@sap/cds 7.3.0 → 7.4.0

package/libx/_runtime/fiori/lean-draft.js

@@ -1,5 +1,7 @@
 const cds = require('../cds'),
   { Object_keys } = cds.utils
+const { getTransition } = require('../common/utils/resolveView')
+const { getKeyData } = require('./utils/where')
 const LOG = cds.log('fiori|drafts')
 const original = Symbol('original')
 const DRAFT_PARAMS = Symbol('draftParams')
@@ -12,9 +14,9 @@ const DRAFT_ELEMENTS = new Set([
   'DraftAdministrativeData_DraftUUID',
   'SiblingEntity'
 ])
-
+const DRAFT_ELEMENTS_WITHOUT_HASACTIVE = new Set(DRAFT_ELEMENTS)
+DRAFT_ELEMENTS_WITHOUT_HASACTIVE.delete('HasActiveEntity')
 const REDUCED_DRAFT_ELEMENTS = new Set(['IsActiveEntity', 'HasDraftEntity', 'SiblingEntity'])
-
 const DRAFT_ADMIN_ELEMENTS = [
   'DraftUUID',
   'LastChangedByUser',
@@ -41,16 +43,14 @@ const _fillIsActiveEntity = (row, IsActiveEntity, target) => {
 /// It's important to wait for the completion of all promises, otherwise a rollback might happen too soon
 const _promiseAll = async array => {
   const results = await Promise.allSettled(array)
-  const e = results.find(r => r.status === 'rejected')
-  if (e) throw e.reason
-  return results.map(r => r.value)
+  const firstRejected = results.find(response => response.status === 'rejected')
+  if (firstRejected) throw firstRejected.reason
+  return results.map(result => result.value)
 }
 
 const _isCount = query => query.SELECT.columns?.length === 1 && query.SELECT.columns[0].func === 'count'
-
-const entity_keys = e => {
-  return Object_keys(e.keys).filter(k => k !== 'IsActiveEntity' && !e.keys[k].isAssociation)
-}
+const entity_keys = entity =>
+  Object_keys(entity.keys).filter(key => key !== 'IsActiveEntity' && !entity.keys[key].isAssociation)
 
 const _inProcessByUserXpr = lockShiftedNow => ({
   xpr: [
@@ -98,9 +98,13 @@ cds.ApplicationService.prototype.handle = async function (req) {
 
   if (
     !req.query ||
-    req.query.UPSERT || // skip UPSERTs (might have an additional INSERT)
-    (!req.query.SELECT && !req.query.INSERT && !req.query.UPDATE && !req.query.DELETE && !req.query.STREAM) ||
-    req.query[DRAFT_PARAMS]
+    req.query[DRAFT_PARAMS] ||
+    (!req.query.SELECT &&
+      !req.query.INSERT &&
+      // !req.query.UPSERT && // skip UPSERTs (might have an additional INSERT)
+      !req.query.UPDATE &&
+      !req.query.DELETE &&
+      !req.query.STREAM)
   ) {
     return handle(req)
   }
@@ -119,8 +123,8 @@ cds.ApplicationService.prototype.handle = async function (req) {
   const _newReq = (req, query, draftParams, { event, headers }) => {
     // REVISIT: This is a bit hacky -> better way?
     query._target = undefined
+    query.target = undefined
     query[DRAFT_PARAMS] = draftParams
-    cds.infer(query, this.model.definitions)
 
     // REVISIT: This is extremely bad. We should be able to just create a copy without such hacks.
     const _req = cds.Request.for(req._) // REVISIT: this causes req._.data of WRITE reqs copied to READ reqs
@@ -133,6 +137,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
     // If we create a `READ` event based on a modifying request, we delete data
     if (event === 'READ' && req.event !== 'READ') delete _req.data // which we fix here -> but this is an ugly workaround
 
+    _req.target = cds.infer(query, this.model.definitions)
     _req.query = query
     _req.event =
       event ||
@@ -141,7 +146,6 @@ cds.ApplicationService.prototype.handle = async function (req) {
       (query.UPDATE && 'UPDATE') ||
       (query.DELETE && 'DELETE') ||
       req.event
-    _req.target = query._target
     _req.params = req.params
     _req._ = Object.assign({}, req._ || {})
     _req._.params = req.params
@@ -224,18 +228,8 @@ cds.ApplicationService.prototype.handle = async function (req) {
     const inProcessByUser = draft?.DraftAdministrativeData?.InProcessByUser
     if (inProcessByUser && inProcessByUser !== cds.context.user.id)
       req.reject(403, 'DRAFT_LOCKED_BY_ANOTHER_USER', [inProcessByUser])
-    const deletes = [run(DELETE.from({ ref: query.DELETE.from.ref }))]
-    if (draft)
-      deletes.push(
-        DELETE.from(req.target.drafts).where({
-          DraftAdministrativeData_DraftUUID: draft.DraftAdministrativeData_DraftUUID
-        })
-      )
-    if (draft && req.target['@Common.DraftRoot.ActivationAction'])
-      deletes.push(
-        DELETE.from('DRAFT.DraftAdministrativeData').where({ DraftUUID: draft.DraftAdministrativeData_DraftUUID })
-      )
-    await _promiseAll(deletes)
+    if (draft) req.reject(403, 'DRAFT_ACTIVE_DELETE_FORBIDDEN_DRAFT_EXISTS')
+    await run(DELETE.from({ ref: query.DELETE.from.ref }))
     return req.data
   }
 
@@ -247,13 +241,13 @@ cds.ApplicationService.prototype.handle = async function (req) {
       req.reject(400, 'Action "draftActivate" can only be called on the root draft entity')
     }
     const targetDraft = req.target.drafts
-    const targetWhere = query.SELECT.from.ref[0].where
     const cols = expandStarStar(targetDraft)
     // Use `run` (since also etags might need to be checked)
     // REVISIT: Find a better approach (`etag` as part of CQN?)
+    const draftRef = _redirectRefToDrafts(query.SELECT.from.ref, this.model)
     const res = await run(
       SELECT.one
-        .from({ ref: _redirectRefToDrafts(query.SELECT.from.ref, this.model) })
+        .from({ ref: draftRef })
         .columns(cols)
         .columns([
           'HasActiveEntity',
@@ -271,11 +265,13 @@ cds.ApplicationService.prototype.handle = async function (req) {
     delete res.HasActiveEntity
     // First run the handlers as they might need access to DraftAdministrativeData or the draft entities
     const result = await run(
-      HasActiveEntity ? UPDATE(req.target).data(res).where(targetWhere) : INSERT.into(req.target).entries(res),
+      HasActiveEntity
+        ? UPDATE({ ref: query.SELECT.from.ref }).data(res)
+        : INSERT.into({ ref: query.SELECT.from.ref }).entries(res),
       { headers: Object.assign({}, req.headers, { 'if-match': '*' }) }
     )
     await _promiseAll([
-      DELETE.from(targetDraft).where(targetWhere),
+      DELETE.from({ ref: draftRef }),
       DELETE.from('DRAFT.DraftAdministrativeData').where({ DraftUUID: DraftAdministrativeData_DraftUUID })
     ])
 
@@ -407,6 +403,7 @@ const Read = {
     })
     return _requested(actives, query)
   },
+
   unchanged: async function (run, query) {
     LOG.debug('List Editing Status: Unchanged')
     const draftsQuery = query._drafts
@@ -421,6 +418,7 @@ const Read = {
     })
     return _requested(res, query)
   },
+
   ownDrafts: async function (run, query) {
     LOG.debug('List Editing Status: Own Draft')
 
@@ -453,6 +451,7 @@ const Read = {
     })
     return _requested(drafts, query)
   },
+
   all: async function (run, query) {
     LOG.debug('List Editing Status: All')
     if (!query._drafts) return []
@@ -518,10 +517,11 @@ const Read = {
       }
       _fillIsActiveEntity(row, true, query._target)
     })
-    const res = isFirstPage ? [...ownNewDrafts, ...ownEditDrafts, ...actives] : actives
+    const res = isFirstPage ? [...ownDrafts, ...actives] : actives
     if (query.SELECT.count) res.$count = count
     return _requested(res, query)
   },
+
   activesFromDrafts: async function (run, query, { isLocked = true }) {
     const draftsQuery = query._drafts
     const additionalCols = draftsQuery.SELECT.columns
@@ -550,15 +550,19 @@ const Read = {
     })
     return _requested(actives, query)
   },
+
   unsavedChangesByAnotherUser: async function (run, query) {
     LOG.debug('List Editing Status: Unsaved Changes by Another User')
     return Read.activesFromDrafts(run, query, { isLocked: false })
   },
+
   lockedByAnotherUser: async function (run, query) {
     LOG.debug('List Editing Status: Locked by Another User')
     return Read.activesFromDrafts(run, query, { isLocked: true })
   },
+
   whereNotIn: (target, data) => Read.whereIn(target, data, true),
+
   whereIn: (target, data, not = false) => {
     const keys = entity_keys(target)
     const dataArray = data ? (Array.isArray(data) ? data : [data]) : []
@@ -568,6 +572,7 @@ const Read = {
     const right = { list: dataArray.map(r => ({ list: keys.map(k => ({ val: r[k] })) })) }
     return [left, ...op, right]
   },
+
   complementaryDrafts: (query, _actives) => {
     const actives = Array.isArray(_actives) ? _actives : [_actives]
     if (!actives.length) return []
@@ -587,7 +592,9 @@ const Read = {
     drafts.SELECT.one = undefined
     return drafts
   },
+
   _makeArray: data => (Array.isArray(data) ? data : data ? [data] : []),
+
   _index: (target, data) => {
     // Indexes the data for fast key access
     const dataArray = Read._makeArray(data)
@@ -600,6 +607,7 @@ const Read = {
     for (const row of dataArray) hashMap.set(hash(row), row)
     return { hashMap, hash }
   },
+
   // Calls `cb` for each entry of data with a potential counterpart in otherData
   merge: (target, data, otherData, cb) => {
     const dataArray = Read._makeArray(data)
@@ -611,6 +619,7 @@ const Read = {
       cb(row, other)
     }
   },
+
   // Deletes entries of data with a counterpart in otherData
   delete: (target, data, otherData) => {
     if (!Array.isArray(data) || !data.length) return
@@ -673,6 +682,12 @@ function _cleansed(query, model) {
       if (query.SELECT.columns && query._target.drafts)
         draftsQuery.SELECT.columns = _cleanseCols(query.SELECT.columns, REDUCED_DRAFT_ELEMENTS, draft)
 
+      if (query.SELECT.where && query._target.drafts)
+        draftsQuery.SELECT.where = _cleanseWhere(query.SELECT.where, {}, DRAFT_ELEMENTS_WITHOUT_HASACTIVE)
+
+      if (query.SELECT.orderBy && query._target.drafts)
+        draftsQuery.SELECT.orderBy = _cleanseWhere(query.SELECT.orderBy, {}, REDUCED_DRAFT_ELEMENTS)
+
       if (draftsQuery._target.name.endsWith('.DraftAdministrativeData')) {
         draftsQuery.SELECT.columns = _tweakAdminCols(draftsQuery.SELECT.columns)
       } else if (draftsQuery._target?.name.endsWith('.drafts')) {
@@ -712,7 +727,7 @@ function _cleansed(query, model) {
       const cleansedRef = ref.map(r => {
         entity = (entity && entity.elements[r.id || r]._target) || model.definitions[r.id || r]
         if (!entity?.drafts) return r
-        return r.where ? { ...r, where: _cleanseWhere(r.where, draftParams) } : r
+        return r.where ? { ...r, where: _cleanseWhere(r.where, draftParams, DRAFT_ELEMENTS) } : r
       })
       if (q.SELECT) q.SELECT.from = { ...q.SELECT.from, ref: cleansedRef }
       else if (q.DELETE) q.DELETE.from = { ...q.DELETE.from, ref: cleansedRef }
@@ -730,8 +745,8 @@ function _cleansed(query, model) {
       }
     }
 
-    if (target.drafts && cqn.where) cqn.where = _cleanseWhere(cqn.where, draftParams)
-    if (target.drafts && cqn.orderBy) cqn.orderBy = _cleanseWhere(cqn.orderBy, {})
+    if (target.drafts && cqn.where) cqn.where = _cleanseWhere(cqn.where, draftParams, DRAFT_ELEMENTS)
+    if (target.drafts && cqn.orderBy) cqn.orderBy = _cleanseWhere(cqn.orderBy, {}, DRAFT_ELEMENTS)
     if (cqn.columns) cqn.columns = _cleanseCols(cqn.columns, DRAFT_ELEMENTS, target)
     return q
   }
@@ -800,15 +815,15 @@ function _cleansed(query, model) {
     })
   }
 
-  function _cleanseWhere(xpr, draftParams) {
+  function _cleanseWhere(xpr, draftParams, ignoredElements) {
     const cleansed = []
     for (let i = 0; i < xpr.length; ++i) {
       let x = xpr[i]
       const e = x.ref?.[0]
-      if (DRAFT_ELEMENTS.has(e) && !xpr[i + 2]) {
+      if (ignoredElements.has(e) && !xpr[i + 2]) {
         continue
       }
-      if (DRAFT_ELEMENTS.has(e) && xpr[i + 2]) {
+      if (ignoredElements.has(e) && xpr[i + 2]) {
         let { val } = xpr[i + 2]
         draftParams[x.ref.join('_')] = xpr[i + 1] === '!=' ? (typeof val === 'boolean' ? !val : 'not ' + val) : val
         i += 2
@@ -817,7 +832,7 @@ function _cleansed(query, model) {
         continue
       }
       if (x.xpr) {
-        x = { xpr: _cleanseWhere(x.xpr, draftParams) }
+        x = { xpr: _cleanseWhere(x.xpr, draftParams, ignoredElements) }
         if (!x.xpr) {
           i += 1
           continue
@@ -930,18 +945,20 @@ async function onNew(req) {
 
 async function onEdit(req) {
   LOG.debug('edit active')
+
   // use symbol for _draftParams
   const draftParams = req.query[DRAFT_PARAMS]
   if (req.query.SELECT.from.ref.length > 1 || draftParams.IsActiveEntity !== true) {
     req.reject(400, 'Action "draftEdit" can only be called on the root active entity')
   }
+
   if (
     req.target['@Capabilities.UpdateRestrictions.Updatable'] === false ||
     req.target['@insertonly'] ||
     req.target['@readonly']
-  )
+  ) {
     req.reject(405)
-  const targetWhere = req.query.SELECT.from.ref[0].where
+  }
 
   if (draftParams.IsActiveEntity !== true) req.reject(400)
 
@@ -963,34 +980,92 @@ async function onEdit(req) {
   }
   _addDraftColumns(req.target, cols)
 
-  const existingDraft = SELECT.one(req.target.drafts)
-    .columns({ ref: ['DraftAdministrativeData'], expand: [_inProcessByUserXpr(_lock.shiftedNow)] })
-    .where(targetWhere)
+  const draftsRef = _redirectRefToDrafts(req.query.SELECT.from.ref, this.model)
+  const existingDraft = SELECT.one({ ref: draftsRef }).columns({
+    ref: ['DraftAdministrativeData'],
+    expand: [_inProcessByUserXpr(_lock.shiftedNow)]
+  })
+
   // prevent service to check for own user
   existingDraft[DRAFT_PARAMS] = draftParams
 
-  const activeCQN = SELECT.one.from(req.target).columns(cols).where(targetWhere)
-  activeCQN.SELECT.localized = false
-
-  const activeCheck = SELECT.one(req.target).columns([1]).where(targetWhere).forUpdate()
-  activeCheck[DRAFT_PARAMS] = draftParams
-  // It's not possible to use `FOR UPDATE` in HANA if the view contains joins/unions. Unfortunately, we can't resolve the table entity
-  // because we must trigger the app-service request on the target entity (which could be delegated to a remote service).
-  // The best we can do is to catch a potential error
-  try {
-    await activeCheck
-  } catch {} // eslint-disable-line no-empty
-
-  const [res, draft] = await _promiseAll([
-    // REVISIT: inofficial compat flag just in case it breaks something -> do not document
-    cds.env.fiori.read_actives_from_db ? this._datasource.run(activeCQN) : this.run(activeCQN),
-    // no user check must be done here...
-    existingDraft
-  ])
+  const selectActiveCQN = SELECT.one.from({ ref: req.query.SELECT.from.ref }).columns(cols)
+  selectActiveCQN.SELECT.localized = false
+
+  let res, draft
+
+  // Ensure exclusive access to the record of the active entity by applying a lock,
+  // which effectively prevents the creation or overwriting of duplicate draft entities.
+  // This lock mechanism enforces a strict processing order for active entities,
+  // allowing only one entity to be worked on at any given time.
+  // By using .forUpdate() with a wait value of 0, we immediately lock the record,
+  // ensuring there is no waiting time for other users attempting to edit the same record
+  // concurrently.
+  if (this._datasource === cds.db) {
+    const keys = entity_keys(req.target)
+    const keyData = getKeyData(keys, req.query.SELECT.from.ref[0].where)
+    const rootWhere = keys.reduce((res, key) => {
+      res[key] = keyData[key]
+      return res
+    }, {})
+    const transition = getTransition(req.target, cds.db)
+
+    // gets the underlying target entity, as record locking can't be
+    // applied to localized views
+    const lockTarget = transition.target
+    const lockWhere =
+      transition.mapping.size === 0
+        ? rootWhere
+        : (() => {
+            const whereKeys = Object.keys(rootWhere)
+            const w = {}
+            whereKeys.forEach(key => {
+              const mappedKey = transition.mapping.get(key)
+              const lockKey = mappedKey ? mappedKey.ref[0] : key
+              w[lockKey] = rootWhere[key]
+            })
+            return w
+          })()
+    const activeLockCQN = SELECT.from(lockTarget, [1]).where(lockWhere).forUpdate({ wait: 0 })
+    activeLockCQN[DRAFT_PARAMS] = draftParams
+
+    try {
+      await this.run(activeLockCQN)
+    } catch (e) {
+      const draft = await this.run(existingDraft)
+      if (draft) req.reject(409, 'DRAFT_ALREADY_EXISTS')
+      req.reject(409, 'ENTITY_LOCKED')
+    }
+
+    const cqns = [
+      cds.env.fiori.read_actives_from_db ? this._datasource.run(selectActiveCQN) : this.run(selectActiveCQN),
+      this.run(existingDraft)
+    ]
+
+    ;[res, draft] = await _promiseAll(cqns)
+  } else {
+    const activeLockCQN = SELECT.from({ ref: req.query.SELECT.from.ref }, [1]).forUpdate({ wait: 0 })
+    activeLockCQN[DRAFT_PARAMS] = draftParams
+
+    // Locking the underlying database table is effective only when the database is not
+    // hosted on an external service. This is because the active data might be stored in
+    // a separate system.
+    try {
+      await activeLockCQN
+    } catch {} // eslint-disable-line no-empty
+
+    ;[res, draft] = await _promiseAll([
+      // REVISIT: inofficial compat flag just in case it breaks something -> do not document
+      cds.env.fiori.read_actives_from_db ? this._datasource.run(selectActiveCQN) : this.run(selectActiveCQN),
+      // no user check must be done here...
+      existingDraft
+    ])
+  }
 
   if (!res) req.reject(404)
   const preserveChanges = req.context?.data?.PreserveChanges
   const inProcessByUser = draft?.DraftAdministrativeData?.InProcessByUser
+
   if (draft) {
     if (inProcessByUser || preserveChanges) req.reject(409, 'DRAFT_ALREADY_EXISTS')
     const keys = {}
@@ -1037,14 +1112,17 @@ async function onCancel(req) {
     .from({ ref: req.query.DELETE.from.ref })
     .columns([
       'DraftAdministrativeData_DraftUUID',
-      { ref: ['DraftAdministrativeData'], expand: [{ ref: ['InProcessByUser'] }] }
+      { ref: ['DraftAdministrativeData'], expand: [_inProcessByUserXpr(_lock.shiftedNow)] }
     ])
   if (req._etagValidationClause) draftQuery.where(req._etagValidationClause)
   // do not add InProcessByUser restriction
   const draft = await draftQuery
   if (draftParams.IsActiveEntity === false && !draft) req.reject(req._etagValidationType ? 412 : 404)
-  if (draft && draft.DraftAdministrativeData?.InProcessByUser !== cds.context.user.id)
-    req.reject(403, 'DRAFT_LOCKED_BY_ANOTHER_USER', [draft.DraftAdministrativeData?.InProcessByUser])
+  if (draft) {
+    const processByUser = draft.DraftAdministrativeData?.InProcessByUser
+    if (processByUser && processByUser !== cds.context.user.id)
+      req.reject(403, 'DRAFT_LOCKED_BY_ANOTHER_USER', [processByUser])
+  }
   const queries = !draft ? [] : [this.run(DELETE.from({ ref: req.query.DELETE.from.ref }))]
   if (draft && req.target['@Common.DraftRoot.ActivationAction'])
     // only for draft root

package/libx/_runtime/fiori/utils/delete.js

@@ -1,4 +1,5 @@
 const cds = require('../../cds')
+const getError = require('../../common/error')
 const { SELECT, DELETE } = cds.ql
 
 const { isDraftRootEntity } = require('./csn')
@@ -39,8 +40,13 @@ const deleteDraft = async (req, srv, includingActive = false) => {
   const dbtx = cds.tx(req)
   const definitions = srv.model.definitions
 
+  const where = req.query.DELETE.from.ref?.[req.query.DELETE.from.ref.length - 1].where
+  if (!where) {
+    req.reject(getError(500, 'Invalid delete draft request'))
+  }
+
   // REVISIT: how to handle delete of to 1 assoc
-  const keys = extractKeyConditions(req.query.DELETE.from.ref[req.query.DELETE.from.ref.length - 1].where)
+  const keys = extractKeyConditions(where)
 
   // IsActiveEntity is deleted from where clause in auth.js, hence keys.IsActiveEntity is undefined here.
   // Intentional?

package/libx/_runtime/fiori/utils/handler.js

@@ -1,4 +1,5 @@
 const cds = require('../../cds')
+const { Object_keys } = cds.utils
 const { UPDATE, SELECT } = cds.ql
 const { getColumns } = require('../../cds-services/services/utils/columns')
 const { ensureNoDraftsSuffix, ensureDraftsSuffix, ensureUnlocalized } = require('../../common/utils/draft')
@@ -241,11 +242,8 @@ const draftIsLocked = lastChangedAt => {
   return DRAFT_CANCEL_TIMEOUT_IN_MS > Date.now() - Date.parse(lastChangedAt)
 }
 
-const filterKeys = keys => {
-  return Object.keys(keys).filter(key => {
-    return key !== 'IsActiveEntity' && !keys[key]._isAssociationStrict
-  })
-}
+const entity_keys = entity =>
+  Object_keys(entity.keys).filter(key => key !== 'IsActiveEntity' && !entity.keys[key]._isAssociationStrict)
 
 module.exports = {
   getSubCQNs,
@@ -260,7 +258,7 @@ module.exports = {
   proxifyToNoDraftsName,
   addColumnAlias,
   replaceRefWithDraft,
-  filterKeys,
+  entity_keys,
   getDeleteDraftAdminCqn,
   getCompositionTargets
 }

package/libx/_runtime/fiori/utils/lockInfo.js

@@ -0,0 +1,27 @@
+const cds = require('../../cds')
+const { getTransition } = require('../../common/utils/resolveView')
+const { getKeyData, getLockWhere } = require('../utils/where')
+const { entity_keys } = require('../utils/handler')
+
+const getLockInfo = (req, dataSource) => {
+  const keys = entity_keys(req.target)
+  const keyData = getKeyData(keys, req.query.SELECT.from.ref[0].where)
+  const rootWhere = keys.reduce((res, key) => {
+    res[key] = keyData[key]
+    return res
+  }, {})
+
+  if (dataSource === undefined || dataSource === cds.db) {
+    const transition = getTransition(req.target, cds.db)
+
+    // gets the underlying target entity, as record locking can't be
+    // applied to localized views
+    const target = transition.target
+    const where = getLockWhere(rootWhere, transition.mapping)
+    return { target, where, rootWhere }
+  }
+
+  return { target: req.target, where: req.query.SELECT.from.ref[0].where, rootWhere }
+}
+
+module.exports = getLockInfo

package/libx/_runtime/fiori/utils/where.js

@@ -26,19 +26,23 @@ const _calculateSpliceArgs = (index, whereCondition, isXpr = false) => {
   if (whereCondition[index - 1] in AND_OR) {
     return { index: index - 1, count: 1 + len }
   }
+
   if (whereCondition[index + len] in AND_OR) {
     return { index: index, count: len + 1 }
   }
+
   if (whereCondition[index - 1] === '(' && whereCondition[index + len] === ')') {
     if (whereCondition[index - 2] in AND_OR) {
       return { index: index - 2, count: len + 3 }
     }
+
     if (whereCondition[index + len + 1] in AND_OR) {
       return { index: index - 1, count: len + 3 }
     }
 
     return { index: index - 1, count: len + 2 }
   }
+
   return { index: index, count: len }
 }
 
@@ -224,6 +228,20 @@ const getKeysCondition = req => {
   return where
 }
 
+const getLockWhere = (where, columnsMap) => {
+  if (columnsMap.size === 0) return where
+  const whereKeys = Object.keys(where)
+  const lockWhere = {}
+
+  whereKeys.forEach(key => {
+    const mappedKey = columnsMap.get(key)
+    const lockKey = mappedKey ? mappedKey.ref[0] : key
+    lockWhere[lockKey] = where[key]
+  })
+
+  return lockWhere
+}
+
 module.exports = {
   deleteCondition,
   readAndDeleteKeywords,
@@ -231,5 +249,6 @@ module.exports = {
   isActiveEntityRequested,
   getKeyData,
   extractKeyConditions,
-  getKeysCondition
+  getKeysCondition,
+  getLockWhere
 }

package/libx/_runtime/messaging/AMQPWebhookMessaging.js

@@ -24,7 +24,8 @@ class AMQPWebhookMessaging extends MessagingService {
     return super.init()
   }
 
-  async emit(msg) {
+  async handle(msg) {
+    if (msg.inbound) return super.handle(msg)
     const _msg = this.message4(msg)
     const client = this.getClient()
     await this.queued(() => {})()
@@ -50,7 +51,7 @@ class AMQPWebhookMessaging extends MessagingService {
       if (!msg._) msg._ = {}
       msg._.topic = _topic
       try {
-        await super.emit(msg)
+        await this.tx({ user: cds.User.privileged, tenant: msg.tenant, _: msg._ }, tx => tx.emit(msg))
         done()
       } catch (e) {
         // In case of AMQP and Solace, the `failed` callback must be called

package/libx/_runtime/messaging/Outbox.js

@@ -1,53 +1,18 @@
 const cds = require('../cds')
+const LOG = cds.log()
 
-const {
-  processMessages,
-  registerMessageProcessor,
-  writeInOutbox,
-  hasPersistentOutbox,
-  isUnrecoverable
-} = require('./outbox/utils')
+let logged
 
-class OutboxService extends cds.Service {
-  // eslint-disable-next-line require-await
-  async init() {
-    // REVISIT: add 'outbox' to list of module names?
-    const LOG = cds.log(this.name)
-
-    // REVISIT: Also allow to overwrite this.send
-    this._emitImmediate = this.emit
-    this.emit = async function (...args) {
-      const msg = typeof args[0] === 'object' ? args[0] : { event: args[0], data: args[1], headers: args[2] }
-      const context = this.context || cds.context
-      if (this.options.outbox && context) {
-        const outboxOpts = Object.assign(
-          {},
-          (typeof cds.requires.outbox === 'object' && cds.requires.outbox) || {},
-          (this.options && typeof this.options.outbox === 'object' && this.options.outbox) || {}
-        )
-        if (hasPersistentOutbox(this, context.tenant)) {
-          // returns true if not yet registered
-          if (registerMessageProcessor(this.name, context)) {
-            context.on('succeeded', () => processMessages(this, context.tenant, outboxOpts))
-          }
-          await writeInOutbox(this.name, msg, context)
-          return
-        }
-        // Revisit: Also allow maxAttempts?
-        context.on('succeeded', async () => {
-          try {
-            await this._emitImmediate(msg)
-          } catch (e) {
-            LOG.error('Emit failed', { event: msg.event, cause: e })
-            // opts.crashOnError is not official!!!
-            if (isUnrecoverable(this, e) && outboxOpts.crashOnError !== false) cds.exit(1)
-          }
-        })
-        return
-      }
-      return this._emitImmediate(msg)
+module.exports = class Outbox extends cds.Service {
+  constructor(...args) {
+    if (!logged && LOG._warn) {
+      // prettier-ignore
+      LOG.warn('Internal class `OutboxService` is deprecated and will be removed. Services are outboxable via config or `cds.outboxed()`.')
+      logged = true
     }
+
+    super(...args)
+
+    if (this.options.outbox) return cds.outboxed(this)
   }
 }
-
-module.exports = OutboxService

package/libx/_runtime/messaging/common-utils/AMQPClient.js

@@ -2,7 +2,6 @@ const cds = require('../../cds.js')
 // eslint-disable-next-line cds/no-missing-dependencies -- needs to be added by app dev
 const ClientAmqp = require('@sap/xb-msg-amqp-v100').Client
 const { connect, disconnect } = require('./connections')
-const { hasPersistentOutbox } = require('../outbox/utils')
 
 const addDataListener = (client, queue, prefix, cb) =>
   new Promise(resolve => {
@@ -79,8 +78,7 @@ class AMQPClient {
   async emit(msg) {
     if (!this.client) await this.connect()
     // REVISIT: Is this a robust way to find out if the connection is working?
-    if (hasPersistentOutbox(this.service, cds.context && cds.context.tenant) && !this.sender.opened())
-      throw new Error('AMQP: Sender is not open')
+    if (msg._fromOutbox && !this.sender.opened()) throw new Error('AMQP: Sender is not open')
     await emit(msg, this.stream, this.prefix.topic, this.service.LOG)
     if (!this.keepAlive) return this.disconnect()
   }