@sap/cds 7.0.1 → 7.0.3

package/CHANGELOG.md

@@ -4,6 +4,29 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 7.0.3 - 2023-07-19
+
+### Fixed
+
+- Compile for lean draft: do not add draft entity for external entities
+- Rollback awaited in REST adapter
+- `service.on('error')` handler invoked only once
+- `SELECT.one.localized`
+- `COPYFILE_DISABLE=1` is now set for building `tar` archives by default
+- Actions of projection target are no longer accessible in linked models
+- Batch execute model-less mass inputs when on `@sap/hana-client`
+- Requests to `/<path>/webapp` return 404 for absolute `@path` specifications
+- `cds compile --to serviceinfo` no longer returns paths w/ Windows `\` path characters
+
+## Version 7.0.2 - 2023-07-06
+
+### Fixed
+
+- Glitch in `cds.deploy` if no change was applied
+- Detection of `.cdsrc-private.json` during startup
+- Respect capabilities annotation for draft events
+- `cds compile --to serviceinfo` returns correct service paths again
+
 ## Version 7.0.1 - 2023-07-03
 
 ### Fixed

package/lib/compile/for/lean_drafts.js

@@ -72,6 +72,9 @@ module.exports = function cds_compile_for_lean_drafts(csn) {
     if (draft['@readonly']) draft['@readonly'] = undefined
     if (draft['@insertonly']) draft['@insertonly'] = undefined
     if (draft['@restrict']) draft['@restrict'] = undefined
+    if ('@Capabilities.DeleteRestrictions.Deletable' in draft) draft['@Capabilities.DeleteRestrictions.Deletable'] = undefined
+    if ('@Capabilities.InsertRestrictions.Insertable' in draft) draft['@Capabilities.InsertRestrictions.Insertable'] = undefined
+    if ('@Capabilities.UpdateRestrictions.Updatable' in draft) draft['@Capabilities.UpdateRestrictions.Updatable'] = undefined
 
     // Recursively add drafts for compositions
     for (const each in draft.elements) {
@@ -103,7 +106,7 @@ module.exports = function cds_compile_for_lean_drafts(csn) {
   }
   for (const name in csn.definitions) {
     const def = csn.definitions[name]
-    if (!_isDraft(def)) continue
+    if (!_isDraft(def) || def['@cds.external']) continue
     def.elements.IsActiveEntity.virtual = true
     def.elements.HasDraftEntity.virtual = true
     def.elements.HasActiveEntity.virtual = true

package/lib/compile/to/srvinfo.js

@@ -35,24 +35,44 @@ module.exports = (model, options={}) => {
     }
   }
   function _makeNode(service) {
+    const path = _effectiveNodePath(service)
     return {
       name: service.name,
-      urlPath: _url4 (cds.service.path4(service)),
+      urlPath: _url4 (path),
       destination: 'srv-api', // the name to register in xs-app.json
       runtime: 'Node.js',
       location: service.$location
     }
   }
 
+  // TODO use a function from cds.service... instead
+  function _effectiveNodePath(service) {
+    if (service['@path']?.[0] === '/') { // absolute path given
+      return service['@path']
+    }
+    const { ProtocolAdapter } = cds.service.protocols
+    const prots = ProtocolAdapter.protocols4(service)
+    const prot = prots.find(p => p.kind.startsWith('odata')) || prots[0] // prefer odata for compat. reasons
+    if (prot.path && prot.path.startsWith('/')) {
+      return prot.path
+    }
+    const rootPath = cds.env.requires.middlewares ? ProtocolAdapter.protocols[prot.kind]?.path || '' : ''
+    return join(rootPath, prot.path || cds.service.path4(service))
+  }
+
    // the URL path that is *likely* effective at runtime
   function _url4 (p) {
-    return normalize (p.replace(/^\/+/, '') + '/') //> /foo/bar  ->  foo/bar/
+    p = p.replace(/\\/g, '/') // handle Windows
+         .replace(/^\/+/, '') // strip leading
+         .replace(/\/+$/, '') // strip trailing
+    p += '/' // end with /
+    return p
   }
 
   function _javaPath (service) {
     const d = model.definitions[service.name]
     const path = d && d['@path'] ? d['@path'].replace(/^[^/]/, c => '/'+c) : service.name
-    return join(javaPrefix, path).replace(/\\/g, '/')
+    return join(javaPrefix, path)
   }
 
   function _isNodeProject(root) {

package/lib/dbs/cds-deploy.js

@@ -15,7 +15,7 @@ module.exports = exports = function cds_deploy (model,options,csvs) {
   DEBUG = cds.debug('deploy')
   return {
     /** @param {import('@sap/cds/lib/srv/srv-api')} db */
-    async to(db, o = options || cds.options || {}) {
+    async to(db, o = options || {}) {
 
       const TRACE = cds.debug('trace')
       TRACE?.time('cds.deploy db  ')
@@ -90,8 +90,8 @@ exports.create = async function cds_deploy_create (db, csn=db.model, o) {
       } else {
         await db.run(`UPDATE cds_model SET csn = ?`, after)
       }
-      db.options.schema_evolution = 'auto' // for updating package.json
     }
+    o.schema_evolution = 'auto' // for INSERT_from4 below
     // cds deploy --model-only > fills in table cds_model above
     if (o['model-only']) return o.dry && console.log(after)
     // cds deploy -- with auto schema evolution > upgrade by applying delta to former model
@@ -253,9 +253,6 @@ exports.resources = async function cds_deploy_resources (csn, opts) {
   const folders = await cds_deploy_resources.folders(csn, opts)
   const found={}, ts = process.env.CDS_TYPESCRIPT
   for (let folder of folders) {
-    // fetching init.js files
-    const init_js = ts && isfile(folder,'init.ts') || isfile(folder,'init.js')
-    if (init_js) found[init_js] = '*'
     // fetching .csv and .json files
     for (let each of ['data','csv']) {
       const subdir = isdir(folder,each); if (!subdir) continue
@@ -281,6 +278,9 @@ exports.resources = async function cds_deploy_resources (csn, opts) {
         }
       }
     }
+    // fetching init.js files -> Note: after .csv files to have that on top, when processing in .reverse order
+    const init_js = ts && isfile(folder,'init.ts') || isfile(folder,'init.js')
+    if (init_js) found[init_js] = '*'
   }
   return found
 }
@@ -341,7 +341,7 @@ const _queries4 = (db,csn) => !db.cqn2sql ? q => q : q => {
 
 
 const INSERT_from4 = (db,o) => {
-  const schevo = db.options?.schema_evolution === 'auto' || cds.env.requires.db?.schema_evolution === 'auto' || o?.schema_evolution === 'auto'
+  const schevo = o?.schema_evolution === 'auto' || db.options.schema_evolution === 'auto'
   const INSERT_into = (schevo ? UPSERT : INSERT).into
   return (file) => ({
     '.json': { into (entity, json) {

package/lib/env/cds-env.js

@@ -113,14 +113,14 @@ class Config {
       ...( global._plugins||[] ).map (root => ({
         path: root, file: 'package.json', mapper: x => x.cds
       })),
-      { path: user_home, file: '.cdsrc.json' },
-      { path: home, file: '.cdsrc-private.json' },
-      { path: home, file: '.cdsrc.json' },
+      { path: user_home, file: '.cdsrc.json', mapper: x => x.cds||x },
+      { path: home, file: '.cdsrc.json', mapper: x => x.cds||x },
       { path: home, file: 'package.json', mapper: _package_json },
+      { path: home, file: '.cdsrc-private.json', mapper: x => x.cds||x },
     ]
     function _package_json (pkg) { // fill cds.extends from .extends
       let cds = pkg.cds
-      if (pkg.extends) (cds||(cds={})).extends = pkg.extends
+      if (pkg.extends) (cds??={}).extends = pkg.extends
       return cds
     }
   }
@@ -434,7 +434,7 @@ class Config {
 function _add_static_profiles (_home, profiles) {
   for (let src of ['package.json', '.cdsrc.json']) try {
     const conf = require(path.join(_home,src))
-    const cds = src === '.cdsrc.json' ? conf : conf.cds
+    const cds = src === 'package.json' ? conf.cds : conf.cds||conf
     if (cds?.profiles) return profiles.push(...cds.profiles)
     if (cds?.profile) return profiles.push(cds.profile)
   } catch (e) { if (e.code !== 'MODULE_NOT_FOUND') throw e }

package/lib/linked/models.js

@@ -25,7 +25,8 @@ class LinkedCSN extends any {
         /* else: */         any.prototype
       )
       if (p.key && !d.key && d.kind === 'element') Object.defineProperty (d,'key',{value:undefined})  //> don't propagate .key
-      if (p.params && !d.params && d.kind === 'entity') Object.defineProperty (d,'params',{value:undefined})  //> don't propagate .key
+      if (p.params && !d.params && d.kind === 'entity') Object.defineProperty (d,'params',{value:undefined})  //> don't propagate .params
+      if (p.actions && !d.actions && d.kind === 'entity') Object.defineProperty (d,'actions',{value:undefined})  //> don't propagate .actions
       if (d.elements && d.elements.localized) Object.defineProperty (d,'texts',{value: defs [d.elements.localized.target] })
       try { return Object.setPrototypeOf(d,p) }            //> link d to resolved proto
       catch(e) {                                          //> cyclic proto error

package/lib/ql/SELECT.js

@@ -17,6 +17,7 @@ module.exports = class Query extends Whereable {
       one: $((...x)       => new this({one:true})._select_or_from(...x),{
         columns: (..._)   => new this({one:true}).columns(..._),
         from: (..._)      => new this({one:true}).from(..._),
+        localized: (..._) => new this({one:true,localized:true}).from(..._)
       }),
       from: $((..._)      => new this().from(..._), {
         localized: (..._) => new this({localized:true}).from(..._)

package/lib/srv/protocols/index.js

@@ -83,11 +83,28 @@ class ProtocolAdapter {
           app.use (`/${path}`, before, adapter, after)
         }
 
+        if (!cds.env.features.serve_on_root) {
+          // log warning for changed path if $metadata is accessed
+          let logged = false
+          app.use(`*/${path}/\\$metadata`, (req,res,next) => {
+            if (!logged) {
+              const logger = cds.log('adapters')
+              logger._warn && logger.warn(`With @sap/cds version 7, the service path has changed to '${srv.path}'.
+             If you use SAP Fiori Elements, make sure to adapt the 'dataSources.uri' paths
+             in 'manifest.json' files accordingly. For more information, see the release notes at
+             https://cap.cloud.sap/docs/releases/jun23.`)
+              logged = true
+            }
+            next()
+          })
+        }
+
         prefix = this.protocols[p.kind].path
         prefix = prefix ? (prefix.endsWith('/') ? prefix : prefix + '/') : '/'
         path = prefix + path
       }
 
+      app.use (`${path}/webapp/`, (_,res) => res.sendStatus(404))
       DEBUG?.('app.use(', path, ', ... )')
       app.use (path, before, adapter, after)
       // REVISIT this doesn't handle multiple protocols correctly

package/lib/utils/tar.js

@@ -102,7 +102,7 @@ exports.create = async (dir='.', ...args) => {
       args.push('.')
     }
 
-    c = spawn ('tar', ['c', '-C', dir, ...args])
+    c = spawn ('tar', ['c', '-C', dir, ...args], { env: { COPYFILE_DISABLE: 1 }})
   }
 
   return {__proto__:c, // returning a thenable + fluent ChildProcess...
@@ -169,7 +169,7 @@ exports.extract = (archive, ...args) => ({
   to (...dest) {
     if (typeof dest === 'string') dest = _resolve(...dest)
     const input = typeof archive !== 'string' || archive == '-' ? '-' : _resolve(archive)
-    const x = spawn('tar', ['xf', win(input), '-C', win(dest), ...args], { env: { COPYFILE_DISABLE: 1 }})
+    const x = spawn('tar', ['xf', win(input), '-C', win(dest), ...args])
     if (archive === '-') return x.stdin
     if (Buffer.isBuffer(archive)) archive = require('stream').Readable.from (archive)
     if (typeof archive !== 'string') archive.pipe (x.stdin)

package/libx/_runtime/cds-services/adapter/odata-v4/handlers/error.js

@@ -112,6 +112,7 @@ const getErrorHandler = (crashOnError = true, srv) => {
       if ('_data' in err && !('data' in req)) req.data = err._data
     }
 
+    // REVISIT: invoking service.on('error') handlers needs a cleanup with new protocol adapters!!!
     // invoke srv.on('error', function (err, req) { ... }) here in special situations
     // REVISIT: if for compat reasons, remove once cds^5.1
     if (srv._handlers._error.length) {
@@ -124,7 +125,7 @@ const getErrorHandler = (crashOnError = true, srv) => {
         // > error before req was dispatched
         const creq = new cds.Request({ req, res: req.res, user: req.user || new cds.User.Anonymous() })
         for (const each of srv._handlers._error) each.handler.call(srv, err, creq)
-      } else {
+      } else if (ctx._tx?._done !== 'rolled back') {
         // > error after req was dispatched, e.g., serialization error in okra
         const creq = /* odataReq.req || */ new cds.Request({ req, res: req.res, user: ctx.user, tenant: ctx.tenant })
         for (const each of srv._handlers._error) each.handler.call(srv, err, creq)

package/libx/_runtime/fiori/lean-draft.js

@@ -856,10 +856,13 @@ function expandStarStar(target, recursion = new Map()) {
 
 async function onNew(req) {
   LOG.debug('new draft')
+  if (req.target.actives['@Capabilities.InsertRestrictions.Insertable'] === false || req.target.actives['@readonly'])
+    req.reject(405)
   const isDirectAccess = typeof req.query.INSERT.into === 'string' || req.query.INSERT.into.ref?.length === 1
   // Only allowed for pseudo draft roots (entities with this action)
   if (isDirectAccess && !req.target.actives['@Common.DraftRoot.ActivationAction'])
     req.reject(403, 'DRAFT_MODIFICATION_ONLY_VIA_ROOT')
+
   let DraftUUID
   if (isDirectAccess) DraftUUID = cds.utils.uuid()
   else {
@@ -929,6 +932,12 @@ async function onEdit(req) {
   if (req.query.SELECT.from.ref.length > 1 || draftParams.IsActiveEntity !== true) {
     req.reject(400, 'Action "draftEdit" can only be called on the root active entity')
   }
+  if (
+    req.target['@Capabilities.UpdateRestrictions.Updatable'] === false ||
+    req.target['@insertonly'] ||
+    req.target['@readonly']
+  )
+    req.reject(405)
   const targetWhere = req.query.SELECT.from.ref[0].where
 
   if (draftParams.IsActiveEntity !== true) req.reject(400)

package/libx/_runtime/hana/streaming.js

@@ -18,7 +18,8 @@ const _loadStreamExtensionIfNeeded = () => {
 const streamExtension = _loadStreamExtensionIfNeeded()
 
 function hasStreamInsert(insert, model) {
-  if (!model) return true
+  if (!model) return false
+
   const name = insert.into.ref ? insert.into.ref[0] : insert.into
   const into = model.definitions[ensureNoDraftsSuffix(name)]
   if (!into) return false
@@ -38,9 +39,7 @@ function hasStreamInsert(insert, model) {
 }
 
 function hasStreamUpdate(update, model) {
-  if (!model) {
-    return true
-  }
+  if (!model) return false
 
   const entity = model.definitions[ensureNoDraftsSuffix((update.entity.ref && update.entity.ref[0]) || update.entity)]
   if (!entity) return false

package/libx/rest/RestAdapter.js

@@ -194,12 +194,12 @@ const RestAdapter = function (srv) {
 
   // -----------------------------------------------------------------------------------------
   // error handling
-  router.use((err, req, res, next) => {
+  router.use(async (err, req, res, next) => {
     // REVISIT: should not be neccessary!
     // request may fail during processing or during commit -> both caught here
 
     // REVISIT: rollback needed if error occured before commit attempted -> how to distinguish?
-    cds.context?.tx?.rollback(err).catch(() => {}) // REVISIT: silently ?!?
+    await cds.context?.tx?.rollback(err).catch(() => {}) // REVISIT: silently ?!?
 
     next(err)
   })

package/libx/rest/middleware/error.js

@@ -39,13 +39,16 @@ const _log = err => {
 module.exports = (err, req, res, next) => {
   const { _srv: srv } = req
 
+  // REVISIT: invoking service.on('error') handlers needs a cleanup with new protocol adapters!!!
   // invoke srv.on('error', function (err, req) { ... }) here in special situations
   let ctx = cds.context
   if (!ctx) {
     // > error before req was dispatched
     ctx = new cds.Request({ req, res: req.res, user: req.user || new cds.User.Anonymous() })
+    for (const each of srv._handlers._error) each.handler.call(srv, err, ctx)
+  } else if (ctx._tx?._done !== 'rolled back') {
+    for (const each of srv._handlers._error) each.handler.call(srv, err, ctx)
   }
-  for (const each of srv._handlers._error) each.handler.call(srv, err, ctx)
 
   // log the error (4xx -> warn)
   _log(err)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sap/cds",
-  "version": "7.0.1",
+  "version": "7.0.3",
   "description": "SAP Cloud Application Programming Model - CDS for Node.js",
   "homepage": "https://cap.cloud.sap/",
   "keywords": [