@sap/cds 8.8.2 → 8.9.0

package/libx/_runtime/remote/utils/client.js

@@ -73,6 +73,7 @@ const _executeHttpRequest = async ({ requestConfig, destination, destinationOpti
 
   // set `fetchCsrfToken` to `false` because we mount a custom CSRF middleware
   const requestOptions = { fetchCsrfToken: false }
+
   return executeHttpRequestWithOrigin(destination, requestConfig, requestOptions)
 }
 

package/libx/_runtime/ucl/Service.js

@@ -1,18 +1,18 @@
 const cds = require('../cds')
 const LOG = cds.log('ucl')
-const fs = require('fs').promises
 
+const fs = require('fs').promises
 const https = require('https')
 
 class UCLService extends cds.Service {
   async init() {
     await super.init()
 
-    for (const _required of ['namespace', 'systemType', 'systemDescription']) {
-      if (!this.options[_required])
-        throw new Error(
-          `The UCL service requires mandatory parameter \`${_required}\`, please provide it as described in the documentation.`
-        )
+    this._applicationTemplate = _getApplicationTemplate(this.options)
+    if (!this._applicationTemplate.applicationNamespace) {
+      throw new Error(
+        'The UCL service requires a valid `applicationTemplate`, please provide it as described in the documentation.'
+      )
     }
 
     if (!cds.requires.multitenancy && cds.env.profile !== 'mtx-sidecar')
@@ -50,99 +50,6 @@ class UCLService extends cds.Service {
     })
   }
 
-  async readTemplate() {
-    const xsappname = this.options.credentials.xsappname
-    const query = `
-      query ($key: String!, $value: String!) {
-        applicationTemplates(filter: { key: $key, query: $value }) {
-          data {
-            id
-            name
-            description
-            placeholders {
-              name
-              description
-            }
-            applicationInput
-            labels
-            webhooks {
-              type
-            }
-          }
-        }
-      }
-    `
-    const variables = { key: 'xsappname', value: `"${xsappname}"` }
-    const res = await this._request(query, variables)
-    if (res) return res.applicationTemplates.data[0]
-  }
-
-  async createTemplate() {
-    const xsappname = this.options.credentials.xsappname
-    const query = `mutation {
-          result: createApplicationTemplate (
-              in: {
-              name: "${this.options.systemType}"
-              description: "${this.options.systemDescription}"
-              applicationInput: {
-                  name: "${this.options.systemType}" 
-                  description: "${this.options.systemDescription}"
-                  providerName: "${this.options.provider}" 
-                  localTenantID: "{{tenant-id}}"
-                  labels: {
-                  displayName: "{{subdomain}}"
-                  }
-              }
-              placeholders: [
-                  { name: "subdomain", description: "The subdomain of the consumer tenant" }
-                  { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedTenantId" }
-              ]
-              labels: {
-                  managed_app_provisioning: true
-                  xsappname: "${xsappname}"
-              }
-              applicationNamespace: "${this.options.namespace}"
-              accessLevel: GLOBAL
-              }
-          ) {
-              id
-              name
-              labels
-              applicationInput 
-              applicationNamespace
-          }
-      }`
-    try {
-      return this._handleResponse(await this._request(query))
-    } catch (e) {
-      this._handleResponse(e)
-    }
-  }
-
-  _handleResponse(result) {
-    if (result.response && result.response.errors) {
-      let errorMessage = result.response.errors[0].message
-      throw new Error(errorMessage)
-    } else {
-      return result.result
-    }
-  }
-
-  async deleteTemplate() {
-    const template = await this.readTemplate()
-    if (!template) return
-    const query = `mutation {
-            result: deleteApplicationTemplate(
-              id: "${template.id}"
-            ){
-                id
-                name
-                description
-            }
-        }`
-    return this._handleResponse(await this._request(query))
-  }
-
   // Replace with fetch
   async _request(query, variables) {
     const opts = {
@@ -150,9 +57,7 @@ class UCLService extends cds.Service {
       path: this.options.path,
       agent: this.agent,
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json'
-      }
+      headers: { 'Content-Type': 'application/json' }
     }
     return new Promise((resolve, reject) => {
       const req = https.request(opts, res => {
@@ -186,27 +91,87 @@ class UCLService extends cds.Service {
     })
   }
 
+  _handleResponse(result) {
+    if (result.response && result.response.errors) {
+      let errorMessage = result.response.errors[0].message
+      throw new Error(errorMessage)
+    } else {
+      return result.result
+    }
+  }
+
+  async readTemplate() {
+    const xsappname = this.options.credentials.xsappname
+    const variables = { key: 'xsappname', value: `"${xsappname}"` }
+    const res = await this._request(READ_QUERY, variables)
+    if (res) return res.applicationTemplates.data[0]
+  }
+
+  async createTemplate() {
+    try {
+      return this._handleResponse(await this._request(CREATE_MUTATION, { input: this._applicationTemplate }))
+    } catch (e) {
+      this._handleResponse(e)
+    }
+  }
+
   async updateTemplate(template) {
-    const query = `mutation {
-    result: updateApplicationTemplate(
-      id: "${template.id}"
-      in: {
-        name: "${this.options.systemType}"
-        description: "${this.options.systemDescription}"
-        applicationInput: {
-          name: "${this.options.systemType}"
-          description: "${this.options.systemDescription}"
-          providerName: "${this.options.provider}" 
-          localTenantID: "{{tenant-id}}"
-          labels: { displayName: "{{subdomain}}" }
+    try {
+      const input = { ...this._applicationTemplate }
+      delete input.labels
+      const response = this._handleResponse(await this._request(UPDATE_MUTATION, { id: template.id, input }))
+      LOG.info('Application template updated successfully.')
+      return response
+    } catch (e) {
+      this._handleResponse(e)
+    }
+  }
+
+  async deleteTemplate() {
+    const template = await this.readTemplate()
+    if (!template) return
+    return this._handleResponse(await this._request(DELETE_MUTATION, { id: template.id }))
+  }
+}
+
+const READ_QUERY = `
+  query ($key: String!, $value: String!) {
+    applicationTemplates(filter: { key: $key, query: $value }) {
+      data {
+        id
+        name
+        description
+        placeholders {
+          name
+          description
+        }
+        applicationInput
+        labels
+        webhooks {
+          type
         }
-        applicationNamespace: "${this.options.namespace}"
-        placeholders: [
-            { name: "subdomain", description: "The subdomain of the consumer tenant" }
-            { name: "tenant-id", description: "The tenant id as it's known in the product's domain", jsonPath: "$.subscribedTenantId" }
-        ]
-        accessLevel: GLOBAL
       }
+    }
+  }`
+
+const CREATE_MUTATION = `
+  mutation {
+    result: createApplicationTemplate (
+      in: $input
+    ) {
+      id
+      name
+      labels
+      applicationInput
+      applicationNamespace
+    }
+  }`
+
+const UPDATE_MUTATION = `
+  mutation ($id: ID!, $input: ApplicationTemplateUpdateInput!) {
+    result: updateApplicationTemplate(
+      id: $id
+      in: $input
     ) {
       id
       name
@@ -215,14 +180,58 @@ class UCLService extends cds.Service {
       applicationInput
     }
   }`
-    try {
-      const response = this._handleResponse(await this._request(query))
-      LOG.info('Application template updated successfully.')
-      return response
-    } catch (e) {
-      this._handleResponse(e)
+
+const DELETE_MUTATION = `
+  mutation ($id: ID!) {
+    result: deleteApplicationTemplate(
+      id: $id
+    ) {
+      id
+      name
+      description
     }
+  }`
+
+const _deepAssign = (a, b) => {
+  for (const key in b) {
+    if (typeof b[key] === 'object' && !Array.isArray(b[key])) a[key] = _deepAssign(a[key] || {}, b[key])
+    else a[key] = b[key]
   }
+  return a
+}
+
+const _getApplicationTemplate = options => {
+  let applicationTemplate = {
+    applicationInput: {
+      providerName: 'SAP',
+      localTenantID: '{{tenant-id}}',
+      labels: {
+        displayName: '{{subdomain}}'
+      }
+    },
+    labels: {
+      managed_app_provisioning: true,
+      xsappname: '${xsappname}'
+    },
+    placeholders: [
+      { name: 'subdomain', description: 'The subdomain of the consumer tenant' },
+      {
+        name: 'tenant-id',
+        description: "The tenant id as it's known in the product's domain",
+        jsonPath: '$.subscribedTenantId'
+      }
+    ],
+    accessLevel: 'GLOBAL'
+  }
+  applicationTemplate = _deepAssign(applicationTemplate, options.applicationTemplate)
+
+  const pkg = require(cds.root + '/package')
+  if (!applicationTemplate.name) applicationTemplate.name = pkg.name
+  if (!applicationTemplate.applicationInput.name) applicationTemplate.applicationInput.name = pkg.name
+  if (applicationTemplate.labels.xsappname === '${xsappname}')
+    applicationTemplate.labels.xsappname = options.credentials.xsappname
+
+  return applicationTemplate
 }
 
 module.exports = UCLService

package/libx/common/utils/path.js

@@ -1,13 +1,22 @@
+const cds = require('../../../')
+
 const { where2obj } = require('../../_runtime/common/utils/cqn')
-const { getKeysForNavigationFromRefPath } = require('../../_runtime/common/utils/keys')
+const propagateForeignKeys = require('../../_runtime/common/utils/propagateForeignKeys')
+
+let _consistent_params
 
 // REVISIT: do we already have something like this _without using okra api_?
 // REVISIT: should we still support process.env.CDS_FEATURES_PARAMS? probably nobody uses it...
 exports.getKeysAndParamsFromPath = (from, { model }) => {
   if (!from.ref || !from.ref.length) return {}
 
-  const keys = {}
+  // REVISIT: make opt-out feature in cds^9
+  _consistent_params ??= cds.env.features.consistent_params
+
   const params = []
+  const data = {}
+  let currData = data
+  const navigations = []
 
   let cur = model.definitions
   let lastElement
@@ -19,28 +28,31 @@ exports.getKeysAndParamsFromPath = (from, { model }) => {
     const target = cur[id]._target ?? lastElement
     cur = target.elements
 
-    if (i === from.ref.length - 1) {
-      // last element
-      if (ref.where) {
-        const seg_keys = where2obj(ref.where)
-        Object.assign(keys, seg_keys)
-        params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
-      } else if (ref.args) {
-        params[i] = Object.fromEntries(Object.entries(ref.args).map(([k, v]) => [k, 'val' in v ? v.val : v]))
-      }
-      if (lastElement.isAssociation && from.ref.length > 1) {
-        // add keys for navigation from path
-        const rootRef = from.ref[0]
-        const rootTarget = model.definitions[rootRef.id || rootRef]
-        const seg_keys = getKeysForNavigationFromRefPath(from.ref, rootTarget)
-        // only take if a known property
-        for (const k in seg_keys) if (k in cur) keys[k] = seg_keys[k]
-      }
-    } else if (ref.where) {
+    if (lastElement.isAssociation) {
+      currData[lastElement.name] = {}
+      currData = currData[lastElement.name]
+      navigations.push(lastElement)
+    }
+
+    if (ref.where) {
       const seg_keys = where2obj(ref.where)
-      params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
+      if (_consistent_params) params[i] = seg_keys
+      else params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
+      Object.assign(currData, seg_keys)
     }
+
+    if (i === from.ref.length - 1 && !ref.where && ref.args) {
+      const seg_keys = Object.fromEntries(Object.entries(ref.args).map(([k, v]) => [k, 'val' in v ? v.val : v]))
+      if (_consistent_params) params[i] = seg_keys
+      else params[i] = seg_keys.ID && Object.keys(seg_keys).length === 1 ? seg_keys.ID : seg_keys
+    }
+  }
+
+  let current = data
+  for (let nav of navigations) {
+    propagateForeignKeys(nav.name, current, nav._foreignKeys, true, { enumerable: true, generateKeys: false })
+    current = current[nav.name]
   }
 
-  return { keys, params }
+  return { keys: current || {}, params }
 }

package/libx/odata/middleware/create.js

@@ -7,6 +7,7 @@ const postProcess = require('../utils/postProcess')
 const readAfterWrite4 = require('../utils/readAfterWrite')
 const getODataResult = require('../utils/result')
 const normalizeTimeData = require('../utils/normalizeTimeData')
+const odataBind = require('../utils/odataBind')
 
 const { getKeysAndParamsFromPath } = require('../../common/utils/path')
 
@@ -37,6 +38,7 @@ module.exports = (adapter, isUpsert) => {
       const msg = 'Only single entity representations are allowed'
       throw Object.assign(new Error(msg), { statusCode: 400 })
     }
+    odataBind(data, target)
     normalizeTimeData(data, model, target)
     const { keys, params } = getKeysAndParamsFromPath(from, { model })
     // add keys from url into payload (overwriting if already present)

package/libx/odata/middleware/operation.js

@@ -113,7 +113,10 @@ module.exports = adapter => {
           handleSapMessages(cdsReq, req, res)
 
           const stream = getReadable(result)
-          if (!stream) return res.sendStatus(204)
+          if (!stream) {
+            if (res.statusCode > 200) return res.end()
+            return res.sendStatus(204)
+          }
 
           const { mimetype, filename, disposition } = collectStreamMetadata(result, operation, query)
           validateMimetypeIsAcceptedOrThrow(req.headers, mimetype)
@@ -151,7 +154,10 @@ module.exports = adapter => {
         handleSapMessages(cdsReq, req, res)
 
         if (operation.returns?.items && result == null) result = []
-        if (!operation.returns || result == null) return res.sendStatus(204)
+        if (!operation.returns || result == null) {
+          if (res.statusCode > 200) return res.end()
+          return res.sendStatus(204)
+        }
 
         if (operation.returns._type?.match?.(/^cds\./)) {
           const context = `${'../'.repeat(query?.SELECT?.from?.ref?.length)}$metadata#${cds2edm[operation.returns._type]}`

package/libx/odata/middleware/parse.js

@@ -9,7 +9,7 @@ module.exports = adapter => {
 
     if (req._query) return next() //> already parsed (e.g., upsert)
 
-    req._query = cds.odata.parse(req.url, { service, baseUrl: req.baseUrl, strict: true })
+    req._query = cds.odata.parse(req.url, { service, baseUrl: req.baseUrl, strict: true, protocol: 'odata' })
 
     next()
   }

package/libx/odata/middleware/stream.js

@@ -9,7 +9,6 @@ const {
   validateMimetypeIsAcceptedOrThrow,
   getReadable
 } = require('../../common/utils/streaming')
-const { getTransition } = require('../../_runtime/common/utils/resolveView')
 
 const _resolveContentProperty = (target, annotName, resolvedProp) => {
   if (target.elements[resolvedProp]) {
@@ -19,7 +18,7 @@ const _resolveContentProperty = (target, annotName, resolvedProp) => {
     LOG.warn(
       `"${annotName}" in entity "${target.name}" points to property "${resolvedProp}" which was renamed or is not part of the projection. You must update the annotation value.`
     )
-  const mapping = getTransition(target, cds.db).mapping
+  const mapping = cds.ql.resolve.transitions({ target }, cds.db).mapping
   const key = [...mapping.entries()].find(({ 1: val }) => val.ref[0] === resolvedProp)
   return key?.length && key[0]
 }

package/libx/odata/middleware/update.js

@@ -7,6 +7,7 @@ const postProcess = require('../utils/postProcess')
 const readAfterWrite4 = require('../utils/readAfterWrite')
 const getODataResult = require('../utils/result')
 const normalizeTimeData = require('../utils/normalizeTimeData')
+const odataBind = require('../utils/odataBind')
 
 const { getKeysAndParamsFromPath } = require('../../common/utils/path')
 
@@ -70,6 +71,7 @@ module.exports = adapter => {
 
     // payload & params
     const data = _propertyAccess ? { [_propertyAccess]: req.body.value } : req.body
+    odataBind(data, target)
     normalizeTimeData(data, model, target)
     const { keys, params } = getKeysAndParamsFromPath(from, { model })
     // add keys from url into payload (overwriting if already present)

package/libx/odata/parse/afterburner.js

@@ -241,7 +241,7 @@ function _handleCollectionBoundActions(current, ref, i, namespace, one) {
     action = shortName && current.actions[shortName]
   }
 
-  let incompleteKeys = ref[i].where ? false : i === ref.length - 1 || one ? false : true
+  let incompleteKeys = !(!!ref[i].where || i === ref.length - 1 || one)
   if (!action) return incompleteKeys
 
   const onCollection = !!(
@@ -301,7 +301,9 @@ function _processSegments(from, model, namespace, cqn, protocol) {
 
     if (incompleteKeys) {
       // > key
-      keys = keys || keysOf(current, protocol !== 'rest') // if odata, skip backlinks as key as they are used from structure
+      // in case of odata, values for keys that are backlinks are expected to be omitted
+      keys = keys || keysOf(current, !!protocol?.match(/odata/i))
+      if (!keys.length) cds.error(`Invalid resource path "${path}"`, { code: '404', statusCode: 404 })
       let key = keys[keyCount++]
       one = true
       const element = current.elements[key]
@@ -388,6 +390,11 @@ function _processSegments(from, model, namespace, cqn, protocol) {
           if (!Object.keys(params).length) params = where2obj(ref[i].where)
           _processWhere(ref[i].where, current)
           _checkAllKeysProvided(params, current)
+
+          if (keyCount === 0 && !Object.keys(params).length && whereRef.length === 1) {
+            const msg = `Entity "${current.name}" can not be accessed by key.`
+            throw Object.assign(new Error(msg), { statusCode: 400 })
+          }
         }
       } else if ({ action: 1, function: 1 }[current.kind]) {
         // > action or function
@@ -578,8 +585,6 @@ function _processColumns(cqn, target, protocol) {
 
   let columns = cqn.SELECT.columns
 
-  // REVISIT Keys should be added only in case of odata, not e.g. rest.
-  // Currently odata is detected via odata_new_parser flag -> find a better indicator.
   if (columns && !cqn.SELECT.groupBy) {
     let entity
     if (target.kind === 'entity') entity = target
@@ -588,7 +593,9 @@ function _processColumns(cqn, target, protocol) {
 
     _removeUnneededColumnsIfHasAsterisk(columns)
     rewriteExpandAsterisk(columns, entity)
-    if (protocol !== 'rest') _addKeys(columns, entity)
+
+    // in case of odata, add all missing key fields (i.e., not in $select)
+    if (protocol?.match(/odata/i)) _addKeys(columns, entity)
   }
 
   if (!Array.isArray(columns)) return
@@ -755,6 +762,8 @@ function _validateQuery(SELECT, target, isOne, model) {
 }
 
 module.exports = (cqn, model, namespace, protocol) => {
+  if (!model) return cqn
+
   const from = resolveFromSelect(cqn)
   const { ref } = from
 
@@ -816,11 +825,10 @@ module.exports = (cqn, model, namespace, protocol) => {
         break
       }
     }
-    const setRecurseRef = SELECT => {
-      if (SELECT.from.SELECT) setRecurseRef(SELECT.from.SELECT)
-      if (SELECT.recurse) SELECT.recurse.ref[0] = uplinkName
+    if (uplinkName) {
+      let r = cqn.SELECT.recurse
+      if (r) r.ref[0] = uplinkName
     }
-    if (uplinkName) setRecurseRef(cqn.SELECT)
   }
 
   // REVISIT: better

package/libx/odata/parse/cqn2odata.js

@@ -393,6 +393,8 @@ function $orderBy(orderBy) {
   const res = []
 
   for (const cur of orderBy) {
+    if (cur.implicit) continue
+
     if (hasValidProps(cur, 'ref', 'sort')) {
       res.push(_format(cur) + '%20' + cur.sort)
       continue
@@ -412,7 +414,7 @@ function $orderBy(orderBy) {
     }
   }
 
-  return '$orderby=' + res.join(',')
+  if (res.length) return '$orderby=' + res.join(',')
 }
 
 function parseSearch(search) {

package/libx/odata/parse/grammar.peggy

@@ -210,13 +210,18 @@
           
         }
         if (apply.topLevels.levels) {
-          cqn.recurse.where = [{ ref: ['DistanceFromRoot'] }, '<=', { val: apply.topLevels.levels }]
+          cqn.recurse.where = [{ ref: ['DistanceFromRoot'] }, '<=', { val: apply.topLevels.levels - 1 }]
         }
         if (apply.topLevels.expandLevels) {
           if (!cqn.recurse.where) cqn.recurse.where = []
           for (const expandLevel of apply.topLevels.expandLevels) {
             if (cqn.recurse.where.length !== 0) cqn.recurse.where.push('or')
-            cqn.recurse.where.push({ ref: [apply.topLevels.nodeProperty] }, '=', { val: expandLevel.nodeID }, 'and', { ref: ['Distance'] }, 'between', { val: 0 }, 'and', { val: expandLevel.levels } )
+            cqn.recurse.where.push({ ref: [apply.topLevels.nodeProperty] }, '=', { val: expandLevel.nodeID })
+            if (Number.isInteger(expandLevel.levels)) {
+              cqn.recurse.where.push('and', { ref: ['Distance'] })
+              if (expandLevel.levels === 1) cqn.recurse.where.push('=', { val: 1 })
+              else cqn.recurse.where.push('between', { val: 1 }, 'and', { val: expandLevel.levels } )
+            }
           }
         }
       }
@@ -244,23 +249,16 @@
       }
 
       if (apply.ancestors && apply.topLevels) {
-        const inner = {
-          SELECT: {
-            from: cqn.from,
-          }
-        }
-        _ancestors(inner.SELECT)
-        cqn.from = inner
-        _toplevels(cqn)
+        _ancestors(cqn)
+        const extra = {...cqn}
+        _toplevels(extra)
+        cqn.recurse = extra.recurse
       } else if (apply.ancestors && apply.descendants) {
-        const inner = {
-          SELECT: {
-            from: cqn.from
-          }
-        }
-        _ancestors(inner.SELECT)
-        cqn.from = inner
-        _descendants(cqn)
+        _ancestors(cqn)
+        const extra = {...cqn}
+        _descendants(extra)
+        cqn.where = extra.where
+        cqn.recurse = extra.recurse
       } else if (apply.topLevels) {
         _toplevels(cqn)
       } else if (apply.ancestors) {
@@ -1019,7 +1017,11 @@
 
   expandItemProp
     = "\"NodeID\"" o ":" o s:doubleQuotedString{return { nodeID: s } } /
-      "\"Levels\"" o ":" o i:integer{return { levels: i } }
+      "\"Levels\"" o ":" o l:expandItemLevel{return { levels: l } }
+
+  expandItemLevel
+    = i:integer{ return i } /
+      null{ return null }
 
   ansDescTrafo
     = OPEN o "$root/" p:simplePath o COMMA o h:identifier o COMMA o e:identifier o COMMA? t:ansDescGetNodes? o COMMA? d:integer? o COMMA? k:ansDescKeepStart? CLOSE {