@sap/cds 7.9.2 → 8.0.3

package/libx/odata/parse/afterburner.js

@@ -1,4 +1,6 @@
-const cds = require('../../../')
+const cds = require('../../../lib')
+
+const { keysOf, addRefToWhereIfNecessary } = require('../utils')
 
 const { where2obj, resolveFromSelect, targetFromPath } = require('../../_runtime/common/utils/cqn')
 const { findCsnTargetFor } = require('../../_runtime/common/utils/csn')
@@ -6,40 +8,10 @@ const normalizeTimestamp = require('../../_runtime/common/utils/normalizeTimesta
 const { rewriteExpandAsterisk } = require('../../_runtime/common/utils/rewriteAsterisks')
 const resolveStructured = require('../../_runtime/common/utils/resolveStructured')
 
-const _addKeysDeep = (keys, keysCollector, ignoreManagedBacklinks) => {
-  for (const keyName in keys) {
-    const key = keys[keyName]
-    const foreignKey = key._foreignKey4
-    if (key.isAssociation || foreignKey === 'up_' || key['@cds.api.ignore'] === true) continue
-
-    if (ignoreManagedBacklinks && foreignKey) {
-      const navigationElement = keys[foreignKey]
-      if (!navigationElement.on && navigationElement._isBacklink) {
-        // skip navigation elements that are backlinks
-        continue
-      }
-    }
-
-    if ('elements' in key) {
-      _addKeysDeep(key.elements, keysCollector)
-      continue
-    }
-    keysCollector.push(keyName)
-  }
-}
-
-function _keysOf(entity, ignoreManagedBacklinks) {
-  const keysCollector = []
-  if (!entity || !entity.keys) return keysCollector
-
-  _addKeysDeep(entity.keys, keysCollector, ignoreManagedBacklinks)
-  return keysCollector
-}
-
 function _getDefinition(definition, name, namespace) {
   return (
-    (definition.definitions && definition.definitions[name]) ||
-    (definition.elements && definition.elements[name]) ||
+    definition?.definitions?.[name] ||
+    definition?.elements?.[name] ||
     (definition.actions && (definition.actions[name] || definition.actions[name.replace(namespace + '.', '')])) ||
     definition[name]
   )
@@ -48,6 +20,7 @@ function _getDefinition(definition, name, namespace) {
 function _resolveAliasesInRef(ref, target) {
   if (ref.length === 1) {
     if (target.keys[ref[0]]) return ref
+
     // resolve multi-part refs for innermost ref in url
     if (target._flattenedKeys === undefined) {
       const flattenedKeys = []
@@ -55,11 +28,14 @@ function _resolveAliasesInRef(ref, target) {
         if (!target.keys[key].elements) continue
         flattenedKeys.push(...resolveStructured({ element: target.keys[key], structProperties: [] }, false, true))
       }
+
       target._flattenedKeys = flattenedKeys.length ? flattenedKeys : null
     }
+
     const fk = target._flattenedKeys?.find(fk => fk.key === ref[0])
     if (fk) return [...fk.resolved]
   }
+
   for (const seg of ref) {
     target = target.elements[seg.id || seg]
     if (!target) return ref
@@ -68,11 +44,13 @@ function _resolveAliasesInRef(ref, target) {
       if (seg.where) _resolveAliasesInXpr(seg.where, target)
     }
   }
+
   return ref
 }
 
 function _resolveAliasesInXpr(xpr, target) {
   if (!target || !xpr) return
+
   for (const el of xpr) {
     if (el.xpr) _resolveAliasesInXpr(el.xpr, target)
     if (el.args) _resolveAliasesInXpr(el.args, target)
@@ -82,6 +60,7 @@ function _resolveAliasesInXpr(xpr, target) {
 
 function _resolveAliasesInNavigation(cqn, target) {
   if (!target || !cqn) return
+
   if (cqn.SELECT.from.SELECT) _resolveAliasesInNavigation(cqn.SELECT.from, target)
   if (cqn.SELECT.where) _resolveAliasesInXpr(cqn.SELECT.where, target)
   if (cqn.SELECT.having) _resolveAliasesInXpr(cqn.SELECT.having, target)
@@ -90,35 +69,25 @@ function _resolveAliasesInNavigation(cqn, target) {
 function _addDefaultParams(ref, view) {
   const params = view.params
   const defaults = params && Object.values(params).filter(p => p.default)
+
   if (defaults && defaults.length > 0) {
     if (!ref.where) ref.where = []
     for (const def of defaults) {
-      if (ref.where.find(e => e.ref && e.ref[0] === def.name)) {
-        continue
-      }
+      if (ref.where.find(e => e.ref && e.ref[0] === def.name)) continue
       if (ref.where.length > 0) ref.where.push('and')
       ref.where.push({ ref: [def.name] }, '=', { val: def.default.val })
     }
   }
 }
 
-// case: single key without name, e.g., Foo(1)
-function addRefToWhereIfNecessary(where, entity) {
-  if (!where || where.length !== 1) return 0
-
-  const isView = !!entity.params
-
-  const keys = isView ? Object.keys(entity.params) : _keysOf(entity)
-  if (keys.length !== 1) return 0
-  where.unshift(...[{ ref: [keys[0]] }, '='])
-  return 1
-}
-
 function getResolvedElement(entity, { ref }) {
   const element = entity.elements[ref[0]]
+
   if (element && element.isAssociation && ref.length > 1) {
     return getResolvedElement(element._target, { ref: ref.slice(1) })
-  } else if (element && element._isStructured) {
+  }
+
+  if (element && element._isStructured) {
     return getResolvedElement(element, { ref: ref.slice(1) })
   }
 
@@ -133,18 +102,15 @@ function _processWhere(where, entity) {
     const operator = where[i + 1]
     const val = where[i + 2]
 
-    if (ref in forbidden || val in forbidden || ref.func) {
-      continue
-    }
+    if (ref in forbidden || val in forbidden || ref.func) continue
+
     if (ref.xpr) {
       _processWhere(ref.xpr, entity)
       continue
     }
 
-    if (operator in forbidden) {
-      // xpr check needs to be done first, else it could happen, that we ignore xpr OR xpr
-      continue
-    }
+    // xpr check needs to be done first, else it could happen, that we ignore xpr OR xpr
+    if (operator in forbidden) continue
 
     let valIndex = -1
     let refIndex = -1
@@ -152,6 +118,7 @@ function _processWhere(where, entity) {
       if (val.val !== undefined) valIndex = i + 2
       if (val.ref != undefined) refIndex = i + 2
     }
+
     if (typeof ref === 'object') {
       if (ref.val !== undefined) valIndex = i
       if (ref.ref != undefined) refIndex = i
@@ -172,6 +139,7 @@ function _processWhere(where, entity) {
 
 function _convertVal(value, element) {
   if (value === null) return value
+
   switch (element._type) {
     // numbers
     case 'cds.UInt8':
@@ -182,33 +150,42 @@ function _convertVal(value, element) {
         const msg = `Element "${element.name}" does not contain a valid Integer`
         throw Object.assign(new Error(msg), { statusCode: 400 })
       }
+
       // eslint-disable-next-line no-case-declarations
       const n = Number(value)
       if (!Number.isSafeInteger(n)) {
         const msg = `Element "${element.name}" does not contain a valid Integer`
         throw Object.assign(new Error(msg), { statusCode: 400 })
       }
+
       if (element._type === 'cds.UInt8' && n < 0) {
         const msg = `Element "${element.name}" does not contain a valid positive Integer`
         throw Object.assign(new Error(msg), { statusCode: 400 })
       }
+
       return n
+
     case 'cds.Double':
       return parseFloat(value)
+
     case 'cds.Decimal':
     case 'cds.DecimalFloat':
     case 'cds.Int64':
     case 'cds.Integer64':
       if (typeof value === 'string') return value
       return String(value)
+
     // others
     case 'cds.String':
     case 'cds.LargeString':
       return String(value)
+
     case 'cds.Boolean':
       return typeof value === 'string' ? value === 'true' : value
+
     case 'cds.Timestamp':
       return normalizeTimestamp(value)
+
     default:
       return value
   }
@@ -220,10 +197,12 @@ const getStructRef = (element, ref = []) => {
       getStructRef(element.parent, ref)
       ref.push(element.name)
     }
+
     if (element.parent.kind === 'entity') {
       ref.push(element.name)
     }
   }
+
   return ref
 }
 
@@ -232,46 +211,71 @@ const getStructTargetName = element => {
     if (element.parent.kind === 'element') {
       return getStructTargetName(element.parent)
     }
+
     if (element.elements && element.parent.kind === 'entity') {
       return element.parent.name
     }
   }
 }
 
-function _processSegments(from, model, namespace, cqn, protocol) {
-  const { ref } = from
+const _getDataFromParams = (params, operation) => {
+  try {
+    return Object.keys(params).reduce((acc, cur) => {
+      acc[cur] =
+        typeof params[cur] === 'string' && (operation.params[cur]?.elements || operation.params[cur]?.items)
+          ? JSON.parse(params[cur])
+          : params[cur]
+      return acc
+    }, {})
+  } catch (e) {
+    throw Object.assign(e, { statusCode: 400, internal: e.message, message: 'Malformed parameters' })
+  }
+}
 
-  let current = model
-  let path
-  let keys = null
-  let keyCount = 0
-  let incompleteKeys = false
-  let one
-  let target
-
-  function _handleCollectionBoundActions(i) {
-    let action
-    if (current.actions) {
-      const nextRef = typeof ref[i + 1] === 'string' && ref[i + 1]
-      const shortName = nextRef && nextRef.replace(namespace + '.', '')
-      action = shortName && current.actions[shortName]
-    }
+function _handleCollectionBoundActions(current, ref, i, namespace, one) {
+  let action
 
-    incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
+  if (current.actions) {
+    const nextRef = (typeof ref[i + 1] === 'string' && ref[i + 1]) || ref[i + 1]?.id
+    const shortName = nextRef && nextRef.replace(namespace + '.', '')
+    action = shortName && current.actions[shortName]
+  }
 
-    if (incompleteKeys && action) {
-      if (
-        action['@cds.odata.bindingparameter.collection'] ||
-        (action.params && Object.values(action.params).some(e => e?.items?.type === '$self'))
-      ) {
-        incompleteKeys = false
-      } else {
-        const msg = `${action.kind[0].toUpperCase() + action.kind.slice(1)} "${action.name}" must be called on a single instance of ${current.name}`
-        throw Object.assign(new Error(msg), { statusCode: 400 })
-      }
+  let incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
+  if (!action) return incompleteKeys
+
+  const onCollection = !!(
+    action['@cds.odata.bindingparameter.collection'] || action?.params?.some(p => p?.items?.type === '$self')
+  )
+
+  if (onCollection && one) {
+    const msg = `${action.kind.at(0).toUpperCase() + action.kind.slice(1)} "${action.name}" must be called on a collection of ${current.name}`
+    throw Object.assign(new Error(msg), { statusCode: 400 })
+  }
+
+  if (incompleteKeys) {
+    if (!onCollection) {
+      const msg = `${action.kind.at(0).toUpperCase() + action.kind.slice(1)} "${action.name}" must be called on a single instance of ${current.name}`
+      throw Object.assign(new Error(msg), { statusCode: 400 })
     }
+
+    incompleteKeys = false
   }
 
+  return incompleteKeys
+}
+
+function _processSegments(from, model, namespace, cqn, protocol) {
+  const { ref } = from
+
+  let current = model,
+    path,
+    keys = null,
+    keyCount = 0,
+    incompleteKeys = false,
+    one,
+    target
+
   for (let i = 0; i < ref.length; i++) {
     const seg = ref[i].id || ref[i]
     const whereRef = ref[i].where
@@ -279,7 +283,7 @@ function _processSegments(from, model, namespace, cqn, protocol) {
 
     if (incompleteKeys) {
       // > key
-      keys = keys || _keysOf(current, protocol !== 'rest') // if odata, skip backlinks as key as they are used from structure
+      keys = keys || keysOf(current, protocol !== 'rest') // if odata, skip backlinks as key as they are used from structure
       let key = keys[keyCount++]
       one = true
       const element = current.elements[key]
@@ -297,6 +301,7 @@ function _processSegments(from, model, namespace, cqn, protocol) {
         const val = _convertVal(seg, element)
         base.where.push({ ref: [key] }, '=', { val })
       }
+
       ref[i] = null
       ref[i - keyCount] = base
       incompleteKeys = keyCount < keys.length
@@ -307,14 +312,17 @@ function _processSegments(from, model, namespace, cqn, protocol) {
       one = false
 
       path = path ? path + `${path.match(/:/) ? '.' : ':'}${seg}` : seg
+
       // REVISIT: replace use case: <namespace>.<entity>_history is at <namespace>.<entity>.history
       current = _getDefinition(current, seg, namespace) || _getDefinition(current, seg.replace(/_/g, '.'), namespace)
+
       // REVISIT: 404 or 400?
       if (!current) cds.error(`Invalid resource path "${path}"`, { code: '404', statusCode: 404 })
 
       if (current.params && current.kind === 'entity') {
         // > View with params
         target = current
+
         if (whereRef) {
           keyCount += addRefToWhereIfNecessary(ref[i].where, current)
           _resolveAliasesInXpr(ref[i].where, current)
@@ -323,9 +331,7 @@ function _processSegments(from, model, namespace, cqn, protocol) {
 
         _addDefaultParams(ref[i], current)
         if ((!params || !Object.keys(params).length) && ref[i].where) params = where2obj(ref[i].where)
-
         _checkAllKeysProvided(params, current)
-
         ref[i].args = {}
 
         const where = ref[i].where
@@ -335,23 +341,27 @@ function _processSegments(from, model, namespace, cqn, protocol) {
           ref[i].args[whereElement.ref[0]] = where[j + 2]
           j += 2
         }
+
         ref[i].where = undefined
+
         if (ref[i + 1] !== 'Set') {
           // /Set is missing
           const msg = `Invalid call to "${current.name}". You need to navigate to Set`
           throw cds.error(msg, { code: '400', statusCode: 400 })
         }
+
         ref[++i] = null
       } else if (current.kind === 'entity') {
         // > entity
         target = current
         one = !!(ref[i].where || current._isSingleton)
 
-        _handleCollectionBoundActions(i)
+        incompleteKeys = _handleCollectionBoundActions(current, ref, i, namespace, one)
 
         if (whereRef) {
           keyCount += addRefToWhereIfNecessary(whereRef, current)
           _resolveAliasesInXpr(whereRef, current)
+
           // in case of Foo(1), params will be {} (before addRefToWhereIfNecessary was called)
           if (!Object.keys(params).length) params = where2obj(ref[i].where)
           _processWhere(ref[i].where, current)
@@ -359,17 +369,18 @@ function _processSegments(from, model, namespace, cqn, protocol) {
         }
       } else if ({ action: 1, function: 1 }[current.kind]) {
         // > action or function
-        if (current.kind === 'action' && ref && ref[ref.length - 1]?.where?.length === 0) {
+        if (current.kind === 'action' && ref && ref.at(-1)?.where?.length === 0) {
           const msg = `Parentheses are not allowed for action calls.`
           throw Object.assign(new Error(msg), { statusCode: 400 })
         }
 
         if (i !== ref.length - 1) {
-          const msg = `${i ? 'Unbound' : 'Bound'} ${current.kind}s are only supported as the last path segment`
-          throw Object.assign(new Error(msg), { statusCode: 501 })
+          const msg = `${i ? 'Bound' : 'Unbound'} ${current.kind}s are only supported as the last path segment`
+          throw Object.assign(new Error(msg), { statusCode: 400 })
         }
+
         ref[i] = { operation: current.name }
-        if (params) ref[i].args = params
+        if (params) ref[i].args = _getDataFromParams(params, current)
         if (current.returns && current.returns._type) one = true
       } else if (current.isAssociation) {
         if (!current._target._service) {
@@ -385,7 +396,7 @@ function _processSegments(from, model, namespace, cqn, protocol) {
         current = model.definitions[current.target]
         target = current
 
-        _handleCollectionBoundActions(i)
+        incompleteKeys = _handleCollectionBoundActions(current, ref, i, namespace, one)
 
         if (ref[i].where) {
           keyCount += addRefToWhereIfNecessary(ref[i].where, current)
@@ -397,34 +408,40 @@ function _processSegments(from, model, namespace, cqn, protocol) {
         continue
       } else {
         // > property
+
         // we do not support navigations from properties yet
         one = true
+
         // if the last segment is a property, it must be removed and pushed to columns
         target = target || _getDefinition(model, ref[0].id, namespace)
+
         if (getStructTargetName(current) === target.name) {
           // TODO add simple isStructured check before
           if (!cqn.SELECT.columns) cqn.SELECT.columns = []
           const ref = getStructRef(current)
           cqn.SELECT.columns.push({ ref }) // store struct as ref
+
           // we need the keys to generate the correct @odata.context
           for (const key in target.keys || {}) {
             if (key !== 'IsActiveEntity' && !cqn.SELECT.columns.some(c => c.ref?.[0] === key))
               cqn.SELECT.columns.push({ ref: [key] })
           }
+
           Object.defineProperty(cqn, '_propertyAccess', { value: current.name, enumerable: false })
+
           // if we end up with structured, keep path as is, if we end up with property in structured, cut off property
-          if (!current.elements) {
-            from.ref.splice(-1)
-          }
+          if (!current.elements) from.ref.splice(-1)
           break
         } else if (Object.keys(target.elements).includes(current.name)) {
           if (!cqn.SELECT.columns) cqn.SELECT.columns = []
           cqn.SELECT.columns.push({ ref: ref.slice(i) })
+
           // we need the keys to generate the correct @odata.context
           for (const key in target.keys || {}) {
             if (key !== 'IsActiveEntity' && !cqn.SELECT.columns.some(c => c.ref?.[0] === key))
               cqn.SELECT.columns.push({ ref: [key] })
           }
+
           // REVISIT: remove hacky _propertyAccess
           Object.defineProperty(cqn, '_propertyAccess', { value: current.name, enumerable: false })
           from.ref.splice(i)
@@ -436,7 +453,7 @@ function _processSegments(from, model, namespace, cqn, protocol) {
 
   if (incompleteKeys) {
     // > last segment not fully qualified
-    const msg = `Entity "${current.name}" has ${_keysOf(current).length} keys. Only ${keyCount} ${keyCount === 1 ? 'was' : 'were'} provided.`
+    const msg = `Entity "${current.name}" has ${keysOf(current).length} keys. Only ${keyCount} ${keyCount === 1 ? 'was' : 'were'} provided.`
     throw Object.assign(new Error(msg), { statusCode: 400 })
   }
 
@@ -452,6 +469,7 @@ const CSTM_AGGR = '@Aggregation.CustomAggregate'
 function _addKeys(columns, target) {
   let hasAggregatedColumn = false,
     hasStarColumn = false
+
   for (let k = 0; k < columns.length; k++) {
     if (columns[k] === '*') hasStarColumn = true
     else if (columns[k].func || columns[k].func === null) hasAggregatedColumn = true
@@ -466,7 +484,7 @@ function _addKeys(columns, target) {
 
   if (hasStarColumn) return
 
-  const keys = _keysOf(target)
+  const keys = keysOf(target)
 
   for (const key of keys) {
     if (!columns.some(c => (typeof c === 'string' ? c === key : c.ref?.[0] === key))) columns.push({ ref: [key] })
@@ -476,6 +494,7 @@ function _addKeys(columns, target) {
 // remove duplicate * in expand (e.g. expand=*,*)
 function _removeDuplicateAsterisk(columns) {
   let hasExpandStar = false
+
   for (let i = columns.length - 1; i > 0; i--) {
     const column = columns[i]
     if (!hasExpandStar && !column.ref && column?.expand?.[0] === '*') hasExpandStar = true
@@ -489,6 +508,7 @@ const _structProperty = (ref, target) => {
   if (target.elements && target.kind === 'element') {
     return _structProperty(ref.slice(1), target.elements[ref[0]])
   }
+
   return target
 }
 
@@ -504,8 +524,8 @@ function _processColumns(cqn, target, protocol) {
     if (target.kind === 'entity') entity = target
     else if (target.kind === 'action' && target.returns?.kind === 'entity') entity = target.returns
     if (!entity) return
-    _removeDuplicateAsterisk(columns)
 
+    _removeDuplicateAsterisk(columns)
     rewriteExpandAsterisk(columns, entity)
     if (protocol !== 'rest') _addKeys(columns, entity)
   }
@@ -539,6 +559,7 @@ function _processColumns(cqn, target, protocol) {
 const _checkAllKeysProvided = (params, entity) => {
   let keysOfEntity
   const isView = !!entity.params
+
   if (isView) {
     // view with params
     if (params === undefined) {
@@ -549,7 +570,7 @@ const _checkAllKeysProvided = (params, entity) => {
 
     keysOfEntity = Object.keys(entity.params)
   } else {
-    keysOfEntity = _keysOf(entity)
+    keysOfEntity = keysOf(entity)
   }
 
   if (!keysOfEntity) return
@@ -569,8 +590,8 @@ const _checkAllKeysProvided = (params, entity) => {
 
 const _doesNotExistError = (isExpand, refName, targetName) => {
   const msg = isExpand
-    ? `Navigation property "${refName}" is not defined in ${targetName}`
-    : `Property "${refName}" does not exist in ${targetName}`
+    ? `Navigation property "${refName}" is not defined in "${targetName}"`
+    : `Property "${refName}" does not exist in "${targetName}"`
   throw Object.assign(new Error(msg), { statusCode: 400 })
 }
 
@@ -599,6 +620,10 @@ function _validateXpr(xpr, ignoredColumns, target, isOne, model, aliases = []) {
         _validateXpr(x.ref[0].where, ignoredColumns, element._target ?? element.items, isOne, model)
       }
 
+      if (!target?.elements) {
+        _doesNotExistError(false, refName, target.name)
+      }
+
       if (ignoredColumns.includes(refName) || (!target.elements[refName] && !aliases.includes(refName))) {
         _doesNotExistError(x.expand, refName, target.name)
       } else if (x.ref.length > 1) {
@@ -630,6 +655,10 @@ function _validateXpr(xpr, ignoredColumns, target, isOne, model, aliases = []) {
           element = _structProperty(x.ref.slice(1), element)
         }
 
+        if (!element._target) {
+          _doesNotExistError(true, refName, target.name)
+        }
+
         const _ignoredColumns = Object.values(element._target.elements ?? {})
           .filter(element => element['@cds.api.ignore'])
           .map(element => element.name)
@@ -638,6 +667,7 @@ function _validateXpr(xpr, ignoredColumns, target, isOne, model, aliases = []) {
         if (x.where) {
           _validateXpr(x.where, _ignoredColumns, element._target, false, model)
         }
+
         if (x.orderBy) {
           _validateXpr(x.orderBy, _ignoredColumns, element._target, false, model)
         }
@@ -657,6 +687,7 @@ function _validateXpr(xpr, ignoredColumns, target, isOne, model, aliases = []) {
       _validateQuery(x.SELECT, _ignoredColumns, target, x.SELECT.one, model)
     }
   }
+
   return _aliases
 }
 
@@ -680,89 +711,74 @@ function _validateQuery(SELECT, ignoredColumns, target, isOne, model) {
   return aliases
 }
 
-function _4service(service) {
-  const { namespace, model } = service
-  const protocol = service.options?.to
-  if (!model) return cqn => cqn
-
-  return cqn => {
-    const from = resolveFromSelect(cqn)
-    const { ref } = from
-
-    // REVISIT: shouldn't be necessary
-    // Second findCsnTargetFor is required for concat query, where the root is already identified with the first query
-    // and subsequent queries already have correct root
-    /*
-     * make first path segment fully qualified
-     */
-    const root =
-      findCsnTargetFor(ref[0].id || ref[0], model, namespace) ||
-      findCsnTargetFor(
-        ref[0].id?.split('.')[ref[0].id?.split('.').length - 1] || ref[0].split('.')[ref[0].split('.').length - 1],
-        model,
-        namespace
-      )
-    // REVISIT: 404 or 400?
-    if (!root) {
-      cds.error(`Invalid resource path "${namespace}.${ref[0].id || ref[0]}"`, { code: '404', statusCode: 404 })
-    }
-    if (ref[0].id) ref[0].id = root.name
-    else ref[0] = root.name
-
-    /*
-     * key vs. path segments (/Books/1/author/books/2/...) and more
-     */
-    const { one, current, target } = _processSegments(from, model, namespace, cqn, protocol)
-
-    if (cds.env.effective.odata.proxies && cds.env.effective.odata.xrefs && target) {
-      if (!target._service) {
-        // proxy navigation, add keys as columns only
-        const columns = []
-        for (const key in target.keys) {
-          if (target.keys[key].isAssociation) continue
-          columns.push({ ref: [key] })
-        }
-        cqn.SELECT.columns = columns
+module.exports = (cqn, model, namespace, protocol) => {
+  const from = resolveFromSelect(cqn)
+  const { ref } = from
+
+  // REVISIT: shouldn't be necessary
+  // Second findCsnTargetFor is required for concat query, where the root is already identified with the first query
+  // and subsequent queries already have correct root
+  /*
+   * make first path segment fully qualified
+   */
+  const root =
+    findCsnTargetFor(ref[0].id || ref[0], model, namespace) ||
+    findCsnTargetFor(
+      ref[0].id?.split('.')[ref[0].id?.split('.').length - 1] || ref[0].split('.')[ref[0].split('.').length - 1],
+      model,
+      namespace
+    )
+
+  // REVISIT: 404 or 400?
+  if (!root) {
+    cds.error(`Invalid resource path "${namespace}.${ref[0].id || ref[0]}"`, { code: '404', statusCode: 404 })
+  }
+  if (ref[0].id) ref[0].id = root.name
+  else ref[0] = root.name
+
+  // key vs. path segments (/Books/1/author/books/2/...) and more
+  const { one, current, target } = _processSegments(from, model, namespace, cqn, protocol)
+
+  if (cds.env.effective.odata.proxies && cds.env.effective.odata.xrefs && target) {
+    if (!target._service) {
+      // proxy navigation, add keys as columns only
+      const columns = []
+      for (const key in target.keys) {
+        if (target.keys[key].isAssociation) continue
+        columns.push({ ref: [key] })
       }
-    }
 
-    if (cqn.SELECT.where) {
-      _processWhere(cqn.SELECT.where, root)
+      cqn.SELECT.columns = columns
     }
+  }
 
-    // one?
-    if (one) cqn.SELECT.one = true
+  if (cqn.SELECT.where) {
+    _processWhere(cqn.SELECT.where, root)
+  }
 
-    // REVISIT: better
-    // set target (csn definition) for later retrieval
-    cqn.__target = current.parent?.kind === 'entity' ? `${current.parent.name}:$:${current.name}` : current.name
+  // one?
+  if (one) cqn.SELECT.one = true
 
-    // target <=> endpoint entity, all navigation refs must be resolvable accordingly
-    if (cds.env.effective.odata.structs) _resolveAliasesInNavigation(cqn, target)
+  // REVISIT: better
+  // set target (csn definition) for later retrieval
+  cqn.__target = current.parent?.kind === 'entity' ? `${current.parent.name}:$:${current.name}` : current.name
 
-    /*
-     * add default aggregation function (and alias)
-     */
-    _processColumns(cqn, current, protocol)
+  // target <=> endpoint entity, all navigation refs must be resolvable accordingly
+  if (cds.env.effective.odata.structs) _resolveAliasesInNavigation(cqn, target)
 
-    if (target && cds.env.features.odata_new_parser) {
-      const ignoredColumns = Object.values(target.elements ?? {})
-        .filter(element => element['@cds.api.ignore'])
-        .map(element => element.name)
+  /*
+   * add default aggregation function (and alias)
+   */
+  _processColumns(cqn, current, protocol)
 
-      _validateQuery(cqn.SELECT, ignoredColumns, target, one, model)
-    }
+  if (target) {
+    const ignoredColumns = Object.values(target.elements ?? {})
+      .filter(element => element['@cds.api.ignore'])
+      .map(element => element.name)
 
-    return cqn
+    // validate whether only known properties are used in query options
+    _validateQuery(cqn.SELECT, ignoredColumns, target, one, model)
   }
-}
-
-const cache = new WeakMap()
 
-module.exports = {
-  for: service => {
-    if (!cache.has(service)) cache.set(service, _4service(service))
-    return cache.get(service)
-  },
-  addRefToWhereIfNecessary
+  return cqn
 }