@sap/cds 7.6.4 → 7.7.1

package/libx/odata/middleware/delete.js

@@ -0,0 +1,38 @@
+const cds = require('../../../')
+const { UPDATE, DELETE } = cds.ql
+
+const { odataError, getKeysFromPath } = require('../utils')
+
+module.exports = srv =>
+  function deleete(req, res, next) {
+    if (req._preferReturn) {
+      const message = `The 'return' preference is not allowed in ${req.method} requests`
+      return res.status(400).json({ error: { code: '400', message } })
+    }
+
+    const { _query: query } = req
+
+    const {
+      SELECT: { one, from }
+    } = query
+
+    if (!one) {
+      // REVISIT: don't use "ENTITY.COLLECTION" as that's an okra term
+      return res.status(405).json(odataError('405', `Method DELETE not allowed for ENTITY.COLLECTION`))
+    }
+
+    // for read and delete, we provide keys in req.data
+    const data = getKeysFromPath(query.SELECT.from, srv)
+
+    // REVISIT: better
+    if (query._propertyAccess) data[query._propertyAccess] = null
+
+    // REVISIT: maybe also just dispatch a cds request here?
+    return srv
+      .run(query._propertyAccess ? UPDATE(from).set({ [query._propertyAccess]: null }) : DELETE.from(from), data)
+      .then(result => {
+        if (result === 0) return res.status(404).json({ error: { code: '404', message: 'Not Found' } })
+        res.sendStatus(204)
+      })
+      .catch(next)
+  }

package/libx/odata/middleware/error.js

@@ -0,0 +1,8 @@
+const { normalizeError } = require('../../_runtime/common/error/frontend')
+
+module.exports = _srv => (err, req, res, _next) => {
+  const { error, statusCode } = normalizeError(err, req)
+
+  // NOTE: normalizeError already does sanatization -> we can use as is
+  res.status(statusCode).json({ error })
+}

package/libx/odata/{metadata.js → middleware/metadata.js}

@@ -1,7 +1,9 @@
-const cds = require('../../lib')
+const cds = require('../../../')
 const LOG = cds.log('odata')
+
 const crypto = require('crypto')
-const { odataError } = require('./utils')
+
+const { odataError } = require('../utils')
 
 const _requestedFormat = (queryOption, header) => {
   if (queryOption) return queryOption.match(/json/i) ? 'json' : 'xml'
@@ -91,10 +93,10 @@ module.exports = srv =>
         // REVISIT: remove check later
         if (mpSupportsEmptyLocale()) {
           // If no extensibility nor fts, do not provide model to mtxs
-          const modelNeeded =
-            cds.env.requires.extensibility ||
-            (cds.env.requires.toggles && Object.keys(cds.context.features || {}).length)
-          edmx = metadataCache.edm || (await mps.getEdmx({ tenant, model: modelNeeded && srv.model, service: srv.definition.name }))
+          const modelNeeded = cds.env.requires.extensibility || cds.context.features?.given
+          edmx =
+            metadataCache.edm ||
+            (await mps.getEdmx({ tenant, model: modelNeeded && srv.model, service: srv.definition.name }))
           metadataCache.edm = edmx
           const extBundle = cds.env.requires.extensibility && (await mps.getI18n({ tenant, locale }))
           edmx = cds.localize(srv.model, locale, edmx, extBundle)

package/libx/odata/middleware/operation.js

@@ -0,0 +1,78 @@
+const cds = require('../../../')
+
+const { toODataResult } = require('../utils/result')
+const { cds2edm } = require('../utils')
+
+const { deepCopy } = require('../../_runtime/common/utils/copy')
+
+// REVISIT: move to or rewrite in libx/odata
+const metaInfo = require('../../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
+
+module.exports = srv => (req, res, next) => {
+  let { operation, args } = req._query.SELECT.from.ref.slice(-1)[0]
+  if (!operation) return next() //> create or read
+
+  // unbound vs. bound
+  let entity
+  if (srv.model.definitions[operation]) {
+    operation = srv.model.definitions[operation]
+  } else {
+    req._query.SELECT.from.ref.pop()
+    // TODO: this does not work when navigating to the entity
+    const lastRef = req._query.SELECT.from.ref.slice(-1)[0]
+    entity = lastRef.id || lastRef
+    entity = srv.model.definitions[entity]
+    operation = entity.actions[operation]
+  }
+
+  const data = args || deepCopy(req.body)
+
+  // assert payload
+  const assertOptions = { filter: true, http: { req }, mandatories: true }
+  const errs = cds.assert(data, operation, assertOptions)
+  if (errs) {
+    if (errs.length === 1) throw errs[0]
+    throw Object.assign(new Error('MULTIPLE_ERRORS'), { statusCode: 400, details: errs })
+  }
+
+  // REVISIT: when is operation.name actually prefixed with the service name?
+  const event = operation.name.replace(`${srv.name}.`, '')
+
+  // TODO: params
+  const cdsReq = new cds.Request({ query: entity ? req._query : undefined, event, data, params: [] })
+
+  srv
+    .dispatch(cdsReq)
+    .then(result => {
+      // REVISIT:  result === undefined valid for modelled return type?
+      if (!operation.returns || result === undefined) return res.sendStatus(204)
+
+      if (operation.returns._type?.match?.(/^cds\./)) {
+        // TODO: check result type
+        return res.json({
+          '@odata.context': `${entity ? '../' : ''}$metadata#${cds2edm[operation.returns._type]}`,
+          value: result
+        })
+      }
+
+      const assertOptions = { mandatories: true } //> TODO: more needed?
+      // TODO: error targets are not correct if return type is "many X"
+      const assertDefinition = operation.returns.items || operation.returns
+      const errs = cds.assert(result, assertDefinition, assertOptions)
+      if (errs) {
+        // TODO: proper error handling
+      }
+
+      const info = metaInfo(req._query, event, srv, result, req)
+      // FIXME: info.metadata.isCollection is incorrect for draftActivate
+      if (event === 'draftActivate') info.metadata.isCollection = false
+      result = toODataResult(result, info)
+
+      // TODO: toODataResult() doesn't seem to handle this case
+      if (entity && !result['@odata.context'].match(/^\.\.\//))
+        result['@odata.context'] = '../' + result['@odata.context']
+
+      res.json(result)
+    })
+    .catch(next)
+}

package/libx/odata/middleware/parse.js

@@ -0,0 +1,11 @@
+const cds = require('../../../')
+
+module.exports = srv => (req, _, next) => {
+  // if not a GET, use req.path instead of req.url to ignore query parameters
+  req._query = cds.odata.parse(req.method === 'GET' ? req.url : req.path, { service: srv, baseUrl: req.baseUrl })
+
+  const preferReturn = req.headers.prefer?.match(/\W?return=(\w+)/i)
+  if (preferReturn) req._preferReturn = preferReturn[1]
+
+  next()
+}

package/libx/odata/{read.js → middleware/read.js}

@@ -1,8 +1,13 @@
-const metaInfo = require('../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
-const cds = require('../../')
-const { toODataResult } = require('./result')
+const cds = require('../../../')
+const { toODataResult } = require('../utils/result')
 const querystring = require('node:querystring')
-const { getPageSize } = require('../_runtime/common/generic/paging')
+const { getPageSize } = require('../../_runtime/common/generic/paging')
+const { handleStreamProperties } = require('../../_runtime/common/utils/streamProp')
+
+const { getKeysFromPath } = require('../utils')
+
+// REVISIT: move to or rewrite in libx/odata
+const metaInfo = require('../../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
 
 const _getCount = result =>
   Array.isArray(result)
@@ -16,17 +21,15 @@ const _calculateNextLink = (req, result) => {
   if ($skiptoken) {
     const queryParamsWithSkipToken = { ...req.http.req.query, $skiptoken }
     // REVISIT: slice replaces leading '/'. Always starts with '/'?
-    result.$nextLink = (
-      req.http.req.path.slice(1) + '?' + querystring.stringify(queryParamsWithSkipToken, '&', '=', { encodeURIComponent: e => e })
-    )
+    result.$nextLink =
+      req.http.req.path.slice(1) +
+      '?' +
+      querystring.stringify(queryParamsWithSkipToken, '&', '=', { encodeURIComponent: e => e })
   }
-
 }
 
 const _calculateSkiptoken = (req, result) => {
-  const limit = Array.isArray(req.query)
-    ? getPageSize(req.query[0]._target).max
-    : req.query.SELECT.limit?.rows?.val
+  const limit = Array.isArray(req.query) ? getPageSize(req.query[0]._target).max : req.query.SELECT.limit?.rows?.val
   const top = parseInt(req.http.req.query.$top)
   if (limit === result.length && limit !== top) {
     const token = req.http.req.query.$skiptoken
@@ -64,18 +67,34 @@ const _reliablePagingPossible = req => {
 
 module.exports = srv =>
   function read(req, res, next) {
-    const query = cds.odata.parse(req.url, { service: srv, baseUrl: req.baseUrl })
+    if (req._preferReturn) {
+      const message = `The 'return' preference is not allowed in ${req.method} requests`
+      return res.status(400).json({ error: { code: '400', message } })
+    }
+
+    const { _query: query } = req
+
+    // mainly for @odata.context
+    const info = metaInfo(query, 'READ', srv, {}, req, false)
+
+    const lastPathElement = req.path.split('/').slice(-1)[0]
+
+    handleStreamProperties(query.target, query.SELECT.columns, srv.model)
 
     // we need the cds request, so we can access the modified query, which is cloned due to lean-draft, so we need to use dispatch here and pass a cds req
-    const cdsReq = new cds.Request({query})
+    const cdsReq = new cds.Request({ query })
+    // for read and delete, we provide keys in req.data
+    cdsReq.data = getKeysFromPath(query.SELECT.from, srv)
+
+    // REVISIT: what is this for? some tests fail without it... we should find a better solution!
+    Object.defineProperty(query.SELECT, '_4odata', { value: true })
+
     return srv
       .dispatch(cdsReq)
       .then(result => {
-        if (!result.$nextLink) {
-          _calculateNextLink(cdsReq, result)
-        }
+        if (result == null && query._target._isSingleton && query._target['@odata.singleton.nullable'])
+          return res.sendStatus(204)
 
-        const lastPathElement = req.path.split('/').slice(-1)[0]
         if (lastPathElement === '$count') {
           result = _getCount(result)
           return res.send(result.toString())
@@ -83,12 +102,15 @@ module.exports = srv =>
           return res.send(result[query._propertyAccess].toString())
         }
 
-        // mainly for @odata.context
-        const info = metaInfo(query, 'READ', srv, {}, req, false)
+        if (query._propertyAccess && result[query._propertyAccess] === null) return res.sendStatus(204)
+
+        if (result == null) return res.status(404).json({ error: { code: '404', message: 'Not Found' } })
+
+        if (info.metadata.isCollection && !result.$nextLink) _calculateNextLink(cdsReq, result)
         result = toODataResult(result, info)
 
         // Express interprets numbers as HTTP status codes
-        return res.send(typeof result === 'number' ? result.toString() : result)
+        res.send(typeof result === 'number' ? result.toString() : result)
       })
       .catch(next)
   }

package/libx/odata/{service-document.js → middleware/service-document.js}

@@ -1,5 +1,6 @@
+const cds = require('../../../')
+
 const crypto = require('crypto')
-const cds = require('../../lib')
 
 const normalize_header = value => {
   return value.split(',').map(str => str.trim())

package/libx/odata/middleware/stream.js

@@ -0,0 +1,237 @@
+const cds = require('../../../')
+const { Readable } = require('node:stream')
+const getError = require('../../_runtime/common/error')
+const { getTransition } = require('../../_runtime/common/utils/resolveView')
+const LOG = cds.log('odata')
+const { getKeysFromPath } = require('../utils')
+
+const _resolveContentProperty = (target, annotName, resolvedProp) => {
+  if (target.elements[resolvedProp]) {
+    return resolvedProp
+  }
+  LOG._warn &&
+    LOG.warn(
+      `"${annotName}" in entity "${target.name}" points to property "${resolvedProp}" which was renamed or is not part of the projection. You must update the annotation value.`
+    )
+  const mapping = getTransition(target, cds.db).mapping
+  const key = [...mapping.entries()].find(({ 1: val }) => val.ref[0] === resolvedProp)
+  return key?.length && key[0]
+}
+
+const isStream = query => {
+  const { _propertyAccess, target } = query
+  const element = target.elements[_propertyAccess]
+  return Boolean(element?.['@Core.MediaType'])
+}
+
+const isStreamByDollarValue = (query, previous, last) => {
+  return query.SELECT.one && last === '$value' && !(previous in query.target.elements)
+}
+
+const _addMetadataProperty = (query, property, annotName, odataName) => {
+  if (typeof property[annotName] === 'object') {
+    const contentProperty = _resolveContentProperty(
+      query.target,
+      annotName,
+      property[annotName]['='].replaceAll(/\./g, '_')
+    )
+    query.target.elements[contentProperty]
+      ? query.SELECT.columns.push({ ref: [contentProperty], as: odataName })
+      : LOG._warn &&
+        LOG.warn(`"${annotName.split('.')[1]}" ${contentProperty} not found in entity "${query.target.name}".`)
+  } else {
+    query.SELECT.columns.push({ val: property[annotName], as: odataName })
+  }
+}
+
+const addStreamMetadata = query => {
+  // new odata parser sets streaming property in SELECT.from
+  const ref = query.SELECT.columns?.[0].ref || query.SELECT.from.ref
+  const propertyName = ref[ref.length - 1]
+  let mediaTypeProperty
+  for (let key in query.target.elements) {
+    const val = query.target.elements[key]
+    if (val['@Core.MediaType'] && val.name === propertyName) {
+      mediaTypeProperty = val
+      break
+    }
+  }
+
+  _addMetadataProperty(query, mediaTypeProperty, '@Core.MediaType', '$mediaContentType')
+
+  if (mediaTypeProperty['@Core.ContentDisposition.Filename']) {
+    _addMetadataProperty(
+      query,
+      mediaTypeProperty,
+      '@Core.ContentDisposition.Filename',
+      '$mediaContentDispositionFilename'
+    )
+  }
+
+  if (mediaTypeProperty['@Core.ContentDisposition.Type']) {
+    query.SELECT.columns.push({
+      val: mediaTypeProperty['@Core.ContentDisposition.Type'],
+      as: '$mediaContentDispositionType'
+    })
+  }
+}
+
+const validateStream = (req, res, result) => {
+  // REVISIT: compat, should actually be treated as object
+  if (!Array.isArray(result)) result = [result]
+
+  // Reading one entity or a property of it should yield only a result length of one.
+  if (result.length === 0 || result[0] === undefined) {
+    if (req.headers['if-none-match']) {
+      // TODO this should probably end the request?
+      res.status(304)
+      return
+    }
+    throw getError(404)
+  }
+
+  if (result.length > 1) throw getError(400)
+
+  if (result[0] === null) return null
+
+  result = result[0]
+
+  const headers = req.headers
+  const contentType = result.$mediaContentType
+
+  if (!headers?.accept || !contentType) return
+
+  if (
+    !headers.accept.includes('*/*') &&
+    !headers.accept.includes(contentType) &&
+    !headers.accept.includes(contentType.split('/')[0] + '/*')
+  ) {
+    throw Object.assign(new Error(`Content type "${contentType}" not listed in accept header "${headers.accept}".`), {
+      statusCode: 406
+    })
+  }
+}
+
+const _ensureStream = stream => {
+  if (stream === null) return null
+  // temp workaround for url streaming
+  const stream_ = new Readable()
+  stream_.push(stream)
+  stream_.push(null)
+  return stream_
+}
+
+const normalizeStream = (result, propertyName, lastPathElement, target) => {
+  let readable = result
+  if (typeof result === 'object') {
+    if (propertyName && result[propertyName] !== undefined) {
+      readable = result[propertyName]
+    }
+    // implicit streaming
+    else if (lastPathElement === '$value') {
+      const property = Object.values(target.elements).find(
+        el => el.type === 'cds.LargeBinary' && result[el.name] !== undefined
+      )
+      readable = property && result[property.name]
+    }
+    // result.value can be obtained from custom handlers
+    else if (result.value !== undefined) {
+      readable = result.value
+    }
+  }
+
+  if (!(readable instanceof Readable)) {
+    readable = _ensureStream(readable)
+  }
+
+  if (readable) {
+    readable.on('error', () => {
+      readable.removeAllListeners('error')
+      // readable.destroy() does not end stream in node 10 and 12
+      readable.push(null)
+    })
+  }
+
+  return readable
+}
+
+const setStreamingHeaders = (result, res) => {
+  // backwards compatibility for content-type in stream
+  if (result['$mediaContentType']) res.setHeader('Content-Type', result.$mediaContentType)
+  else if (result['*@odata.mediaContentType']) res.setHeader('Content-Type', result['*@odata.mediaContentType'])
+  else res.setHeader('Content-Type', 'application/octet-stream')
+
+  if ('$mediaContentDispositionFilename' in result) {
+    const cdt = result.$mediaContentDispositionType || 'attachment'
+    res.setHeader(
+      'Content-Disposition',
+      `${cdt}; filename="${encodeURIComponent(result.$mediaContentDispositionFilename)}"`
+    )
+  }
+}
+
+const stream = srv =>
+  function streamHandler(req, res, next) {
+    const { _query: query } = req
+
+    const [previous, lastPathElement] = req.path.split('/').slice(-2)
+    const _isStreamByDollarValue = isStreamByDollarValue(query, previous, lastPathElement)
+
+    if (_isStreamByDollarValue) {
+      for (const k in query.target.elements) {
+        if (query.target.elements[k]['@Core.MediaType']) {
+          query.SELECT.columns = [{ ref: [k] }]
+          query._propertyAccess = k
+          break
+        }
+      }
+    }
+
+    query.SELECT.columns ??= ['*']
+
+    const _isStream = isStream(query) || _isStreamByDollarValue
+
+    if (!_isStream) {
+      return next(null, req, res)
+    }
+
+    if (!query.target['@cds.persistence.skip']) addStreamMetadata(query)
+
+    // we need the cds request, so we can access the modified query, which is cloned due to lean-draft, so we need to use dispatch here and pass a cds req
+    const cdsReq = new cds.Request({ query })
+    // for read and delete, we provide keys in req.data
+    cdsReq.data = getKeysFromPath(query.SELECT.from, srv)
+
+    // REVISIT: what is this for? some tests fail without it... we should find a better solution!
+    Object.defineProperty(query.SELECT, '_4odata', { value: true })
+
+    return srv.tx(() => {
+      return srv
+        .dispatch(cdsReq)
+        .then(async result => {
+          validateStream(req, res, result)
+
+          const stream = normalizeStream(result, query._propertyAccess, lastPathElement, query.target)
+          if (stream === null) {
+            if (req.headers['if-none-match']) {
+              return res.status(304).json({})
+            }
+            return res.status(204).json({})
+          }
+
+          setStreamingHeaders(result, res)
+
+          return new Promise((resolve, reject) => {
+            stream.pipe(res)
+            stream.on('end', () => resolve(result))
+            stream.once('error', reject)
+          })
+        })
+        .catch(next)
+    })
+  }
+
+module.exports = {
+  stream,
+  isStream
+}

package/libx/odata/middleware/update.js

@@ -0,0 +1,165 @@
+const cds = require('../../../')
+const { INSERT, UPDATE } = cds.ql
+
+const { toODataResult } = require('../utils/result')
+const { odataError, getKeysFromPath } = require('../utils')
+
+const { deepCopy } = require('../../_runtime/common/utils/copy')
+
+// REVISIT: move to or rewrite in libx/odata
+const { readAfterWrite } = require('../../_runtime/cds-services/adapter/odata-v4/utils/readAfterWrite')
+const metaInfo = require('../../_runtime/cds-services/adapter/odata-v4/utils/metaInfo')
+
+const _isUpsertAllowed = ({ target, data, event }) => {
+  return (
+    !(cds.env.runtime && cds.env.runtime.allow_upsert === false) &&
+    !(target && target._isDraftEnabled && (!cds.env.fiori.lean_draft || (!data.IsActiveEntity && event === 'PATCH')))
+  )
+}
+
+const _isNavigationWithKeyInParent = (keys, data, pathExpression, model) => {
+  // keys not in data
+  if (keys && Object.keys(keys).some(key => key in data)) {
+    return false
+  }
+
+  const nav = pathExpression.ref && pathExpression.ref.length !== 0 && pathExpression.ref[1]
+  const parent = pathExpression.ref && pathExpression.ref[0].id
+
+  // not a navigation
+  if (!parent || !nav) {
+    return false
+  }
+
+  const navID = typeof nav === 'string' ? nav : nav.id
+  const navElement = model.definitions[parent].elements[navID]
+
+  // not a containment
+  if (!navElement._isContained) {
+    return false
+  }
+
+  const where = pathExpression.ref[0].where
+  return parent && navElement && where
+}
+
+const _hasEtag = target => target._etag
+
+module.exports = srv =>
+  function update(req, res, next) {
+    const { _query: query } = req
+
+    const {
+      SELECT: { one, from }
+    } = query
+
+    // REVISIT: patch on collection is allowed in odata 4.01
+    if (!one) {
+      return res.status(405).json(odataError('405', `Method ${req.method} not allowed for ENTITY.COLLECTION`))
+    }
+
+    // REVISIT: better
+    const isPropertyAccess = !!query._propertyAccess
+
+    const updateData = isPropertyAccess ? { [query._propertyAccess]: req.body.value } : deepCopy(req.body)
+
+    if (!isPropertyAccess) {
+      // add keys from url into payload (overwriting if already present)
+      Object.assign(updateData, getKeysFromPath(from, srv))
+
+      // assert complex
+      const assertOptions = { filter: true, http: { req }, mandatories: req.method === 'PUT' || undefined }
+      const errs = cds.assert(updateData, query.target, assertOptions)
+      if (errs) {
+        if (errs.length === 1) throw errs[0]
+        throw Object.assign(new Error('MULTIPLE_ERRORS'), { statusCode: 400, details: errs })
+      }
+    } else {
+      // TODO: assert primitive
+    }
+
+    const updateQuery = UPDATE.entity(from).with(updateData)
+
+    // we need the cds request, so we can access req._.readAfterWrite
+    const cdsReq = new cds.Request({ query: updateQuery })
+
+    // REVISIT: adjust in getter?
+    if (req.method === 'PUT') cdsReq.method = 'PUT'
+
+    // rewrite event for draft-enabled entities
+    if (query.target._isDraftEnabled) cdsReq.event = 'PATCH'
+
+    return srv
+      .dispatch(cdsReq)
+      .then(async result => {
+        if (!(isPropertyAccess && !_hasEtag(query.target)) && cdsReq._.readAfterWrite) {
+          // TODO see if in old odata impl for other checks that should happen
+          result = await readAfterWrite(cdsReq, srv, { operation: { result } })
+        }
+
+        // REVISIT: metaInfo needs original query in case of property access, but why?
+        const info = metaInfo(isPropertyAccess ? query : updateQuery, 'UPDATE', srv, result, req)
+
+        if (
+          result == null ||
+          req._preferReturn === 'minimal' ||
+          (isPropertyAccess && result[query._propertyAccess] == null) ||
+          info.metadata.isStream
+        )
+          return res.sendStatus(204)
+
+        result = toODataResult(result, info)
+        return res.send(result)
+      })
+      .catch(async e => {
+        // UPSERT
+        const is404 = e.code === 404 || e.status === 404 || e.statusCode === 404
+        if (
+          is404 &&
+          !isPropertyAccess &&
+          _isUpsertAllowed({ target: query.target, data: updateData, event: req.method })
+        ) {
+          // PUT / PATCH with if-match header means "only if already exists" -> no insert if it does not
+          if (req.headers['if-match']) throw Object.assign(new Error('412'), { statusCode: 412 })
+
+          // check only works with req.body and not with updateDate
+          if (_isNavigationWithKeyInParent(query.target.keys, req.body, from, srv.model)) {
+            // REVISIT: better error message
+            return res.status(422).json(odataError('422', `Unprocessable Entity`))
+          }
+
+          // REVISIT:
+          //   can we somehow "replay" the request with POST?
+          //   or should we call the create handler directly?
+
+          const insertData = deepCopy(req.body)
+
+          // add keys from url into payload (overwriting if already present)
+          Object.assign(insertData, getKeysFromPath(from, srv))
+
+          // assert payload
+          const assertOptions = { filter: true, http: { req }, mandatories: true }
+          const errs = cds.assert(insertData, query.target, assertOptions)
+          if (errs) {
+            if (errs.length === 1) throw errs[0]
+            throw Object.assign(new Error('MULTIPLE_ERRORS'), { statusCode: 400, details: errs })
+          }
+
+          // REVISIT: up_XX needs to be looked up -> composition of aspect
+          const insertQuery = INSERT.into(from).entries(insertData)
+          const cdsReq = new cds.Request({ query: insertQuery })
+          let result = await srv.dispatch(cdsReq)
+
+          if (cdsReq._.readAfterWrite) {
+            // TODO see if in old odata impl for other checks that should happen
+            result = await readAfterWrite(cdsReq, srv, { operation: { result } })
+          }
+
+          const info = metaInfo(insertQuery, 'CREATE', srv, result, req)
+          result = toODataResult(result, info)
+          return res.status(201).send(result)
+        }
+        throw e
+      })
+      .catch(next)
+  }