@sap/eslint-plugin-cds 2.4.1 → 2.6.0

package/lib/rules/assoc2many-ambiguous-key.js

@@ -1,170 +1,154 @@
+const cds = require('@sap/cds')
+
+/** @type {import('../types').Rule} */
+
 module.exports = {
   meta: {
+    schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
       description:
-        "Ambiguous key with a `TO MANY` relationship since entries could appear multiple times with the same key.",
-      category: "Model Validation",
-      recommended: true,
-      version: "1.0.1",
+        'Ambiguous key with a `TO MANY` relationship since entries could appear multiple times with the same key.',
+      category: 'Model Validation',
+      recommended: true
     },
-    severity: "warn",
-    type: "problem",
+    type: 'problem',
+    model: 'inferred'
   },
-  create(context) {
-    return { all: check_assoc2many_ambiguous_key };
+  create (context) {
+    return checkAssocs
 
-    function check_assoc2many_ambiguous_key() {
-      let reports = [];
-      let csnOdata;
-      const m = context.cds.model;
+    function checkAssocs () {
+      let csnOdata
+      const m = context.getModel()
+      if (!m) return
       if (m && m.definitions) {
-        csnOdata = context.cds.compile.for.odata(m);
-        const csnOdataLinked = context.cds.linked(csnOdata);
-        reports = associationCardinalityFlaw(csnOdataLinked, context);
-      }
-      if (reports.length > 0) {
-        return reports;
+        csnOdata = cds.compile.for.odata(m)
+        const csnOdataLinked = cds.linked(csnOdata)
+        associationCardinalityFlaw(csnOdataLinked, context)
       }
     }
-  },
-};
+  }
+}
 
-function associationCardinalityFlaw(csn, context) {
-  const reports = [];
+function associationCardinalityFlaw (csn, context) {
   processEntity(csn, (definition, sourceEntity, sourceAlias) => {
-    let refCardinalityMult = false;
-    let refPlainElement = false;
+    let refCardinalityMult = false
+    let refPlainElement = false
     processElement(
       csn,
       definition,
       sourceEntity,
       sourceAlias,
       () => {
-        refCardinalityMult = false;
-        refPlainElement = false;
+        refCardinalityMult = false
+        refPlainElement = false
       },
       (refEntity, refElement) => {
-        if (refElement.type === "cds.Association" || refElement.type === "cds.Composition") {
-          if (refElement.cardinality && refElement.cardinality.max === "*") {
-            refCardinalityMult = true;
+        if (refElement.type === 'cds.Association' || refElement.type === 'cds.Composition') {
+          if (refElement.cardinality && refElement.cardinality.max === '*') {
+            refCardinalityMult = true
           }
         } else {
-          refPlainElement = true;
+          refPlainElement = true
         }
       },
       (column) => {
         if (
           definition.keys &&
           Object.keys(definition.keys).length === 1 &&
-          Object.keys(definition.keys)[0] === "ID" &&
+          Object.keys(definition.keys)[0] === 'ID' &&
           refCardinalityMult &&
           refPlainElement
         ) {
-          const keyName = Object.keys(definition.keys)[0];
-          const key = definition.keys[keyName];
-          const keyLoc = context.cds.getLocation(keyName, key, csn);
-          const colName = column.as ? column.as : column.name;
-          if (context.sourcecode.lines[column.$location.line - 1]) {
-            const endCol = context.sourcecode.lines[column.$location.col - 1].length;
-            const colLoc = {
-              start: { line: column.$location.line, column: column.$location.col - 1 },
-              end: { line: column.$location.line, column: endCol },
-            };
-            const message = `Ambiguous key in '${definition.name}'. Element '${colName}' leads to multiple entries so that key '${keyName}' is not unique.`;
-            reports.push(
-              {
-                message,
-                loc: keyLoc,
-                file: key.$location.file,
-              },
-              {
-                message,
-                loc: colLoc,
-                file: column.$location.file,
-              }
-            );
-          }
+          const keyName = Object.keys(definition.keys)[0]
+          const key = definition.keys[keyName]
+          const keyLoc = context.getLocation(keyName, key, csn)
+          const colName = column.as ? column.as : column.name
+          context.report({
+            message: `Ambiguous key in '${definition.name}'. Element '${colName}' leads to multiple entries so that key '${keyName}' is not unique.`,
+            loc: keyLoc,
+            file: key.$location.file
+          })
         }
       }
-    );
-  });
-  return reports;
+    )
+  })
 }
 
-function processEntity(csn, eachCallback) {
+function processEntity (csn, eachCallback) {
   Object.keys(csn.definitions).forEach((name) => {
-    if (name.startsWith("localized.")) {
-      return;
+    if (name.startsWith('localized.')) {
+      return
     }
-    const definition = csn.definitions[name];
+    const definition = csn.definitions[name]
     if (
-      definition.kind === "entity" &&
+      definition.kind === 'entity' &&
       definition.query &&
       definition.query.SELECT &&
       definition.query.SELECT.columns
     ) {
-      let sourceEntity;
-      const sourceAlias = [];
+      let sourceEntity
+      const sourceAlias = []
       if (definition.query.SELECT.from.ref) {
         // From
-        sourceEntity = csn.definitions[definition.query.SELECT.from.ref.join("_")];
+        sourceEntity = csn.definitions[definition.query.SELECT.from.ref.join('_')]
         sourceAlias.push({
           from: sourceEntity.name,
-          as: definition.query.SELECT.from.as || definition.query.SELECT.from.ref.slice(-1)[0].split(".").pop(),
-        });
+          as: definition.query.SELECT.from.as || definition.query.SELECT.from.ref.slice(-1)[0].split('.').pop()
+        })
       } else if (definition.query.SELECT.from.args && definition.query.SELECT.from.args[0].ref) {
         // Join
-        sourceEntity = csn.definitions[definition.query.SELECT.from.args[0].ref.join("_")];
+        sourceEntity = csn.definitions[definition.query.SELECT.from.args[0].ref.join('_')]
         definition.query.SELECT.from.args.forEach((arg) => {
           sourceAlias.push({
-            from: arg.ref.join("_"),
-            as: arg.as || arg.ref.slice(-1)[0].split(".").pop(),
-          });
-        });
+            from: arg.ref.join('_'),
+            as: arg.as || arg.ref.slice(-1)[0].split('.').pop()
+          })
+        })
       }
       if (!sourceEntity) {
-        return;
+        return
       }
-      eachCallback(definition, sourceEntity, sourceAlias);
+      eachCallback(definition, sourceEntity, sourceAlias)
     }
-  });
+  })
 }
 
-function processElement(csn, definition, sourceEntity, sourceAlias, beforeCallback, eachCallback, afterCallback) {
+function processElement (csn, definition, sourceEntity, sourceAlias, beforeCallback, eachCallback, afterCallback) {
   definition.query.SELECT.columns.forEach((column) => {
     if (column.ref && column.ref.length > 1) {
-      let refEntity = sourceEntity;
-      let refAlias = sourceAlias;
-      beforeCallback();
+      let refEntity = sourceEntity
+      let refAlias = sourceAlias
+      beforeCallback()
       column.ref.forEach((ref) => {
-        ref = ref.id || ref;
+        ref = ref.id || ref
         // Alias
         const matchAlias = refAlias.find((alias) => {
-          return alias.as === ref;
-        });
-        let refElement;
+          return alias.as === ref
+        })
+        let refElement
         if (matchAlias) {
-          refEntity = csn.definitions[matchAlias.from];
+          refEntity = csn.definitions[matchAlias.from]
         } else {
-          refElement = refEntity.elements[ref];
+          refElement = refEntity.elements[ref]
           // Mixin
           if (!refElement) {
-            refElement = definition.elements[ref];
+            refElement = definition.elements[ref]
             if (!refElement && definition.query.SELECT.mixin) {
-              refElement = definition.query.SELECT.mixin[ref];
+              refElement = definition.query.SELECT.mixin[ref]
               if (!refElement && definition.query.SELECT.mixin[column.ref[0]]) {
-                refElement = definition.query.SELECT.mixin[column.ref[0]]._target.elements[ref];
+                refElement = definition.query.SELECT.mixin[column.ref[0]]._target.elements[ref]
               }
             }
           }
-          eachCallback(refEntity, refElement);
-          if (refElement.type === "cds.Association" || refElement.type === "cds.Composition") {
-            refEntity = csn.definitions[refElement.target];
+          eachCallback(refEntity, refElement)
+          if (refElement.type === 'cds.Association' || refElement.type === 'cds.Composition') {
+            refEntity = csn.definitions[refElement.target]
           }
         }
-        refAlias = [];
-      });
-      afterCallback(column);
+        refAlias = []
+      })
+      afterCallback(column)
     }
-  });
+  })
 }

package/lib/rules/auth-no-empty-restrictions.js

@@ -1,45 +1,38 @@
-const { splitEntityName } = require("../utils/ruleHelpers");
-
-const SEVERITY = "warn";
-const LABELS = ["@restrict", "@requires"];
+const LABELS = ['@restrict', '@requires']
 
 module.exports = {
   meta: {
+    schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
-      description: "`@restrict` and `@requires` must not be empty",
-      category: "Model Validation",
-      recommended: true,
-      version: "2.4.1",
+      description: '`@restrict` and `@requires` must not be empty.',
+      category: 'Model Validation',
+      recommended: true
     },
-    severity: SEVERITY,
     hasSuggestions: true,
     messages: {
-      InvalidItem: `Invalid item '{{invalid}}'. Did you mean '{{candidates}}'?`,
-      ReplaceItemWith: `Replace '{{invalid}}' with '{{candidates}}'`,
+      InvalidItem: "Invalid item '{{invalid}}'. Did you mean '{{candidates}}'?",
+      ReplaceItemWith: "Replace '{{invalid}}' with '{{candidates}}'"
     },
+    type: 'problem',
+    model: 'inferred'
   },
-  create(context) {
+  create (context) {
     return {
-      entity: check_restrictions,
-      service: check_restrictions,
-    };
-
-    function check_restrictions(e) {
-      const reports = [];
+      entity: checkRestrictions,
+      service: checkRestrictions
+    }
 
-      LABELS.forEach((l) => {
-        const invalid = (e[l] && typeof e[l] === "object" && e[l].length === 0) || (typeof e[l] === "string" && !e[l]);
+    function checkRestrictions (e) {
+      for (const l of LABELS) {
+        const invalid = (typeof e[l] === 'object' && e[l].length === 0) || (typeof e[l] === 'string' && e[l] === '')
         if (invalid) {
-          const entityName = splitEntityName(e).entity;
-          const loc = context.cds.getLocation(entityName, e);
-          reports.push({
+          context.report({
             message: `No explicit restrictions provided on ${e.kind} \`${e.name}\` at \`${l}\`.`,
-            loc,
-          });
+            node: context.getNode(e),
+            file: e.$location.file
+          })
         }
-      });
-
-      return reports.length > 0 ? reports : undefined;
+      }
     }
-  },
-};
+  }
+}

package/lib/rules/auth-use-requires.js

@@ -1,38 +1,39 @@
-const SEVERITY = "warn";
-
 module.exports = {
   meta: {
+    schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
-      description: "Use `@requires` instead of `@restrict.to` in actions and services with unrestricted events",
-      category: "Model Validation",
+      description: 'Use `@requires` instead of `@restrict.to` in actions and services with unrestricted events.',
+      category: 'Model Validation',
       recommended: true,
-      version: "2.4.1",
+      version: '2.4.1'
     },
-    severity: SEVERITY,
     hasSuggestions: true,
     messages: {
-      InvalidItem: `Invalid item '{{invalid}}'. Did you mean '{{candidates}}'?`,
-      ReplaceItemWith: `Replace '{{invalid}}' with '{{candidates}}'`,
+      InvalidItem: "Invalid item '{{invalid}}'. Did you mean '{{candidates}}'?",
+      ReplaceItemWith: "Replace '{{invalid}}' with '{{candidates}}'"
     },
+    type: 'problem',
+    model: 'inferred'
   },
-  create() {
+  create (context) {
     return {
-      service: check_restrict,
-      action: check_restrict,
-    };
-
-    function check_restrict(e) {
-      const reports = [];
+      service: checkRestrict,
+      action: checkRestrict
+    }
 
-      if (e && e["@restrict"] && typeof e["@restrict"] === "object") {
-        e["@restrict"].forEach((entry) => {
-          const keys = Object.keys(entry);
-          if (keys.includes("to") && keys.includes("grant") && entry.grant === "*") {
-            reports.push(`Use \`@requires\` instead of \`@restrict.to\` at ${e.kind} \`${e.name}\`.`);
+    function checkRestrict (e) {
+      if (e && e['@restrict'] && typeof e['@restrict'] === 'object') {
+        for (const entry of e['@restrict']) {
+          const keys = Object.keys(entry)
+          if (keys.includes('to') && keys.includes('grant') && entry.grant === '*') {
+            context.report({
+              message: `Use \`@requires\` instead of \`@restrict.to\` at ${e.kind} \`${e.name}\`.`,
+              node: context.getNode(e),
+              file: e.$location.file
+            })
           }
-        });
+        }
       }
-      return reports.length > 0 ? reports : undefined;
     }
-  },
-};
+  }
+}

package/lib/rules/auth-valid-restrict-grant.js

@@ -1,68 +1,106 @@
-const { validateObject, validateString } = require("../utils/ruleHelpers");
+const { findFuzzy, isEmptyString, isEmptyObject, isStringInArray } = require('../utils/rules')
 
-const DEFAULT_SEVERITY = "error";
-const REPLACE_AS_WRITE_EVENTS = ["READ", "CREATE", "UPDATE", "DELETE"];
-const VALID_EVENTS = REPLACE_AS_WRITE_EVENTS.concat(["INSERT", "UPSERT", "WRITE", "*"]);
+const REPLACE_AS_WRITE_EVENTS = ['READ', 'CREATE', 'UPDATE', 'DELETE']
+const VALID_EVENTS = REPLACE_AS_WRITE_EVENTS.concat(['INSERT', 'UPSERT', 'WRITE', '*'])
 
 module.exports = {
   meta: {
+    schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
-      description: '`@restrict.grant` must have valid values',
-      category: "Model Validation",
-      recommended: true,
-      version: "2.4.1",
+      description: '`@restrict.grant` must have valid values.',
+      category: 'Model Validation',
+      recommended: true
     },
-    severity: DEFAULT_SEVERITY,
-    hasSuggestions: true,
     messages: {
-      InvalidItem: `Invalid item '{{invalid}}'. Did you mean '{{candidates}}'?`,
-      ReplaceItemWith: `Replace '{{invalid}}' with '{{candidates}}'`,
+      InvalidItem: "Invalid item '{{invalid}}'. Did you mean '{{candidates}}'?",
+      ReplaceItemWith: "Replace '{{invalid}}' with '{{candidates}}'"
     },
+    type: 'problem',
+    model: 'inferred'
   },
-  create(context) {
+  create (context) {
     return {
-      entity: check_restrict_grant,
-      //service: check_hierarchy_action
-    };
+      entity: checkRestrictGrant
+    }
 
-    function check_restrict_grant(e) {
-      const reports = [];
+    function checkRestrictGrant (e) {
+      const node = context.getNode(e)
+      const file = e.$location.file
+      if (e['@restrict']) {
+        const actions = e.actions
+        const actionNames = actions ? Object.keys(actions).map((s) => actions[s].name) : []
+        const validEventsAndActions = VALID_EVENTS.concat(actionNames)
 
-      if (e["@restrict"]) {
-        const actions = e.actions;
-        const actionNames = actions ? Object.keys(actions).map((s) => actions[s].name) : [];
-        const validEventsAndActions = VALID_EVENTS.concat(actionNames);
-        for (const entry of e["@restrict"]) {
-          const grantValues = entry.grant;
+        for (const entry of e['@restrict']) {
           if (Object.keys(entry).includes('grant')) {
-            switch (typeof grantValues) {
-              case "string": {
-                validateString(
-                  reports,
-                  context,
-                  e,
-                  { key: "grant", name: "event/action" },
-                  grantValues,
-                  validEventsAndActions
-                );
-                break;
+            const grantValue = entry.grant
+            switch (typeof grantValue) {
+              case 'string': {
+                if (isEmptyString(grantValue)) {
+                  context.report({
+                    message: `Missing event/action on ${e.name} for \`@restrict.grant\`.`,
+                    node,
+                    file
+                  })
+                } else {
+                  if (!isStringInArray(grantValue, validEventsAndActions, true)) {
+                    const candidates = findFuzzy(grantValue, validEventsAndActions.sort())
+                    context.report({
+                      messageId: 'InvalidItem',
+                      data: { invalid: grantValue, candidates },
+                      node,
+                      file
+                    })
+                  }
+                }
+                break
               }
-              case "object":
-                validateObject(
-                  reports,
-                  context,
-                  e,
-                  { key: "grant", name: "events/actions" },
-                  grantValues,
-                  validEventsAndActions
-                );
-                break;
+
+              case 'object':
+                if (isEmptyObject(grantValue)) {
+                  context.report({
+                    message: `Missing event/action on ${e.name} for \`@restrict.grant\`.`,
+                    node,
+                    file
+                  })
+                } else {
+                  const valuesForWrite = grantValue.filter(function (item) {
+                    return item !== 'READ' && item !== 'WRITE' && item !== '*'
+                  })
+                  for (const value of grantValue) {
+                    if (!validEventsAndActions.includes(value)) {
+                      const candidates = findFuzzy(value, validEventsAndActions.sort())
+                      context.report({
+                        messageId: 'InvalidItem',
+                        data: { invalid: value, candidates },
+                        node,
+                        file
+                      })
+                    }
+                  }
+                  const allValuesIncluded = grantValue.every((v) => valuesForWrite.includes(v))
+                  if (allValuesIncluded) {
+                    context.report({
+                      messageId: 'InvalidItem',
+                      data: { invalid: [`[${grantValue}]`], candidates: ['["WRITE"]'] },
+                      node,
+                      file
+                    })
+                  }
+                  if (grantValue.includes('*')) {
+                    context.report({
+                      messageId: 'InvalidItem',
+                      data: { invalid: `[${grantValue}]`, candidates: ['["*"]'] },
+                      node,
+                      file
+                    })
+                  }
+                }
+                break
             }
           }
         }
       }
-
-      return reports.length > 0 ? reports : undefined;
     }
-  },
-};
+  }
+}

package/lib/rules/auth-valid-restrict-keys.js

@@ -1,37 +1,44 @@
-const { suggestItems } = require("../utils/ruleHelpers");
+const { isEmptyObject, findFuzzy } = require('../utils/rules')
 
-const DEFAULT_SEVERITY = "error";
+const VALID_RESTRICT_KEYS = ['grant', 'to', 'where']
 
 module.exports = {
   meta: {
+    schema: [{/* to avoid deprecation warning for ESLint 9 */}],
     docs: {
-      description: '`@restrict` must have properly spelled `to`, `grant`, and `where` keys',
-      category: "Model Validation",
-      recommended: true,
-      version: "2.4.1",
+      description: '`@restrict` must have properly spelled `to`, `grant`, and `where` keys.',
+      category: 'Model Validation',
+      recommended: true
     },
-    severity: DEFAULT_SEVERITY,
-    hasSuggestions: true,
     messages: {
-      InvalidItem: `Misspelled key '{{invalid}}'. Did you mean '{{candidates}}'?`,
-      ReplaceItemWith: `Replace '{{invalid}}' with '{{candidates}}'`,
+      InvalidItem: "Misspelled key '{{invalid}}'. Did you mean '{{candidates}}'?"
     },
+    type: 'problem',
+    model: 'inferred'
   },
-  create(context) {
+  create (context) {
     return {
-      entity: check_restrict_keys,
-    };
-
-    function check_restrict_keys(e) {
-      const reports = [];
+      entity: checkRestrictKeys
+    }
 
-      const validRestrictKeys = ["grant", "to", "where"];
-      if (e["@restrict"]) {
-        for (const entry of e["@restrict"]) {
-          suggestItems(reports, context, Object.keys(entry), validRestrictKeys, DEFAULT_SEVERITY);
+    function checkRestrictKeys (e) {
+      if (e['@restrict']) {
+        for (const entry of e['@restrict']) {
+          if (typeof entry === 'object' && !isEmptyObject(entry)) {
+            for (const key of Object.keys(entry)) {
+              if (!VALID_RESTRICT_KEYS.includes(key)) {
+                const candidates = findFuzzy(key, VALID_RESTRICT_KEYS.sort())
+                context.report({
+                  messageId: 'InvalidItem',
+                  data: { invalid: key, candidates },
+                  node: context.getNode(e),
+                  file: e.$location.file
+                })
+              }
+            }
+          }
         }
       }
-      return reports.length > 0 ? reports : undefined;
     }
-  },
-};
+  }
+}