@sap/eslint-plugin-cds 4.2.1 → 4.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/lib/rules/auth-valid-restrict-grant.js +33 -1
  3. package/lib/utils/csnTraversal.js +1 -1
  4. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -6,6 +6,10 @@ This project adheres to [Semantic Versioning](https://semver.org/).
6
6
 
7
7
  The format is based on [Keep a Changelog](https://keepachangelog.com/).
8
8
 
9
+ ## [4.2.2] - 2026-05-04
10
+ ### Fixed
11
+ - `auth-valid-restrict-grant` now also considers inherited actions.
12
+
9
13
  ## [4.2.1] - 2026-02-26
10
14
  ### Fixed
11
15
  - Removed usage of deprecated API in `lib/utils/rules.js`
package/lib/rules/auth-valid-restrict-grant.js CHANGED
@@ -8,6 +8,38 @@ const SAME_AS_WRITE_EVENT = [ 'CREATE', 'DELETE', 'UPDATE', 'UPSERT' ]
8
8
  // Note that 'INSERT' is not meant to be used by users. They should use 'CREATE' instead.
9
9
  const VALID_EVENTS = [ ...SAME_AS_WRITE_EVENT, 'READ', 'INSERT', '*', 'WRITE']
10
10
 
11
+ const isJoin = e => Boolean(e.query?.SELECT?.from.join)
12
+ const isProjection = e => Boolean(e.query?.SELECT?.from.ref)
13
+ const isSetUnion = e => Boolean(e.query?.SET?.op === 'union')
14
+ const projectionTarget = e => e.query.SELECT.from.ref[0]
15
+
16
+ function extractActions (e, csn) {
17
+ const getActions = e => Object.keys(e.actions ?? {})
18
+ const queue = [e]
19
+ const actions = []
20
+ while (queue.length) {
21
+ const entity = queue.pop()
22
+ actions.push(...getActions(entity))
23
+ if (isJoin(entity)) {
24
+ for (const { ref } of entity.query.SELECT.from.args[0].args) {
25
+ const ancestor = csn.definitions[ref[0]]
26
+ if (ancestor) {
27
+ queue.push(ancestor)
28
+ }
29
+ }
30
+ } else if (isProjection(entity)) {
31
+ const ancestor = csn.definitions[projectionTarget(entity)]
32
+ if (ancestor) {
33
+ queue.push(ancestor)
34
+ }
35
+ } else if (isSetUnion(entity)) {
36
+ // these are entities/ queries themselves. Just queue those.
37
+ queue.push(...entity.query.SET.args.map(e => ({query: e}) ))
38
+ }
39
+ }
40
+ return actions
41
+ }
42
+
11
43
  const TYPICAL_ISSUES = {
12
44
  __proto__: null,
13
45
  any: '*'
@@ -45,7 +77,7 @@ module.exports = {
45
77
 
46
78
  const node = context.getNode(e)
47
79
  const file = e.$location.file
48
- const actionNames = e.actions ? Object.keys(e.actions) : []
80
+ const actionNames = extractActions(e, context.getModel())
49
81
  const validEventsAndActions = [ ...VALID_EVENTS, ...actionNames ]
50
82
 
51
83
  for (const entry of e['@restrict']) {
package/lib/utils/csnTraversal.js CHANGED
@@ -72,7 +72,7 @@ class CsnTraversal {
72
72
  if (!node || typeof node !== 'object')
73
73
  return
74
74
 
75
- for (const name of Object.getOwnPropertyNames( dict ))
75
+ for (const name of Object.getOwnPropertyNames( dict ?? {} ))
76
76
  this.standard( dict, name, dict[name] )
77
77
  }
78
78
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sap/eslint-plugin-cds",
3
- "version": "4.2.1",
3
+ "version": "4.2.2",
4
4
  "description": "ESLint plugin including recommended SAP Cloud Application Programming model and environment rules",
5
5
  "homepage": "https://cap.cloud.sap/",
6
6
  "keywords": [