CF enablement

packages/bookshop/srv/admin-service.cds

@@ -14,3 +14,8 @@ annotate AdminService.Orders with @odata.draft.enabled;
 extend service AdminService with {
   entity OrderItems as select from my.OrderItems;
 }
+
+// Restrict access to orders to users with role "admin"
+ annotate AdminService.Orders with  @(restrict: [
+   { grant: 'READ', to: 'admin' } 
+  ]);

packages/bookshop/srv/admin-service.js

@@ -0,0 +1,10 @@
+/** Service implementation for AdminService */
+module.exports = cds.service.impl(function() {
+  this.before ('CREATE', 'Orders', _checkOrderCreateAuth)
+})
+
+
+/** Check authorization  */
+function _checkOrderCreateAuth (req) {
+  req.user.currency[0] === req.data.currency_code || req.reject(403)
+}

packages/bookshop/srv/cat-service.cds

@@ -11,3 +11,7 @@ service CatalogService {
   @insertonly entity Orders as projection on my.Orders;
 
 }
+// Example for an instance restriction
+ annotate CatalogService.Orders with  @(restrict: [
+   { grant: 'READ', where: 'currency_code = $user.currency'  } 
+  ]);