add custom authentication checks

media-store/srv/browse-tracks-service.js

@@ -6,26 +6,21 @@ const selectTracksByEmail = (email) => `
       join sap_capire_media_store_Invoices invoices 
         on tracks.ID = invoiceItems.track_ID 
       join sap_capire_media_store_InvoiceItems invoiceItems 
-        on (invoices.ID = invoiceItems.invoice_ID and invoices.status='2') or 
-        (invoices.ID = invoiceItems.invoice_ID and invoices.status='1') 
+        on invoices.ID = invoiceItems.invoice_ID  
       join sap_capire_media_store_Customers customers 
         on customers.ID = invoices.customer_ID
-      where customers.email='${email}'
+      where (customers.email='${email}' and invoices.status='2') 
+        or (customers.email='${email}' and invoices.status='1')
 `;
 
 module.exports = async function () {
   const db = await cds.connect.to("db"); // connect to database service
 
-  this.before("*", (req) => {
-    console.log(
-      "[USER]:",
-      req.user.id,
-      " [LEVEL]: ",
-      req.user.attr.level,
-      "[ROLE]",
-      req.user.is("user") ? "user" : "other"
-    );
-  });
+  // this.before("READ", "MarkedTracks", (req) => {
+  //   if (!req.user.is("customer")) {
+  //     req.reject(403);
+  //   }
+  // });
 
   this.on("READ", "MarkedTracks", async (req) => {
     const myTrackIds = (await db.run(selectTracksByEmail(req.user.id))).map(