAttrs, attr) => {
   const clause = _getCurrentSubClause(next, restrict)
   const valOrRef = clause[1] || clause[4]
 
-  if (clause[0].match(/ in /)) {
-    if (!user[attr] || user[attr].length === 0) {
+  if (clause[0].match(/ is\s*null/)) {
+    restrict.where = restrict.where.replace(clause[0], _isNull(userAttrs, attr) ? '1 = 1' : '1 = 2')
+  } else if (clause[0].match(/ is\s*not\s*null/)) {
+    restrict.where = restrict.where.replace(clause[0], _isNotNull(userAttrs, attr) ? '1 = 1' : '1 = 2')
+  } else {
+    if (_isNull(userAttrs, attr)) {
       restrict.where = restrict.where.replace(clause[0], '1 = 2')
-    } else if (user[attr].length === 1) {
-      restrict.where = restrict.where.replace(clause[0], `${valOrRef} = '${user[attr][0]}'`)
+    } else if (clause[0].match(/ in /)) {
+      if (userAttrs[attr].length === 1) {
+        restrict.where = restrict.where.replace(clause[0], `${valOrRef} = '${userAttrs[attr][0]}'`)
+      } else {
+        restrict.where = restrict.where.replace(
+          clause[0],
+          `${valOrRef} in (${userAttrs[attr].map(ele => `'${ele}'`).join(', ')})`
+        )
+      }
+    } else if (valOrRef.startsWith("'") && userAttrs[attr].includes(valOrRef.split("'")[1])) {
+      restrict.where = restrict.where.replace(clause[0], `${valOrRef} = ${valOrRef}`)
     } else {
       restrict.where = restrict.where.replace(
         clause[0],
-        `${valOrRef} in (${user[attr].map(ele => `'${ele}'`).join(', ')})`
+        `(${userAttrs[attr].map(ele => `${valOrRef} = '${ele}'`).join(' or ')})`
       )
     }
-  } else if (valOrRef.startsWith("'") && user[attr].includes(valOrRef.split("'")[1])) {
-    restrict.where = restrict.where.replace(clause[0], `${valOrRef} = ${valOrRef}`)
-  } else {
-    restrict.where = restrict.where.replace(
-      clause[0],
-      `(${user[attr].map(ele => `${valOrRef} = '${ele}'`).join(' or ')})`
-    )
-  }
-}
-
-const _getShortcut = (attrs, attr) => {
-  // undefined
-  if (attrs[attr] === undefined) {
-    return '1 = 2'
   }
-
-  // $UNRESTRICTED
-  if (
-    (typeof attrs[attr] === 'string' && attrs[attr].match(/\$UNRESTRICTED/i)) ||
-    (Array.isArray(attrs[attr]) && attrs[attr].some(a => a.match(/\$UNRESTRICTED/i)))
-  ) {
-    return '1 = 1'
-  }
-
-  return null
 }
 
 /*
@@ -120,15 +117,7 @@ const resolveUserAttrs = (restrict, req) => {
     let attr = parts.shift()
 
     while (attr) {
-      const shortcut = _getShortcut(attrs, attr)
-      if (shortcut) {
-        const clause = _getCurrentSubClause(next, restrict)
-        restrict.where = restrict.where.replace(clause[0], shortcut)
-        skip = true
-        break
-      }
-
-      if (Array.isArray(attrs[attr])) {
+      if (attrs[attr] === undefined || Array.isArray(attrs[attr])) {
         _processUserAttr(next, restrict, attrs, attr)
         skip = true
         break

package/libx/_runtime/common/generic/crud.js

@@ -43,6 +43,7 @@ exports.impl = cds.service.impl(function () {
     // - INSERT has no where clause to do this in one roundtrip
     // - SELECT returns [] -> really empty collection or invalid path?
     let pathExistsQuery
+
     const { ref } = (req.query.INSERT && req.query.INSERT.into) || (req.query.SELECT && req.query.SELECT.from) || {}
     // REVISIT: why is copy necessary?
     if (ref && ref.length > 1) pathExistsQuery = SELECT(1).from({ ref: deepCopyArray(ref.slice(0, -1)) })
@@ -59,7 +60,6 @@ exports.impl = cds.service.impl(function () {
 
       // if no keys available, select all columns so we can delete the singleton with same content
       if (keyColumns.length) selectSingleton.columns(keyColumns)
-
       const singleton = await cds.tx(req).run(selectSingleton)
       if (!singleton) req.reject(404)
 

package/libx/_runtime/common/i18n/messages.properties

@@ -85,7 +85,7 @@ CRUD_VIA_NAVIGATION_NOT_SUPPORTED=CRUD via navigations is not yet supported
 
 # draft
 DRAFT_ALREADY_EXISTS=A draft for this entity already exists
-DRAFT_LOCKED_BY_ANOTHER_USER=The entity is locked by another user
+DRAFT_LOCKED_BY_ANOTHER_USER=The entity is locked by user "{0}"
 DRAFT_MODIFICATION_ONLY_VIA_ROOT=A draft can only be modified via its root entity
 
 # singleton

package/libx/_runtime/common/utils/generateOnCond.js

@@ -8,6 +8,7 @@ const _toRef = (alias, column) => {
 const _adaptRefs = (onCond, path, { select, join }) => {
   const _adaptEl = el => {
     const ref = el.ref
+
     if (ref) {
       if (ref[0] === path.join('_') && ref[1]) {
         return _toRef(select, ref.slice(1))
@@ -19,41 +20,34 @@ const _adaptRefs = (onCond, path, { select, join }) => {
       }
 
       return _toRef(join, ref.slice(0))
-    } else if (el.xpr) {
-      return { xpr: el.xpr.map(_adaptEl) }
     }
 
+    if (el.xpr) return { xpr: el.xpr.map(_adaptEl) }
     return el
   }
+
   return onCond.map(_adaptEl)
 }
 
 const _args = (csnElement, path, aliases) => {
   const onCond = csnElement.on
-
-  if (!onCond || !onCond.length) {
-    return []
-  }
-
-  if (onCond.length < 3) {
-    return onCond
-  }
-
+  if (!onCond || onCond.length === 0) return []
+  if (onCond.length < 3 && !onCond[0]?.xpr) return onCond
   if (!csnElement._isSelfManaged) return _adaptRefs(onCond, path, aliases)
 
   // revert join and select aliases because of backlink
-  const oc = _newOnConditions(csnElement._backlink, [csnElement._backlink.name], {
+  const mutOnCond = _newOnConditions(csnElement._backlink, [csnElement._backlink.name], {
     select: aliases.join,
     join: aliases.select
   })
 
   if (onCond.some(e => e === 'and')) {
-    // managed with ON-conditions must contain `$self`, which we replace with `oc`
-    const onCondWithouSelf = _adaptRefs(_onCondWithout$self(onCond), path, aliases)
-    oc.push('and', ...onCondWithouSelf)
+    // managed with ON-conditions must contain `$self`, which we replace with `mutOnCond`
+    const onCondWithoutSelf = _adaptRefs(_onCondWithout$self(onCond), path, aliases)
+    mutOnCond.push('and', ...onCondWithoutSelf)
   }
 
-  return oc
+  return mutOnCond
 }
 
 const _isSelfRef = e => e && e.ref && e.ref[0] === '$self'
@@ -64,23 +58,27 @@ const _onCondWithout$self = onCond => {
     if (e === 'and') return _isSelfRef(on[i + 1]) || _isSelfRef(on[i + 3])
     return on[i + 1] === '=' && (_isSelfRef(e) || _isSelfRef(on[i + 2]))
   })
+
   onCondWithoutSelf.splice(selfIndex, 4)
   return onCondWithoutSelf
 }
 
+// this is only for 2one managed w/o on-conditions, i.e. no static values are possible
 const _foreignToOn = (csnElement, path, { select, join }) => {
-  // this is only for 2one managed w/o ON-conditions i.e. no static values are possible
   const on = []
+
   for (const key of csnElement._foreignKeys) {
     if (on.length !== 0) {
       on.push('and')
     }
+
     const prefixChild = prefixForStruct(key.childElement)
     const ref1 = _toRef(select, prefixChild + key.childElement.name)
     const structPrefix = path.length > 1 ? path.slice(0, -1) : []
     const ref2 = _toRef(join, [...structPrefix, key.parentElement.name])
     on.push(ref1, '=', ref2)
   }
+
   return on
 }
 
@@ -93,10 +91,8 @@ const _newOnConditions = (csnElement, path, aliases) => {
 }
 
 const getOnCond = (csnElement, path = [], aliases = { select: '', join: '' }) => {
-  const oncond = _newOnConditions(csnElement, path, aliases)
-  return [{ xpr: oncond }]
+  const onCond = _newOnConditions(csnElement, path, aliases)
+  return [{ xpr: onCond }]
 }
 
-module.exports = {
-  getOnCond
-}
+module.exports = { getOnCond }