XSUAA Config 1

packages/bookshop/srv/admin-service.cds

@@ -14,3 +14,7 @@ annotate AdminService.Orders with @odata.draft.enabled;
 extend service AdminService with {
   entity OrderItems as select from my.OrderItems;
 }
+// Restrict access to orders to users with role "admin"
+ annotate AdminService.Orders with  @(restrict: [
+   { grant: 'READ', to: 'admin' } 
+  ]);

packages/bookshop/srv/cat-service.js

@@ -4,6 +4,7 @@ const { Books } = cds.entities
 /** Service implementation for CatalogService */
 module.exports = cds.service.impl(function() {
   this.after ('READ', 'Books', each => each.stock > 111 && _addDiscount2(each,11))
+  this.before ('CREATE', 'Orders', _checkOrderCreateAuth)
   this.before ('CREATE', 'Orders', _reduceStock)
 })
 
@@ -24,3 +25,10 @@ async function _reduceStock (req) {
     )
   }))
 }
+
+/** Check authorization  */
+function _checkOrderCreateAuth (req) {
+  req.user.country === req.data.country || req.reject(403)
+}
+
+