@sap/cds 7.9.3 → 8.0.3

package/libx/odata/middleware/update.js

@@ -1,48 +1,58 @@
 const cds = require('../../../')
 const { UPDATE } = cds.ql
 
-const { toODataResult, postProcess } = require('../utils/result')
-const { getKeysAndParamsFromPath, handleSapMessages, getPreferReturnHeader } = require('../utils')
-const { deepCopy } = require('../../_runtime/common/utils/copy')
-
-const readAfterWrite = require('../utils/readAfterWrite')
-const metaInfo = require('../utils/metaInfo')
+const {
+  calculateLocationHeader,
+  handleSapMessages,
+  getPreferReturnHeader,
+  extractIfNoneMatch,
+  isStream
+} = require('../utils')
+const getODataMetadata = require('../utils/metadata')
+const postProcess = require('../utils/postProcess')
+const readAfterWrite4 = require('../utils/readAfterWrite')
+const getODataResult = require('../utils/result')
+
+const { getKeysAndParamsFromPath } = require('../../common/utils')
 
 const _isUpsertAllowed = ({ target, data, event }) => {
   return (
     !(cds.env.runtime && cds.env.runtime.allow_upsert === false) &&
-    !(target && target._isDraftEnabled && (!cds.env.fiori.lean_draft || (!data.IsActiveEntity && event === 'PATCH')))
+    !(target && target._isDraftEnabled && !data.IsActiveEntity && event === 'PATCH')
   )
 }
-
-const _isNavigationWithKeyInParent = (keys, data, pathExpression, model) => {
-  // keys not in data
-  if (keys && Object.keys(keys).some(key => key in data)) {
-    return false
-  }
-
-  const nav = pathExpression.ref && pathExpression.ref.length !== 0 && pathExpression.ref[1]
-  const parent = pathExpression.ref && pathExpression.ref[0].id
+// Not supported:
+// 1) If some parent entity needs to be updated, reason: we only generate one CQN statement for the target.
+// 2) If the foreign key is not known, i.e. when having no key information of the immediate parent, e.g. /Root(1)/foo/bar
+const upsertSupported = (pathExpression, model) => {
+  const pathExpressionRef = pathExpression?.ref
 
   // not a navigation
-  if (!parent || !nav) {
-    return false
-  }
+  if (pathExpressionRef.length < 2) return true
+
+  // foreign key is not known
+  if (!pathExpressionRef[pathExpressionRef.length - 2].where) return false
 
-  const navID = typeof nav === 'string' ? nav : nav.id
-  const navElement = model.definitions[parent].elements[navID]
+  let currentEntity = model.definitions[pathExpressionRef[0].id]
+  let navElement
 
-  // not a containment
-  if (!navElement._isContained) {
-    return false
+  for (let i = 1; i < pathExpressionRef.length; i++) {
+    const id = typeof pathExpressionRef[i] === 'string' ? pathExpressionRef[i] : pathExpressionRef[i].id
+    navElement = currentEntity.elements[id]
+    currentEntity = navElement._target
   }
 
-  const where = pathExpression.ref[0].where
-  return parent && navElement && where
+  // disallow processing of requests along associations to one and containments
+  if (!navElement.is2one || navElement._isContained) return true
+
+  return navElement._foreignKeys.every(foreignKey => foreignKey.parentElement.key)
 }
 
-module.exports = (srv, router) =>
-  function update(req, res, next) {
+module.exports = adapter => {
+  const { service } = adapter
+  const _readAfterWrite = readAfterWrite4(adapter, 'update')
+
+  return function update(req, res, next) {
     // REVISIT: better solution for _propertyAccess
     const {
       SELECT: { one, from },
@@ -60,23 +70,12 @@ module.exports = (srv, router) =>
     }
 
     // payload & params
-    let data = _propertyAccess ? { [_propertyAccess]: req.body.value } : deepCopy(req.body)
-    const { keys, params } = getKeysAndParamsFromPath(from, srv)
+    const data = _propertyAccess ? { [_propertyAccess]: req.body.value } : req.body
+    const { keys, params } = getKeysAndParamsFromPath(from, service)
     // add keys from url into payload (overwriting if already present)
     if (!_propertyAccess) Object.assign(data, keys)
 
-    // assert payload
-    if (!_propertyAccess) {
-      // assert complex
-      const assertOptions = { filter: true, http: { req }, mandatories: req.method === 'PUT' || undefined }
-      const errs = cds.assert(data, target, assertOptions)
-      if (errs) {
-        if (errs.length === 1) throw errs[0]
-        throw Object.assign(new Error('MULTIPLE_ERRORS'), { statusCode: 400, details: errs })
-      }
-    } else {
-      // TODO: assert primitive
-    }
+    const _isDraft = target.drafts && data.IsActiveEntity !== true
 
     // query
     let query = UPDATE.entity(from).with(data)
@@ -85,78 +84,71 @@ module.exports = (srv, router) =>
     const headers = { ...cds.context.http.req.headers, ...req.headers }
 
     // we need a cds.Request for multiple reasons, incl. params, headers, sap-messages, read after write, ...
-    let cdsReq = new cds.Request({ query, params, headers, req, res })
-    Object.defineProperty(cdsReq, 'protocol', { value: 'odata-v4' })
-
-    // API for subrequests of $batch (or incoming request)
-    cdsReq.req = req
-    cdsReq.res = res
-
-    // REVISIT: adjust in getter?
-    if (req.method === 'PUT') cdsReq.method = 'PUT'
+    const cdsReq = adapter.request4({ method: req.method, query, params, headers, req, res })
 
     // rewrite event for draft-enabled entities
-    if (target._isDraftEnabled) cdsReq.event = 'PATCH'
-
-    // REVISIT: only via srv.run in combination with srv.dispatch inside
-    //          we automatically either use a single auto-managed tx for the req (i.e., insert and read after write in same tx)
-    //          or the auto-managed tx opened for the respective atomicity group, if exists
-    return srv
+    if (_isDraft) cdsReq.event = 'PATCH'
+
+    // NOTES:
+    // - only via srv.run in combination with srv.dispatch inside,
+    //   we automatically either use a single auto-managed tx for the req (i.e., insert and read after write in same tx)
+    //   or the auto-managed tx opened for the respective atomicity group, if exists
+    // - in the then block of .run(), the transaction is committed (i.e., before sending the response) if a single auto-managed tx is used
+    return service
       .run(() => {
-        return srv.dispatch(cdsReq).then(result => {
-          handleSapMessages(cdsReq, req, res)
-
-          // TODO: any other checks needed?
-          if (cdsReq._.readAfterWrite && !(_propertyAccess && !target._etag)) {
-            return readAfterWrite(cdsReq, srv, SELECT.one(cdsReq.subject))
-          }
-
+        return service.dispatch(cdsReq).then(result => {
+          // REVISIT: shouldn't read after write be the default behavior (that could be suppressed)?
+          // generic handlers indicate that read after write is required
+          // REVISIT: what does target._etag have to do with it?
+          if (cdsReq._.readAfterWrite && !(_propertyAccess && !target._etag)) return _readAfterWrite(cdsReq)
           return result
         })
       })
       .then(result => {
-        // we use an extra then block, after getting the result, so the transaction is commited, before sending the response
+        handleSapMessages(cdsReq, req, res)
 
+        // case: read after write returns no results, e.g., due to auth (academic but possible)
         if (result == null) return res.sendStatus(204)
 
-        // REVISIT: metaInfo needs original query in case of property access, but why?
-        const info = metaInfo(_propertyAccess ? req._query : query, 'UPDATE', srv, result, req)
-
         const isMinimal = getPreferReturnHeader(req) === 'minimal'
+        postProcess(cdsReq.target, service, result, isMinimal)
 
-        postProcess(cdsReq.target, srv, result, isMinimal)
-
-        if (result['$etag']) res.set('etag', result['$etag'])
+        if (isMinimal && !target._isSingleton) {
+          // determine calculation based on result with req.data as fallback
+          res.set('location', calculateLocationHeader(cdsReq.target, service, result || cdsReq.data))
+        }
+        if (result?.$etag) res.set('ETag', result.$etag) //> must be done after post processing
 
-        if (isMinimal || (query._propertyAccess && result[query._propertyAccess] == null) || info.metadata.isStream) {
+        if (isMinimal || (_propertyAccess && result[_propertyAccess] == null) || isStream(req._query)) {
           return res.sendStatus(204)
         }
 
-        result = toODataResult(result, info)
-        res.set('content-type', 'application/json;IEEE754Compatible=true')
+        const metadata = getODataMetadata(_propertyAccess ? req._query : query, { result })
+        result = getODataResult(result, metadata, { property: _propertyAccess })
         res.send(result)
       })
       .catch(e => {
+        handleSapMessages(cdsReq, req, res)
+
         // if UPSERT is allowed, redirect to POST
         const is404 = e.code === 404 || e.status === 404 || e.statusCode === 404
         const isForcedInsert =
-          (e.code === 412 || e.status === 412 || e.statusCode === 412) && req.headers['if-none-match'] === '*'
+          (e.code === 412 || e.status === 412 || e.statusCode === 412) &&
+          extractIfNoneMatch(req.headers?.['if-none-match']) === '*'
         if (!_propertyAccess && (is404 || isForcedInsert) && _isUpsertAllowed({ target, data, event: req.method })) {
           // PUT / PATCH with if-match header means "only if already exists" -> no insert if it does not
-          if (req.headers['if-match']) {
-            return next(Object.assign(new Error('412'), { statusCode: 412 }))
-          }
-          // (check only works with req.body and not with data)
-          if (_isNavigationWithKeyInParent(target.keys, req.body, from, srv.model)) {
-            return next(Object.assign(new Error('422'), { statusCode: 422 }))
-          }
-          // -> redirect to POST
-          return router.handle(Object.assign(Object.create(req), { method: 'POST' }), res)
-        }
+          if (req.headers['if-match']) return next(Object.assign(new Error('412'), { statusCode: 412 }))
 
-        handleSapMessages(cdsReq, req, res)
+          if (!upsertSupported(from, service.model)) return next(Object.assign(new Error('422'), { statusCode: 422 }))
+
+          // -> forward to POST
+          req.method = 'POST'
+          req.body = JSON.parse(req._raw) // REVISIT: Why do we need that?
+          return next()
+        }
 
         // continue with caught error
         next(e)
       })
   }
+}