@sap/cds 8.2.3 → 8.3.1

package/libx/_runtime/common/generic/auth/restrict.js

@@ -1,4 +1,5 @@
-const cds = require('../../../cds')
+const cds = require('../../../cds'),
+  LOG = cds.log('auth')
 
 const { reject, getRejectReason, resolveUserAttrs, getAuthRelevantEntity } = require('./utils')
 const { DRAFT_EVENTS, MOD_EVENTS } = require('./constants')
@@ -245,11 +246,12 @@ async function check_roles(req) {
     return
   }
 
+  //Instance based authorization for bound actions /functions
+  await restrictBoundActionFunctions(req, resolvedApplicables, definition, this)
+
   // no modification -> nothing more to do
   if (!MOD_EVENTS[req.event]) return
 
-  // REVISIT: selected data could be used for etag check, diff, etc.
-
   /*
    * Here we check if UPDATE/DELETE requests add additional restrictions
    * Note: Needs to happen sequentially because of side effects
@@ -258,13 +260,36 @@ async function check_roles(req) {
   const unrestrictedCount = await _getUnrestrictedCount(req)
   if (unrestrictedCount === 0) req.reject(404)
 
-  const restrictedCount = await _getRestrictedCount(req, this.model, resolvedApplicables)
+  // REVISIT: selected data could be used for etag check, diff, etc.
 
+  const restrictedCount = await _getRestrictedCount(req, this.model, resolvedApplicables)
   if (restrictedCount < unrestrictedCount) {
     reject(req, getRejectReason(req, '@restrict', definition, restrictedCount, unrestrictedCount))
   }
 }
 
+const isBoundToCollection = action =>
+  action['@cds.odata.bindingparameter.collection'] ||
+  (action.params && Object.values(action.params).some(param => param?.items?.type === '$self'))
+
+const restrictBoundActionFunctions = async (req, resolvedApplicables, definition, srv) => {
+  if (req.target?.actions?.[req.event] && !isBoundToCollection(req.target.actions[req.event])) {
+    //Clone to avoid target modification, which would cause a different query
+    const query = cds.ql.clone(req.query) ?? SELECT.from(req.subject)
+    _addRestrictionsToRead({ query: query, target: req.target }, cds.model, resolvedApplicables)
+    const result = await srv.run(query)
+    if (!result || result.length === 0) {
+      // If we got a result, we don't need to check for the existence, hence only in this special case we must determine if `404` or `403`.
+      const unrestrictedCount = await _getUnrestrictedCount(req)
+      if (unrestrictedCount === 0) req.reject(404)
+
+      if (LOG._debug) LOG.debug(`Restricted access on action ${req.event}`)
+      reject(req, getRejectReason(req, '@restrict', definition))
+    }
+    req._auth_query_result = result
+  }
+}
+
 check_roles._initial = true
 
 module.exports = check_roles

package/libx/_runtime/common/generic/auth/restrictions.js

@@ -1,6 +1,8 @@
+const cds = require('../../../cds')
+
 const WRITE_EVENTS = { CREATE: 1, NEW: 1, UPDATE: 1, PATCH: 1, DELETE: 1, CANCEL: 1, EDIT: 1 }
 const CRUD = Object.assign({ READ: 1 }, WRITE_EVENTS)
-
+const ACTION_TYPES = { action: 1, function: 1 }
 /**
  * Returns the applicable restrictions for the current request as follows:
  * - null: unrestricted access
@@ -15,24 +17,12 @@ const CRUD = Object.assign({ READ: 1 }, WRITE_EVENTS)
  * @returns {Promise | Array | null}
  */
 function getRestrictions(definition, event, user) {
-  const { model } = this
-  let restrictions = getNormalizedRestrictions(definition, model.definitions, event)
-  if (!restrictions && (event in CRUD || !definition.parent)) {
-    // > unrestricted entity or unbound
-    return null
-  }
+  let restrictions = getNormalizedRestrictions(definition)
+  if (!restrictions) return null
   if (event in CRUD && restrictions.length && restrictions.every(r => r.grant !== '*' && !(r.grant in CRUD))) {
     // > only bounds are restricted
     return null
   }
-  if (!(event in CRUD) && !restrictions && definition.parent) {
-    // > bound without own restrictions -> get from parent
-    restrictions = getNormalizedRestrictions(definition.parent, model.definitions, event)
-    if (!restrictions) {
-      // > unrestricted bound
-      return null
-    }
-  }
   // return the applicable restrictions (grant and to fit to request and user)
   return getApplicableRestrictions(restrictions, event, user)
 }
@@ -41,6 +31,13 @@ const _getLocalName = definition => {
   return definition._service ? definition.name.replace(`${definition._service.name}.`, '') : definition.name
 }
 
+const _isStaticWhere = where => {
+  if (typeof where === 'string') where = cds.parse.expr(where)
+  return (
+    where?.xpr?.length === 3 && where.xpr.every(ele => typeof ele !== 'object' || ele.val || ele.ref?.[0] === '$user')
+  )
+}
+
 const _getRestrictWithEventRewrite = (grant, to, where, target) => {
   // REVISIT: req.event should be 'SAVE' and 'PREPARE'
   if (grant === 'SAVE') grant = 'draftActivate'
@@ -72,35 +69,31 @@ const _addNormalizedRestrict = (restrict, restricts, definition) => {
   restrict.grant.forEach(grant => _addNormalizedRestrictPerGrant(grant, where, restrict, restricts, definition))
 }
 
-const getNormalizedRestrictions = (definition, definitions) => {
+const getNormalizedRestrictions = definition => {
   const restricts = []
   let isRestricted = false
 
   // own
   if (definition['@restrict']) {
     isRestricted = true
-    definition['@restrict'].forEach(restrict => _addNormalizedRestrict(restrict, restricts, definition))
-  }
-
-  // bounds
-  const actions = definition.actions
-
-  if (actions && Object.keys(actions).some(k => actions[k]['@restrict'])) {
-    for (const k in actions) {
-      const action = actions[k]
-
-      if (action['@restrict']) {
-        const restrictions = getNormalizedRestrictions(action, definitions)
-        if (restrictions) {
-          isRestricted = true
-          restricts.push(...restrictions)
+    definition['@restrict'].forEach(restrict => {
+      if (definition.kind in ACTION_TYPES) {
+        const to = restrict.to ? (Array.isArray(restrict.to) ? restrict.to : [restrict.to]) : ['any']
+        if (definition.parent?.kind === 'entity') {
+          restrict = { grant: definition.name, to }
+        } else {
+          const where = _isStaticWhere(restrict.where) && restrict.where
+          restrict = { grant: _getLocalName(definition), to, where }
         }
-      } else if (!definition['@restrict']) {
-        // > no entity-level restrictions => unrestricted action
-        isRestricted = true
-        restricts.push({ grant: action.name, to: ['any'], target: action.parent })
       }
-    }
+      _addNormalizedRestrict(restrict, restricts, definition)
+    })
+  }
+
+  // parent - in case of bound actions/functions
+  if (definition.kind in ACTION_TYPES && definition.parent && definition.parent['@restrict']) {
+    isRestricted = true
+    definition.parent['@restrict'].forEach(restrict => _addNormalizedRestrict(restrict, restricts, definition.parent))
   }
 
   return isRestricted ? restricts : null

package/libx/_runtime/common/i18n/messages.properties

@@ -91,7 +91,7 @@ BATCH_TOO_MANY_REQ=Batch request contains too many requests
 DRAFT_ALREADY_EXISTS=A draft for this entity already exists
 DRAFT_NOT_EXISTING=No draft for this entity exists
 DRAFT_LOCKED_BY_ANOTHER_USER=The entity is locked by user "{0}"
-DRAFT_MODIFICATION_ONLY_VIA_ROOT=A draft can only be modified via its root entity
+DRAFT_MODIFICATION_ONLY_VIA_ROOT=A draft-enabled entity can only be modified via its root entity
 ACTIVE_MODIFICATION_VIA_DRAFT=Active entities cannot be modified via draft request
 DRAFT_ACTIVE_DELETE_FORBIDDEN_DRAFT_EXISTS=Entity cannot be deleted because a draft exists
 

package/libx/_runtime/common/utils/cqn.js

@@ -81,31 +81,6 @@ function targetFromPath(from, model) {
   return { last, path, target, isTargetComposition: isContained }
 }
 
-function isPathToDraft(path, model) {
-  const { definitions } = model
-  let draft = false
-  let current
-  for (const r of path) {
-    if (r.id) {
-      const isaIndex = r.where.findIndex(ele => ele.ref && ele.ref[0] === 'IsActiveEntity')
-      if (isaIndex !== -1) draft = !r.where[isaIndex + 2].val
-      current = current ? definitions[current.elements[r.id].target] : definitions[r.id]
-    } else {
-      if (r === 'SiblingEntity') draft = !!draft
-      else {
-        const next = current.elements[r]
-        if (next.isAssociation) {
-          if (next._isAssociationStrict) draft = false
-          current = definitions[next.target]
-        } else {
-          current = next
-        }
-      }
-    }
-  }
-  return draft
-}
-
 const resolveFromSelect = query => {
   const __protoSelect = Object.getPrototypeOf(SELECT())
   if (!(query instanceof __protoSelect.constructor)) Object.setPrototypeOf(query, __protoSelect)
@@ -118,6 +93,5 @@ module.exports = {
   getEntityNameFromUpdateCQN,
   where2obj,
   targetFromPath,
-  isPathToDraft,
   resolveFromSelect
 }

package/libx/_runtime/common/utils/csn.js

@@ -1,9 +1,5 @@
 const cds = require('../../cds')
 
-const getEtagElement = entity => {
-  return Object.values(entity.elements).find(element => element['@odata.etag'])
-}
-
 const getComp2oneParents = (entity, model) => {
   if (!entity) return []
   return _getUps(entity, model).filter(element => element.is2one && element.isComposition)
@@ -106,14 +102,6 @@ const findCsnTargetFor = (edmName, model, namespace) => {
   return edm2csnMap[edmName]
 }
 
-const getElementDeep = (entity, ref) => {
-  let current = entity
-  for (const r of ref) {
-    current = current && current.elements && current.elements[r]
-  }
-  return current
-}
-
 const prefixForStruct = element => {
   const prefixes = []
   let parent = element.parent
@@ -153,9 +141,7 @@ function getDraftTreeRoot(entity, model) {
 }
 
 module.exports = {
-  getEtagElement,
   findCsnTargetFor,
-  getElementDeep,
   getComp2oneParents,
   prefixForStruct,
   getDraftTreeRoot,

package/libx/_runtime/common/utils/differ.js

@@ -54,6 +54,7 @@ module.exports = class Differ {
 
   async _diffUpdate(req, providedData) {
     if (cds.db) await this._addPartialPersistentState(req)
+    // REVISIT: this is done (better) in the new db services
     const newQuery = cqn2cqn4sql(req.query, this._srv.model)
     const combinedData = providedData || Object.assign({}, req.query.UPDATE.data || {}, req.query.UPDATE.with || {})
     enrichDataWithKeysFromWhere(combinedData, req, this._srv)

package/libx/_runtime/common/utils/resolveView.js

@@ -184,6 +184,8 @@ const _newColumns = (columns = [], transition, service, withAlias = false) => {
       newColumn = {}
       newColumn.as = column.ref[0]
       newColumn.val = mapped.val
+    } else if (column.ref && !transition.target.elements[column.ref[0]]) {
+      return // ignore columns which are not part of the entity
     } else {
       newColumn = column
     }
@@ -239,16 +241,33 @@ const _newInsertColumns = (columns = [], transition) => {
 const _newWhereRef = (newWhereElement, transition, alias, tableName) => {
   const newRef = Array.isArray(newWhereElement.ref) ? [...newWhereElement.ref] : [newWhereElement.ref]
 
-  if (newRef.length > 1 && newRef[0] === alias) {
-    const mapped = transition.mapping.get(newRef[1])
-    if (mapped) newRef[1] = mapped.ref.join('_')
-  } else if (newRef.length > 1 && newRef[0] === tableName) {
-    newRef[0] = transition.target.name
-    const mapped = transition.mapping.get(newRef[1])
-    if (mapped) newRef[1] = mapped.ref.join('_')
+  const [firstRef, secondRef] = [newRef[0].id || newRef[0], newRef[1]?.id || newRef[1]]
+
+  const updateRef = (index, value) => {
+    // REVISIT: this should be done instead of ignoring where for a ref step
+    //          --> there are no transitions calculated for infix filters though
+    // if (newRef[index].id) {
+    //   newRef[index].id = value;
+    // } else {
+    //   newRef[index] = value;
+    // }
+
+    newRef[index] = value
+  }
+
+  if (secondRef) {
+    if (firstRef === alias) {
+      const mapped = transition.mapping.get(secondRef)
+      if (mapped) updateRef(1, mapped.ref.join('_'))
+    } else if (firstRef === tableName) {
+      updateRef(0, transition.target.name)
+
+      const mapped = transition.mapping.get(secondRef)
+      if (mapped) updateRef(1, mapped.ref.join('_'))
+    }
   } else if (newRef.length === 1) {
-    const mapped = transition.mapping.get(newRef[0])
-    if (mapped) newRef[0] = mapped.ref.join('_')
+    const mapped = transition.mapping.get(firstRef)
+    if (mapped) updateRef(0, mapped.ref.join('_'))
   }
 
   newWhereElement.ref = newRef

package/libx/_runtime/common/utils/templateProcessor.js

@@ -63,6 +63,9 @@ const _processComplex = (processFn, row, template, key, pathOptions) => {
   }
 }
 
+/**
+ * @param {import("../../types/api").TemplateProcessor} args
+ */
 const templateProcessor = ({ processFn, data, template, isRoot = true, pathOptions = {} }) => {
   if (!template || !template.elements.size || !data || typeof data !== 'object') return
   const dataArr = Array.isArray(data) ? data : [data]

package/libx/_runtime/fiori/lean-draft.js

@@ -226,17 +226,34 @@ const _cleanUpOldDrafts = (service, tenant) => {
     if (!expiredDrafts.length) return
 
     const expiredDraftsIds = expiredDrafts.map(el => el.DraftUUID)
-    const cqns = []
+    const promises = []
 
-    for (let name in service.model.definitions) {
+    const draftRoots = []
+
+    for (const name in service.model.definitions) {
       const target = service.model.definitions[name]
       if (target.drafts && target['@Common.DraftRoot.ActivationAction']) {
-        cqns.push(DELETE.from(target.drafts).where(`DraftAdministrativeData_DraftUUID IN`, expiredDraftsIds))
+        draftRoots.push(target.drafts)
+      }
+    }
+
+    const draftRootIds = await Promise.all(
+      draftRoots.map(draftRoot =>
+        SELECT.from(draftRoot, entity_keys(draftRoot)).where(`DraftAdministrativeData_DraftUUID IN`, expiredDraftsIds)
+      )
+    )
+
+    for (let i = 0; i < draftRoots.length; i++) {
+      const ids = draftRootIds[i]
+      if (!ids.length) continue
+      const srv = await cds.connect.to(draftRoots[i]._service.name).catch(() => {})
+      if (!srv) continue // srv might not be loaded
+      for (const idObj of ids) {
+        promises.push(srv.send({ event: 'CANCEL', query: DELETE.from(draftRoots[i], idObj), data: idObj }))
       }
     }
 
-    cqns.push(DELETE.from('DRAFT.DraftAdministrativeData').where(`DraftUUID IN`, expiredDraftsIds))
-    return await _promiseAll(cqns)
+    await Promise.allSettled(promises)
   })
 
   lastCheckMap.set(tenant, Date.now())
@@ -523,7 +540,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
     // Deletion of active instance inside draft tree, need to check that no draft exists
     const draft = await draftQuery
     const inProcessByUser = draft?.DraftAdministrativeData?.InProcessByUser
-    if (inProcessByUser && inProcessByUser !== cds.context.user.id)
+    if (!cds.context.user._is_privileged && inProcessByUser && inProcessByUser !== cds.context.user.id)
       req.reject({ code: 403, statusCode: 403, message: 'DRAFT_LOCKED_BY_ANOTHER_USER', args: [inProcessByUser] })
     if (draft) req.reject({ code: 403, statusCode: 403, message: 'DRAFT_ACTIVE_DELETE_FORBIDDEN_DRAFT_EXISTS' })
     await run(query)
@@ -565,7 +582,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
     const res = await run(draftQuery)
     if (!res)
       req.reject(_etagValidationType ? { code: 412, statusCode: 412 } : { code: 'DRAFT_NOT_EXISTING', statusCode: 404 })
-    if (res.DraftAdministrativeData?.InProcessByUser !== cds.context.user.id) {
+    if (!cds.context.user._is_privileged && res.DraftAdministrativeData?.InProcessByUser !== cds.context.user.id) {
       req.reject({
         code: 403,
         statusCode: 403,
@@ -650,7 +667,7 @@ cds.ApplicationService.prototype.handle = async function (req) {
         expand: [{ ref: ['InProcessByUser'] }]
       })
       if (!res) req.reject({ code: 404, statusCode: 404 })
-      if (res.DraftAdministrativeData?.InProcessByUser !== cds.context.user.id) {
+      if (!cds.context.user._is_privileged && res.DraftAdministrativeData?.InProcessByUser !== cds.context.user.id) {
         req.reject({
           code: 403,
           statusCode: 403,
@@ -1486,7 +1503,7 @@ async function onNew(req) {
       ])
       .where(req.query.INSERT.into.ref[0].where)
     if (!rootData) req.reject({ code: 404, statusCode: 404 })
-    if (rootData.DraftAdministrativeData?.InProcessByUser !== req.user.id)
+    if (!cds.context.user._is_privileged && rootData.DraftAdministrativeData?.InProcessByUser !== req.user.id)
       req.reject({
         code: 403,
         statusCode: 403,
@@ -1756,7 +1773,7 @@ async function onCancel(req) {
   if (draftParams.IsActiveEntity === false && !draft) req.reject(req._etagValidationType ? 412 : 404)
   if (draft) {
     const processByUser = draft.DraftAdministrativeData?.InProcessByUser
-    if (processByUser && processByUser !== cds.context.user.id)
+    if (!cds.context.user._is_privileged && processByUser && processByUser !== cds.context.user.id)
       req.reject({ code: 403, statusCode: 403, message: 'DRAFT_LOCKED_BY_ANOTHER_USER', args: [processByUser] })
   }
   const draftDeleteQuery = DELETE.from({ ref: req.query.DELETE.from.ref })
@@ -1778,7 +1795,8 @@ async function onCancel(req) {
         })
         .where({ DraftUUID: draft.DraftAdministrativeData_DraftUUID })
     )
-  if (draftParams.IsActiveEntity !== false) queries.push(this.run(DELETE.from({ ref: activeRef })))
+  if (draftParams.IsActiveEntity !== false && !req.target.isDraft)
+    queries.push(this.run(DELETE.from({ ref: activeRef })))
   await _promiseAll(queries)
   return req.data
 }
@@ -1804,7 +1822,7 @@ async function onPrepare(req) {
   draftQuery[DRAFT_PARAMS] = draftParams
   const data = await draftQuery
   if (!data) req.reject({ code: 404, statusCode: 404 })
-  if (data.DraftAdministrativeData?.InProcessByUser !== req.user.id)
+  if (!cds.context.user._is_privileged && data.DraftAdministrativeData?.InProcessByUser !== req.user.id)
     req.reject({
       code: 403,
       statusCode: 403,

package/libx/_runtime/types/api.js

@@ -58,7 +58,7 @@
 /**
  * @typedef {object} TemplateProcessor
  * @property {Function} processFn
- * @property {object} row
+ * @property {object} data
  * @property {TemplateProcessorInfo} template
  * @property {boolean} [isRoot=true]
  * @property {TemplateProcessorPathOptions} [pathOptions=null]

package/libx/_runtime/ucl/Service.js

@@ -95,7 +95,7 @@ class UCLService extends cds.Service {
               }
               placeholders: [
                   { name: "subdomain", description: "The subdomain of the consumer tenant" }
-                  { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedSubaccountId" }
+                  { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedTenantId" }
               ]
               labels: {
                   managed_app_provisioning: true
@@ -203,7 +203,7 @@ class UCLService extends cds.Service {
         applicationNamespace: "${this.options.namespace}"
         placeholders: [
             { name: "subdomain", description: "The subdomain of the consumer tenant" }
-            { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedSubaccountId" }
+            { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedTenantId" }
         ]
         accessLevel: GLOBAL
       }

package/libx/common/utils/path.js

@@ -1,17 +1,14 @@
-const cds = require('../../_runtime/cds')
 const { where2obj } = require('../../_runtime/common/utils/cqn')
 const { getKeysForNavigationFromRefPath } = require('../../_runtime/common/utils/keys')
 
 // REVISIT: do we already have something like this _without using okra api_?
 // REVISIT: should we still support process.env.CDS_FEATURES_PARAMS? probably nobody uses it...
-const getKeysAndParamsFromPath = (from, srv) => {
+const getKeysAndParamsFromPath = (from, { model }) => {
   if (!from.ref || !from.ref.length) return {}
 
   const keys = {}
   const params = []
 
-  const model = cds.context.model ?? srv.model
-
   let cur = model.definitions
   let lastElement
 

package/libx/odata/ODataAdapter.js

@@ -112,6 +112,12 @@ class ODataAdapter extends HttpAdapter {
 
 // REVISIT: ugly hack -> eliminate
 class NoaRequest extends cds.Request {
+  constructor(args) {
+    super(args)
+    this.req = args.req
+    this.res = args.res
+  }
+
   // REVISIT: all usages of .protocol are very bad style, violating modularization
   get protocol() {
     return 'odata'

package/libx/odata/middleware/batch.js

@@ -9,6 +9,8 @@ const { URL } = require('url')
 const multipartToJson = require('../parse/multipartToJson')
 const { getBoundary } = require('../utils')
 
+const { normalizeError } = require('../../_runtime/common/error/frontend')
+
 const HTTP_METHODS = { GET: 1, POST: 1, PUT: 1, PATCH: 1, DELETE: 1 }
 const CT = { JSON: 'application/json', MULTIPART: 'multipart/mixed' }
 const CRLF = '\r\n'
@@ -263,12 +265,8 @@ const _tx_done = async (tx, responses, isJson) => {
   } catch (e) {
     // here, the commit was rejected even though all requests were successful (e.g., by custom handler or db consistency check)
     rejected = 'rejected'
-    // construct commit error
-    let statusCode = e.statusCode || e.status || (e.code && Number(e.code))
-    if (isNaN(statusCode)) statusCode = 500
-    const code = String(e.code || statusCode)
-    const message = e.message || 'Internal Server Error'
-    const error = { error: { ...e, code, message } }
+    // construct commit error (without modifying original error)
+    const { error, statusCode } = normalizeError(Object.create(e), { locale: cds.context.locale })
     // replace all responses with commit error
     for (const res of responses) {
       res.status = 'fail'
@@ -278,15 +276,15 @@ const _tx_done = async (tx, responses, isJson) => {
         for (let i = 0; i < res.txt.length; i++) txt += Buffer.isBuffer(res.txt[i]) ? res.txt[i].toString() : res.txt[i]
         txt = JSON.parse(txt)
         txt.status = statusCode
-        txt.body = error
+        txt.body = { error }
         // REVISIT: content-length needed? not there in multipart case...
         delete txt.headers['content-length']
         res.txt = [JSON.stringify(txt)]
       } else {
         let txt = res.txt[0]
-        txt = txt.replace(/HTTP\/1\.1 \d\d\d \w+/, `HTTP/1.1 ${statusCode} ${message}`)
+        txt = txt.replace(/HTTP\/1\.1 \d\d\d \w+/, `HTTP/1.1 ${statusCode} ${STATUS_CODES[statusCode]}`)
         txt = txt.split(/\r\n/)
-        txt.splice(-1, 1, JSON.stringify(error))
+        txt.splice(-1, 1, JSON.stringify({ error }))
         txt = txt.join('\r\n')
         res.txt = [txt]
       }

package/libx/odata/middleware/create.js

@@ -28,9 +28,11 @@ module.exports = (adapter, isUpsert) => {
       throw Object.assign(new Error(msg), { statusCode: 405 })
     }
 
+    const model = cds.context.model ?? service.model
+
     // payload & params
     const data = req.body
-    const { keys, params } = getKeysAndParamsFromPath(from, service)
+    const { keys, params } = getKeysAndParamsFromPath(from, { model })
     // add keys from url into payload (overwriting if already present)
     Object.assign(data, keys)
 
@@ -74,7 +76,7 @@ module.exports = (adapter, isUpsert) => {
         }
 
         const isMinimal = getPreferReturnHeader(req) === 'minimal'
-        postProcess(cdsReq.target, service, result, isMinimal)
+        postProcess(cdsReq.target, model, result, isMinimal)
         if (result?.$etag) res.set('ETag', result.$etag) //> must be done after post processing
         if (isMinimal) return res.sendStatus(204)
 

package/libx/odata/middleware/delete.js

@@ -25,8 +25,10 @@ module.exports = adapter => {
       throw Object.assign(new Error('Method DELETE is not allowed for entity collections'), { statusCode: 405 })
     }
 
+    const model = cds.context.model ?? service.model
+
     // payload & params
-    const { keys, params } = getKeysAndParamsFromPath(from, service)
+    const { keys, params } = getKeysAndParamsFromPath(from, { model })
     const data = keys //> for read and delete, we provide keys in req.data
     if (_propertyAccess) data[_propertyAccess] = null //> delete of property -> set to null
 

package/libx/odata/middleware/operation.js

@@ -51,20 +51,22 @@ module.exports = adapter => {
     let { operation, args } = req._query.SELECT?.from.ref?.slice(-1)[0] || {}
     if (!operation) return next() //> create or read
 
+    const model = cds.context.model ?? service.model
+
     // unbound vs. bound
     let entity, params
-    if (service.model.definitions[operation]) {
-      operation = service.model.definitions[operation]
+    if (model.definitions[operation]) {
+      operation = model.definitions[operation]
     } else {
       req._query.SELECT.from.ref.pop()
-      let cur = { elements: service.model.definitions }
+      let cur = { elements: model.definitions }
       for (const each of req._query.SELECT.from.ref) {
         cur = cur.elements[each.id || each]
         if (cur._target) cur = cur._target
       }
       operation = cur.actions[operation]
       entity = cur
-      const keysAndParams = getKeysAndParamsFromPath(req._query.SELECT.from, service)
+      const keysAndParams = getKeysAndParamsFromPath(req._query.SELECT.from, { model })
       params = keysAndParams.params
     }
 
@@ -109,7 +111,7 @@ module.exports = adapter => {
         }
 
         if (operation.returns) {
-          postProcess(operation.returns, service, result)
+          postProcess(operation.returns, model, result)
           if (result?.$etag) res.set('ETag', result.$etag) //> must be done after post processing
         }