@sap/cds 8.2.2 → 8.3.0

package/CHANGELOG.md

@@ -4,6 +4,52 @@
 - The format is based on [Keep a Changelog](http://keepachangelog.com/).
 - This project adheres to [Semantic Versioning](http://semver.org/).
 
+## Version 8.3.0 - 2024-09-30
+
+### Added
+
+- `cds.deploy` can now also write its DDL statements to a separate log
+- Symlinks are followed in `cds test`
+
+### Changed
+
+- Unknown protocols in `@protocol` annotations formerly prevented server starts; they are merely ignored now with a warning in the logs.
+- Deprecated configuration flag `cds.env.features.keys_in_data_compat` because of incompatibility with data validation in new OData adapter.
+- `@cds.api.ignore` doesn't suppress an association, the annotation is propagated to the (generated) foreign keys.
+- Where clauses of restrictions for bound actions and functions defined by `@restrict` are now enforced and no longer ignored.
+- `@cap-js/telemetry` is now loaded before other plugins to allow better instrumentation.
+
+### Fixed
+
+- When modifying active children of of draft-enabled entities directly (`bypass_draft`), the error message was misleading.
+- Cleaning up drafts calls `CANCEL` handlers
+- Allow to call `CANCEL` on draft entities programmatically
+- Encoding of `@odata.nextLink` path
+- Computed fields are ignored in projections
+- Consider `id` in a `ref` step for mapping of service elements to their name on the db.
+- Feature toggles with new OData adapter.
+- Target entity was incorrectly calculated for some actions in new OData adapter.
+- `req.diff()` does not manipulate existing queries anymore.
+- New OData adapter: normalize on commit error in `/$batch`
+
+### Removed
+
+- Alpha support for SAP Event Broker-based messaging (kind `event-broker`). Use CDS plugin `@cap-js/event-broker` instead.
+
+## Version 8.2.3 - 2024-09-20
+
+### Changed
+
+- All annotations in input data are skipped and removed from the input by `cds.validate()` - as we did in legacy OData adapter
+
+### Fixed
+
+- Unmanaged associations are excluded from `@mandatory` checks
+- Properly reject direct requests to `DraftAdministrativeData`
+- Virtual elements annotated with `@Core.MediaType`
+- OData Requests targeting a specific instance and custom handler returns empty array
+- `cds-serve` and `cds-deploy` now set `cds.cli` information
+
 ## Version 8.2.2 - 2024-09-13
 
 ### Fixed
@@ -40,7 +86,9 @@
 
 ### Changed
 
-- Revert workaround from 8.1.0 for server startup message `WARNING: Package '@sap/cds' was loaded from different installations`. This is now addressed in `@sap/cds-mtxs` 2.0.5
+- Revert workaround from 8.1.0 for server startup message `WARNING: Package '@sap/cds' was loaded from different installations`. This is now addressed in `@sap/cds-mtxs` 2.0.5.
+- When parsing CSV files, `cds.deploy` no longer doubles a literal `\` character (backslash) with a second backslash (`\\`), but retains it as-is.  This caused unwanted data changes.
+- Optimized handling of large binaries (BLOBs) in case of drafts. Unchanged BLOBs are not copied into the draft entity. If those BLOBs from draft entities are requested, the unchanged BLOBs will be fetched from the corresponding active entity. Note that this change may require adjustment of custom logic, if large binaries from draft entities are requested (for example, using `ql.SELECT` statement). To restore previous behavior use `cds.features.binary_draft_compat`.
 
 ### Fixed
 
@@ -62,7 +110,6 @@
    [...linked.definitions].map(d => d.name)
    ```
 
-
 ## Version 8.1.1 - 2024-08-08
 
 ### Fixed
@@ -392,7 +439,6 @@
 
 ### Changed
 
-- Optimized handling of large binaries (BLOBs) in case of drafts. Unchanged BLOBs are not copied into the draft entity. If those BLOBs from draft entities are requested, the unchanged BLOBs will be fetched from the corresponding active entity. Note that this change may require adjustment of custom logic, if large binaries from draft entities are requested (for example, using `ql.SELECT` statement). To restore previous behavior use `cds.features.binary_draft_compat`.
 - The index page now lists all service endpoints, which is important for services that are exposed through multiple protocols.
 - `cds.deploy` improves error diagnostics with deeper `Query` object inspection.
 - Slightly changed the default export for ESM compatibility. This fixed failing ESM imports in Vitest tests.

package/bin/serve.js

@@ -158,6 +158,9 @@ async function serve (all=[], o={}) {
   if (o.watch)  return _watch.call(this, o.project,o)   // cds serve --watch <project>
   if (o.project) _chdir_to (o.project)      // cds run --project <project>
 
+  // let plugins know about the CLI
+  cds.cli = { command: 'serve', argv: all, options: o }
+
   // Ensure loading plugins before calling cds.env!
   await cds.plugins
 

package/bin/test.js

@@ -67,7 +67,7 @@ async function find (argv,o,recent) {
   if (files.length && !roots.length && !includes.length) return files //> all files resolved
 
   // Prepare UNIX find command to fetch matching files
-  let find = `find ${roots.join(' ')||'.'} -type f`
+  let find = `find -L ${roots.join(' ')||'.'} -type f`
   if (patterns.length) find += ` \\( ${ patterns.map (p=>`-name "${p.replace(/^([^*])/,'*$1')}"`).join(' -o ') } \\)`
   if (includes.length) find += ` \\( ${ includes.map (p=>`-regex .*${p.replace(/\./g,'\\\\.')}.*`).join(' -o ') } \\)`
   if (excludes.length) find += ` \\( ${ excludes.map (x=>`! -regex .*${x.replace(/\./g,'\\\\.')}.*`).join(' ') } \\)`

package/lib/compile/etc/csv.js

@@ -44,7 +44,7 @@ function parse (csv) {
       }
       else {  // normal char
         if (val === undefined)  val = ''
-        val += c === '\\' ? '\\\\' : c
+        val += c
       }
     }
 

package/lib/dbs/cds-deploy.js

@@ -60,6 +60,9 @@ const deploy = module.exports = function cds_deploy (model, options, csvs) {
 deploy.schema = async function (db, csn = db.model, o) {
 
   if (!o.to || o.to === db.options.kind)  o = { ...db.options, ...o }
+  let schema_log
+  if (Array.isArray(o.schema_log)) schema_log = { log: (...args) => args.length ? o.schema_log.push(...args) : o.schema_log.push('') }
+  else if (o.dry)                  schema_log = console
 
   let drops, creas
   let schevo = (o.kind === 'postgres' && o.schema_evolution !== false)
@@ -82,7 +85,7 @@ deploy.schema = async function (db, csn = db.model, o) {
     }
     o.schema_evolution = 'auto' // for INSERT_from4 below
     // cds deploy --model-only > fills in table cds_model above
-    if (o['model-only']) return o.dry && console.log(after)
+    if (o['model-only']) return o.dry && schema_log.log(after)
     // cds deploy -- with auto schema evolution > upgrade by applying delta to former model
     creas = createsAndAlters
     drops = d
@@ -108,11 +111,11 @@ deploy.schema = async function (db, csn = db.model, o) {
 
   if (!drops.length && !creas.length) return !o.dry
 
-  if (o.dry) {
-    console.log(); for (let each of drops) console.log(each)
-    console.log(); for (let each of creas) console.log(each, '\n')
-    return
+  if (schema_log) {
+    schema_log.log(); for (let each of drops) schema_log.log(each)
+    schema_log.log(); for (let each of creas) schema_log.log(each, '\n')
   }
+  if (o.dry)  return
 
   await db.run(drops)
   await db.run(creas)
@@ -384,6 +387,7 @@ const _entity4 = (file, csn) => {
 
 /** CLI used as via cds-deploy as deployer for PostgreSQL */
 if (!module.parent) (async function CLI () {
+  cds.cli = { command: 'deploy', argv: process.argv.slice(2), options: {} }
   await cds.plugins // IMPORTANT: that has to go before any call to cds.env, like through cds.deploy or cds.requires below
   let db = cds.requires.db
   try {
@@ -400,6 +404,7 @@ if (!module.parent) (async function CLI () {
       if (o.username) (db.credentials ??= {}).username = o.username
       if (o.password) (db.credentials ??= {}).password = o.password
     }
+    cds.cli.options = o
     db = await cds.connect.to(db);
     db = await cds.deploy('*',o).to(db)
   } finally {

package/lib/env/cds-requires.js

@@ -231,19 +231,6 @@ const _messaging = {
     vcap: { label: "enterprise-messaging" },
     outbox: true
   },
-  "event-broker": {
-    impl: `${_runtime}/messaging/event-broker.js`,
-    format: 'cloudevents',
-    vcap: {
-      label: "event-broker"
-    }
-  },
-  "event-broker-internal": {
-    kind: "event-broker",
-    vcap: {
-      label: "eventmesh-sap2sap-internal"
-    }
-  },
   'message-queuing': {
     impl: `${_runtime}/messaging/message-queuing.js`,
     outbox: true

package/lib/linked/validate.js

@@ -46,7 +46,8 @@ class Validation {
     return filter.length ? `(${filter})` : `[${index}]`
   }
 
-  unknown(e,d) {
+  unknown(e,d,input) {
+    if (e.startsWith('@')) return delete input[e] //> skip all annotations, like @odata.Type
     d['@open'] || cds.error (`Property "${e}" does not exist in ${d.name}`, {status:400})
   }
 }
@@ -190,12 +191,13 @@ class struct extends $any {
       if (each.name in skip) continue // skip uplinks in deep inserts -> see Composition.validate()
       if (each.$struct in data) continue // got struct for flattened element/fk, e.g. {author:{ID:1}}
       if (each.elements || each.foreignKeys) continue // skip struct-likes as we check flat payloads above, and deep payloads via struct.validate()
+      if (each.isAssociation) continue // unmanaged associations are always ignored (no value like)
       else ctx.error ('ASSERT_NOT_NULL', path_, each.name) // ASSERT_NOT_NULL should be ASSERT_REQUIRED
     }
     // check values of given data
     for (let each in data) { // will work for structured payloads as well as flattened ones with universal CSN
       let /** @type {$any} */ d = elements[each]
-      if (!d || typeof d === 'function') ctx.unknown (each, this, data) // `each` might be a method of LinkedDefinitions, like filter, map, some, every, ...
+      if (!d) ctx.unknown (each, this, data)
       else if (ctx.cleanse && d._is_readonly()) delete data[each]
       else if (d['@cds.validate'] !== false) d.validate (data[each], path_, ctx)
     }
@@ -310,4 +312,4 @@ $.LargeBinary.prototype .type_check = v => Buffer.isBuffer(v) || typeof v === 's
 $.LargeString.prototype .type_check = v => Buffer.isBuffer(v) || typeof v === 'string' || v instanceof Readable
 
 // Mixin above class extensions to cds.linked.classes
-$.mixin ( Decimal, string, $any, action, array, struct, entity, Association, Composition )
+$.mixin ( Decimal, string, $any, action, array, struct, entity, Association, Composition )

package/lib/log/cds-error.js

@@ -1,17 +1,17 @@
-const { format } = require('util'), _formatted = v => format(v)
+const { format, inspect } = require('../utils/cds-utils')
 
 
 /**
- * This is the implementation of cds.error().
+ * Constructs and optionally throws an Error object.
  * Usage variants:
  *
  *       cds.error `Message with formatted: ${{foo:'bar'}}`
  *       cds.error ({ message, code, ... })
  *       cds.error (message, { code, ... })
- *       let e = new cds.error(...) //> will not throw
+ *       cds.error (status, message, { code, ... })
  *
  * Calling `cds.error()` with `new` returns the newly created Error,
- * while calling it without `new` it throws immediately. The latter is
+ * while calling it without `new` throws immediately. The latter is
  * useful for usages like that:
  *
  *     let x = y || cds.error `Argument 'y' must not be null`
@@ -19,6 +19,7 @@ const { format } = require('util'), _formatted = v => format(v)
 const error = exports = module.exports = function cds_error ( message, details, caller ) {
   let e
   if (message.raw) [ message, details, caller ] = [ error.message(...arguments) ]
+  if (typeof message === 'number') [ message, details ] = [ details, {status:message} ]
   if (typeof message === 'string') {
     e = new Error(message)
   } else {
@@ -41,7 +42,9 @@ const error = exports = module.exports = function cds_error ( message, details,
  *     //> x = A sample message with a string and [object Object], and 1,2,3
  *     //> y = with a string, { an: 'object' }, and [ 1, 2, 3 ]
  */
-exports.message = (strings,...values) => String.raw(strings,...values.map(_formatted))
+exports.message = (strings,...values) => {
+  return String.raw(strings,...values.map(v => format(v)))
+}
 
 
 /**
@@ -53,9 +56,9 @@ exports.message = (strings,...values) => String.raw(strings,...values.map(_forma
  *     typeof x === 'string' || cds.error.expected `${{x}} to be a string`
  *     //> Error: Expected argument 'x' to be a string, but got: { foo: 'bar' }
  */
-const expected = exports.expected = ([,type], arg) => {
+exports.expected = ([,type], arg) => {
   const [ name, value ] = Object.entries(arg)[0]
-  return error (`Expected argument '${name}'${type}, but got: ${require('util').inspect(value,{depth:11})}`, undefined, expected)
+  return error (`Expected argument '${name}'${type}, but got: ${inspect(value)}`, undefined, error.expected)
 }
 
 

package/lib/plugins.js

@@ -1,5 +1,7 @@
-
 const cds = require('.')
+const prio_plugins = {
+  '@cap-js/telemetry': true // to allow better instrumentation.
+}
 
 exports.require = require
 
@@ -31,7 +33,7 @@ exports.activate = async function () {
   const DEBUG = cds.debug ('plugins', {label:'cds'})
   DEBUG?.time ('[cds] - loaded plugins in')
   const { plugins } = cds.env, { local } = cds.utils
-  await Promise.all (Object.entries(plugins) .map (async ([ plugin, conf ]) => {
+  const loadPlugin = async ([plugin, conf]) => {
     DEBUG?.(`loading plugin ${plugin}:`, { impl: local(conf.impl) })
     // TODO: support ESM plugins. But see cap/cds/pull/1838#issuecomment-1177200 !
     const p = require (conf.impl)
@@ -43,7 +45,10 @@ exports.activate = async function () {
       await p.activate(conf)
     }
     return p
-  }))
+  }
+  const all = Object.entries(plugins)
+  await Promise.all (all .filter(([name]) =>  prio_plugins[name]) .map (loadPlugin))
+  await Promise.all (all .filter(([name]) => !prio_plugins[name]) .map (loadPlugin))
   DEBUG?.timeEnd ('[cds] - loaded plugins in')
   return plugins
 }

package/lib/srv/middlewares/errors.js

@@ -1,5 +1,7 @@
 const production = process.env.NODE_ENV === 'production'
-const cds = require ('../..'), LOG = cds.log('error')
+const cds = require ('../..')
+const LOG = cds.log('error')
+const { inspect } = cds.utils
 
 module.exports = () => {
   return function http_error (error, req, res, _next) { // eslint-disable-line no-unused-vars
@@ -15,9 +17,9 @@ module.exports = () => {
     if (!production && error.stack) error.stack = error.stack.replace(/\n {4}at .*(?:node_modules\/express|node:internal).*/g,'')
 
     if (400 <= status && status < 500) {
-      LOG.warn (status, '>', error)
+      LOG.warn (status, '>', inspect(error))
     } else {
-      LOG.error (status, '>', error)
+      LOG.error (status, '>', inspect(error))
     }
 
     // Expose as little information as possible in production, and as much as possible in development

package/lib/srv/protocols/index.js

@@ -56,7 +56,7 @@ class Protocols {
       // app.disable('x-powered-by')
     }
 
-    for (let { kind, path } of endpoints) {
+    if (endpoints) for (let { kind, path } of endpoints) {
 
       // construct adapter instance from resolved implementation
       let adapter = cached[kind]; if (!adapter) {
@@ -117,11 +117,11 @@ class Protocols {
     // canonicalize to { kind, path } objects
     const endpoints = annos.map (each => {
       let { kind = each['='] || each, path } = each
-      let { path: prefix } = this[kind] || cds.error `Unknown protocol: ${kind}`
+      if (!(kind in this)) return cds.log('adapters').warn ('ignoring unknown protocol:', kind)
       if (typeof path !== 'string') path = o?.at || o?.path || def['@path'] || _slugified(srv.name)
-      if (path[0] !== '/') path = prefix+'/'+path
+      if (path[0] !== '/') path = this[kind].path + '/' + path // prefix with protocol path
       return { kind, path }
-    })
+    }) .filter (e => e) //> skipping unknown protocols
 
     return endpoints.length && endpoints
   }

package/lib/srv/srv-methods.js

@@ -71,6 +71,7 @@ const add_handler_for = (srv, def) => {
 
     // ensure legacy compat, keys in req.data
     if(cds.env.features.keys_in_data_compat && target) {
+      cds.utils.deprecated({ old: 'flag cds.env.features.keys_in_data_compat'})
       // named/positional variant of keys
       const named = req.params.length === 1 && typeof req.params[0] === 'object'
 

package/lib/utils/cds-test.js

@@ -221,7 +221,8 @@ let _expect = undefined
     global.beforeEach = beforeEach
     global.afterEach = afterEach
     global.expect = _expect = require('../test/expect')
-    suite ('<next>', ()=>{}) //> to signal the start of a test file
+    // suite was introduced in Node 22
+    suite?.('<next>', ()=>{}) //> to signal the start of a test file
 
   }
 

package/lib/utils/cds-utils.js

@@ -2,15 +2,27 @@ const cwd = process.env._original_cwd || process.cwd()
 const cds = require('../index')
 
 module.exports = exports = new class {
+  get colors() { return super.colors = require('./colors') }
   get inflect() { return super.inflect = require('./inflect') }
-  get inspect() { return super.inspect = require('util').inspect }
+  get inspect() {
+    const options = { depth: 11, colors: this.colors.enabled }
+    const {inspect} = require('node:util')
+    return super.inspect = v => inspect(v,options)
+  }
+  get format() {
+    const {format} = require('node:util')
+    return super.format = format
+  }
   get uuid() { return super.uuid = require('crypto').randomUUID }
   get yaml() { return super.yaml = require('@sap/cds-foss').yaml }
   get pool() { return super.pool = require('@sap/cds-foss').pool }
   get tar() { return super.tar = require('./tar') }
 }
 
+/** @type {import('node:path')} */
 const path = exports.path = require('path'), { dirname, extname, join, resolve, relative } = path
+
+/** @type {import('node:fs')} */
 const fs = exports.fs = Object.assign (exports,require('fs')) //> for compatibility
 
 
@@ -232,6 +244,7 @@ exports.find = function find (base, patterns='*', filter=()=>true) {
   return files
 }
 
+
 exports.deprecated = (fn, { kind = 'Method', old = fn.name+'()', use } = {}) => {
   const yellow = '\x1b[33m'
   const reset = '\x1b[0m'

package/lib/utils/colors.js

@@ -1,49 +1,50 @@
-const none = process.stdout.isTTY && !process.env.NO_COLOR || process.env.FORCE_COLOR ? null : ''
+const enabled = process.stdout.isTTY && !process.env.NO_COLOR || process.env.FORCE_COLOR
 const colors = {
-  RESET:        none ?? '\x1b[0m',
-  BOLD:         none ?? '\x1b[1m',
-  BRIGHT:       none ?? '\x1b[1m',
-  DIMMED:       none ?? '\x1b[2m',
-  ITALIC:       none ?? '\x1b[3m',
-  UNDER:        none ?? '\x1b[4m',
-  BLINK:        none ?? '\x1b[5m',
-  FLASH:        none ?? '\x1b[6m',
-  INVERT:       none ?? '\x1b[7m',
-  BLACK:        none ?? '\x1b[30m',
-  RED:          none ?? '\x1b[31m',
-  GREEN:        none ?? '\x1b[32m',
-  YELLOW:       none ?? '\x1b[33m',
-  BLUE:         none ?? '\x1b[34m',
-  PINK:         none ?? '\x1b[35m',
-  CYAN:         none ?? '\x1b[36m',
-  LIGHT_GRAY:   none ?? '\x1b[37m',
-  DEFAULT:      none ?? '\x1b[39m',
-  GRAY:         none ?? '\x1b[90m',
-  LIGHT_RED:    none ?? '\x1b[91m',
-  LIGHT_GREEN:  none ?? '\x1b[92m',
-  LIGHT_YELLOW: none ?? '\x1b[93m',
-  LIGHT_BLUE:   none ?? '\x1b[94m',
-  LIGHT_PINK:   none ?? '\x1b[95m',
-  LIGHT_CYAN:   none ?? '\x1b[96m',
-  WHITE:        none ?? '\x1b[97m',
+  enabled,
+  RESET:        enabled ? '\x1b[0m' : '',
+  BOLD:         enabled ? '\x1b[1m' : '',
+  BRIGHT:       enabled ? '\x1b[1m' : '',
+  DIMMED:       enabled ? '\x1b[2m' : '',
+  ITALIC:       enabled ? '\x1b[3m' : '',
+  UNDER:        enabled ? '\x1b[4m' : '',
+  BLINK:        enabled ? '\x1b[5m' : '',
+  FLASH:        enabled ? '\x1b[6m' : '',
+  INVERT:       enabled ? '\x1b[7m' : '',
+  BLACK:        enabled ? '\x1b[30m' : '',
+  RED:          enabled ? '\x1b[31m' : '',
+  GREEN:        enabled ? '\x1b[32m' : '',
+  YELLOW:       enabled ? '\x1b[33m' : '',
+  BLUE:         enabled ? '\x1b[34m' : '',
+  PINK:         enabled ? '\x1b[35m' : '',
+  CYAN:         enabled ? '\x1b[36m' : '',
+  LIGHT_GRAY:   enabled ? '\x1b[37m' : '',
+  DEFAULT:      enabled ? '\x1b[39m' : '',
+  GRAY:         enabled ? '\x1b[90m' : '',
+  LIGHT_RED:    enabled ? '\x1b[91m' : '',
+  LIGHT_GREEN:  enabled ? '\x1b[92m' : '',
+  LIGHT_YELLOW: enabled ? '\x1b[93m' : '',
+  LIGHT_BLUE:   enabled ? '\x1b[94m' : '',
+  LIGHT_PINK:   enabled ? '\x1b[95m' : '',
+  LIGHT_CYAN:   enabled ? '\x1b[96m' : '',
+  WHITE:        enabled ? '\x1b[97m' : '',
   bg: {
-    BLACK: none ?? '\x1b[40m',
-    RED: none ?? '\x1b[41m',
-    GREEN: none ?? '\x1b[42m',
-    YELLOW: none ?? '\x1b[43m',
-    BLUE: none ?? '\x1b[44m',
-    PINK: none ?? '\x1b[45m',
-    CYAN: none ?? '\x1b[46m',
-    WHITE: none ?? '\x1b[47m',
-    DEFAULT: none ?? '\x1b[49m',
-    LIGHT_GRAY: none ?? '\x1b[100m',
-    LIGHT_RED: none ?? '\x1b[101m',
-    LIGHT_GREEN: none ?? '\x1b[102m',
-    LIGHT_YELLOW: none ?? '\x1b[103m',
-    LIGHT_BLUE: none ?? '\x1b[104m',
-    LIGHT_PINK: none ?? '\x1b[105m',
-    LIGHT_CYAN: none ?? '\x1b[106m',
-    LIGHT_WHITE: none ?? '\x1b[107m',
+    BLACK: enabled ? '\x1b[40m' : '',
+    RED: enabled ? '\x1b[41m' : '',
+    GREEN: enabled ? '\x1b[42m' : '',
+    YELLOW: enabled ? '\x1b[43m' : '',
+    BLUE: enabled ? '\x1b[44m' : '',
+    PINK: enabled ? '\x1b[45m' : '',
+    CYAN: enabled ? '\x1b[46m' : '',
+    WHITE: enabled ? '\x1b[47m' : '',
+    DEFAULT: enabled ? '\x1b[49m' : '',
+    LIGHT_GRAY: enabled ? '\x1b[100m' : '',
+    LIGHT_RED: enabled ? '\x1b[101m' : '',
+    LIGHT_GREEN: enabled ? '\x1b[102m' : '',
+    LIGHT_YELLOW: enabled ? '\x1b[103m' : '',
+    LIGHT_BLUE: enabled ? '\x1b[104m' : '',
+    LIGHT_PINK: enabled ? '\x1b[105m' : '',
+    LIGHT_CYAN: enabled ? '\x1b[106m' : '',
+    LIGHT_WHITE: enabled ? '\x1b[107m' : '',
   },
 }
 module.exports = colors

package/libx/_runtime/common/composition/data.js

@@ -326,6 +326,7 @@ const selectDeepUpdateData = (service, model, req, selectAllColumns = false) =>
   const query = req.query
 
   // REVISIT this should be done somewhere before, so it is not done twice for deep updates
+  // REVISIT: this is done (better) in the new db-services
   const sqlQuery = cqn2cqn4sql(query, model)
 
   if (req && _isSameEntity(sqlQuery, req)) {
@@ -334,10 +335,11 @@ const selectDeepUpdateData = (service, model, req, selectAllColumns = false) =>
 
   const from = getEntityNameFromUpdateCQN(sqlQuery)
   const alias = sqlQuery.UPDATE.entity.as
-  const where = sqlQuery.UPDATE.where || []
+  // if parts of (another) query are re-used make sure to get your own copy
+  const where = cds.clone(sqlQuery.UPDATE.where) || []
   const entityName = ensureNoDraftsSuffix(from)
   const draft = entityName !== from
-  const orderBy = req?.target?.query?.SELECT?.orderBy
+  const orderBy = req?.target?.query?.SELECT?.orderBy ? cds.clone(req?.target?.query?.SELECT?.orderBy) : null
   _resolveOrderBy(orderBy, sqlQuery.UPDATE._transitions)
   const data = Object.assign({}, sqlQuery.UPDATE.data || {}, query.UPDATE.with || {})
   const compositionTree = getCompositionTree({

package/libx/_runtime/common/composition/index.js

@@ -1,4 +1,4 @@
-const { getCompositionTree, getCompositionRoot } = require('./tree')
+const { getCompositionTree } = require('./tree')
 const { hasDeepInsert, getDeepInsertCQNs } = require('./insert')
 const { hasDeepUpdate, getDeepUpdateCQNs } = require('./update')
 const { hasDeepDelete, getDeepDeleteCQNs, getSetNullParentForeignKeyCQNs } = require('./delete')
@@ -7,7 +7,6 @@ const { selectDeepUpdateData } = require('./data')
 module.exports = {
   // tree
   getCompositionTree,
-  getCompositionRoot,
   // insert
   hasDeepInsert,
   getDeepInsertCQNs,

package/libx/_runtime/common/composition/tree.js

@@ -1,6 +1,5 @@
 const cds = require('../../cds')
 
-const { ensureNoDraftsSuffix } = require('../utils/draft')
 const { getTransition, getDBTable } = require('../utils/resolveView')
 
 const { prefixForStruct } = require('../../common/utils/csn')
@@ -259,27 +258,6 @@ const _memoizeGetCompositionTree = fn => {
  * exports
  */
 
-const getCompositionRoot = (definitions, entity) => {
-  const associationElements = Object.keys(entity.elements)
-    .map(key => entity.elements[key])
-    .filter(element => element._isAssociationStrict)
-
-  for (const { target } of associationElements) {
-    const parentEntity = definitions[target]
-    for (const parentElementName in parentEntity.elements) {
-      const parentElement = parentEntity.elements[parentElementName]
-      if (
-        parentElement.isComposition &&
-        parentElement.target === entity.name &&
-        parentElement.target !== ensureNoDraftsSuffix(parentElement.parent.name)
-      ) {
-        return getCompositionRoot(definitions, parentEntity)
-      }
-    }
-  }
-  return entity
-}
-
 /**
  * Provides tree of all compositions. (Cached)
  *
@@ -291,6 +269,5 @@ const getCompositionRoot = (definitions, entity) => {
 const getCompositionTree = _memoizeGetCompositionTree(_getCompositionTree)
 
 module.exports = {
-  getCompositionTree,
-  getCompositionRoot
+  getCompositionTree
 }

package/libx/_runtime/common/generic/auth/restrict.js

@@ -1,4 +1,5 @@
-const cds = require('../../../cds')
+const cds = require('../../../cds'),
+  LOG = cds.log('auth')
 
 const { reject, getRejectReason, resolveUserAttrs, getAuthRelevantEntity } = require('./utils')
 const { DRAFT_EVENTS, MOD_EVENTS } = require('./constants')
@@ -245,11 +246,12 @@ async function check_roles(req) {
     return
   }
 
+  //Instance based authorization for bound actions /functions
+  await restrictBoundActionFunctions(req, resolvedApplicables, definition, this)
+
   // no modification -> nothing more to do
   if (!MOD_EVENTS[req.event]) return
 
-  // REVISIT: selected data could be used for etag check, diff, etc.
-
   /*
    * Here we check if UPDATE/DELETE requests add additional restrictions
    * Note: Needs to happen sequentially because of side effects
@@ -258,13 +260,36 @@ async function check_roles(req) {
   const unrestrictedCount = await _getUnrestrictedCount(req)
   if (unrestrictedCount === 0) req.reject(404)
 
-  const restrictedCount = await _getRestrictedCount(req, this.model, resolvedApplicables)
+  // REVISIT: selected data could be used for etag check, diff, etc.
 
+  const restrictedCount = await _getRestrictedCount(req, this.model, resolvedApplicables)
   if (restrictedCount < unrestrictedCount) {
     reject(req, getRejectReason(req, '@restrict', definition, restrictedCount, unrestrictedCount))
   }
 }
 
+const isBoundToCollection = action =>
+  action['@cds.odata.bindingparameter.collection'] ||
+  (action.params && Object.values(action.params).some(param => param?.items?.type === '$self'))
+
+const restrictBoundActionFunctions = async (req, resolvedApplicables, definition, srv) => {
+  if (req.target?.actions?.[req.event] && !isBoundToCollection(req.target.actions[req.event])) {
+    //Clone to avoid target modification, which would cause a different query
+    const query = cds.ql.clone(req.query) ?? SELECT.from(req.subject)
+    _addRestrictionsToRead({ query: query, target: req.target }, cds.model, resolvedApplicables)
+    const result = await srv.run(query)
+    if (!result || result.length === 0) {
+      // If we got a result, we don't need to check for the existence, hence only in this special case we must determine if `404` or `403`.
+      const unrestrictedCount = await _getUnrestrictedCount(req)
+      if (unrestrictedCount === 0) req.reject(404)
+
+      if (LOG._debug) LOG.debug(`Restricted access on action ${req.event}`)
+      reject(req, getRejectReason(req, '@restrict', definition))
+    }
+    req._auth_query_result = result
+  }
+}
+
 check_roles._initial = true
 
 module.exports = check_roles