Remove workaround for authorization glitch

2020-11-21 01:35:24 +01:00
23 changed files with 66 additions and 107 deletions
--- a/.eslintrc
+++ b/.eslintrc
@@ -21,7 +21,6 @@
    },
    "rules": {
        "no-console": "off",
-        "require-atomic-updates": "off",
-        "require-await":"warn"
+        "require-atomic-updates": "off"
    }
 }
--- a/bookshop/sqlite.db
+++ b/bookshop/sqlite.db
--- a/bookshop/srv/admin-service.js
+++ b/bookshop/srv/admin-service.js
@@ -7,6 +7,6 @@ module.exports = cds.service.impl (function(){

 /** Generate primary keys for target entity in request */
 async function genid (req) {
-  const {ID} = await SELECT.one.from(req.target).columns('max(ID) as ID')
+  const {ID} = await cds.tx(req).run (SELECT.one.from(req.target).columns('max(ID) as ID'))
  req.data.ID = ID - ID % 100 + 100 + 1
 }
--- a/bookshop/srv/cat-service.cds
+++ b/bookshop/srv/cat-service.cds
@@ -1,12 +1,12 @@
 using { sap.capire.bookshop as my } from '../db/schema';
 service CatalogService @(path:'/browse') {

-  @readonly entity Books as SELECT from my.Books { *,
+  @readonly entity Books as SELECT from my.Books {*,
    author.name as author
  } excluding { createdBy, modifiedBy };

  @readonly entity ListOfBooks as SELECT from Books
-  excluding { descr };
+  excluding { descr, stock };

  @requires: 'authenticated-user'
  action submitOrder ( book: Books:ID, amount: Integer ) returns { stock: Integer };
--- a/bookshop/srv/cat-service.js
+++ b/bookshop/srv/cat-service.js
@@ -1,30 +1,25 @@
 const cds = require('@sap/cds')
+const { Books } = cds.entities ('sap.capire.bookshop')

-class CatalogService extends cds.ApplicationService { init(){
-
-  // Reflect entities from model
-  const { Books } = cds.entities ('sap.capire.bookshop')
+class CatalogService extends cds.ApplicationService { async init(){

  // Reduce stock of ordered books if available stock suffices
  this.on ('submitOrder', async req => {
-    const {book,amount} = req.data
-    // Read stock from database
-    let {stock} = await SELECT.from (Books, book, b => b.stock)
+    const {book,amount} = req.data, tx = cds.tx(req)
+    let {stock} = await tx.read('stock').from(Books,book)
    if (stock >= amount) {
-      // Reduce stock by ordered amount
-      await UPDATE (Books,book) .with ({ stock: stock -= amount })
-      // Emit event to inform others
-      await this.emit ('OrderedBook', { book, amount, buyer:req.user.id })
-      // Return reduced stock to caller
-      return req.reply ({ stock })
+      await tx.update (Books,book).with ({ stock: stock -= amount })
+      this.emit ('OrderedBook', { book, amount, buyer:req.user.id })
+      return { stock }
    }
-    // Return error about insufficient stock
    else return req.error (409,`${amount} exceeds stock for book #${book}`)
  })

  // Add some discount for overstocked books
  this.after ('READ','Books', each => {
-    if (each.stock > 111) each.title += ` -- 11% discount!`
+    if (each.stock > 111) {
+      each.title += ` -- 11% discount!`
+    }
  })

  return super.init()
--- a/common/package.json
+++ b/common/package.json
@@ -1,8 +1,4 @@
 {
  "name": "@capire/common",
-  "description": "Provides a pre-built extension package for std @sap/cds/common",
-  "version": "1.0.0",
-  "dependencies": {
-    "@sap/cds": "latest"
-  }
+  "version": "1.0.0"
 }
--- a/fiori/srv/mashup.js
+++ b/fiori/srv/mashup.js
@@ -5,17 +5,13 @@
 module.exports = async()=>{ // called by server.js

  const cds = require('@sap/cds')
-
-  // Connect to services to mashup
  const CatalogService = await cds.connect.to ('CatalogService')
  const ReviewsService = await cds.connect.to ('ReviewsService')
  const OrdersService = await cds.connect.to ('OrdersService')
  const db = await cds.connect.to ('db')

-  // Reflect entity definitions used below...
+  // reflect entity definitions used below...
  const { Books } = db.entities ('sap.capire.bookshop')
-  const { Orders } = OrdersService.entities
-  const { Reviews } = ReviewsService.entities

  //
  // Delegate requests to read reviews to the ReviewsService
@@ -24,7 +20,7 @@ module.exports = async()=>{ // called by server.js
  CatalogService.prepend (srv => srv.on ('READ', 'Books/reviews', (req) => {
    console.debug ('> delegating request to ReviewsService')
    const [id] = req.params, { columns, limit } = req.query.SELECT
-    return SELECT.from (Reviews,columns).limit(limit).where({subject:String(id)})
+    return ReviewsService.tx(req).read ('Reviews',columns).limit(limit).where({subject:String(id)})
  }))

  //
@@ -32,9 +28,8 @@ module.exports = async()=>{ // called by server.js
  //
  CatalogService.on ('OrderedBook', async (msg) => {
    const { book, amount, buyer } = msg.data
-    const { title, price } = await SELECT.from (Books, book, b => { b.title, b.price })
-    // FIXME: Fails due to Draft glitches when OrdersService is remote
-    return INSERT.into (Orders).entries({
+    const { title, price } = await db.tx(msg).read (Books, book, b => { b.title, b.price })
+    return OrdersService.tx(msg).create ('Orders').entries({
      OrderNo: 'Order at '+ (new Date).toLocaleString(),
      Items: [{ product:{ID:`${book}`}, title, price, amount }],
      buyer, createdBy: buyer
@@ -47,18 +42,18 @@ module.exports = async()=>{ // called by server.js
  ReviewsService.on ('reviewed', (msg) => {
    console.debug ('> received:', msg.event, msg.data)
    const { subject, rating } = msg.data
-    return UPDATE (Books,subject) .with ({rating})
+    return UPDATE(Books,subject).with({rating})
+    // ^ Note: the framework will execute this and take care for db.tx
  })

  //
-  // Reduce stock of ordered books when orders are modified in admin UI
+  // Reduce stock of ordered books for orders are created from Orders admin UI
  //
-  OrdersService.on ('OrderChanged', (msg) => {
+  OrdersService.on ('OrderChanged', async (msg) => {
    console.debug ('> received:', msg.event, msg.data)
    const { product, deltaAmount } = msg.data
    return UPDATE (Books) .where ('ID =', product)
    .and ('stock >=', deltaAmount)
    .set ('stock -=', deltaAmount)
  })
-
 }
--- a/fiori/test/requests.http
+++ b/fiori/test/requests.http
@@ -42,24 +42,7 @@ GET {{bookshop}}/browse/Books(201)?

 #################################################
 #
-#   Orders Service, incl. draft choreography
+#   Orders Service
 #
-@newOrderID = e939604c-ab83-4d4f-bdb6-95fe30b3773e

 GET {{bookshop}}/orders/Orders
-
-### Create order, still inactive
-POST {{bookshop}}/orders/Orders
-Content-Type: application/json
-
-{"ID": "{{newOrderID}}"}
-
-### Get inactive order.  We have to specify `IsActiveEntity`.
-GET {{bookshop}}/orders/Orders(ID={{newOrderID}},IsActiveEntity=false)
-
-### Activate order using `.../<servicename>.draftActivate`
-POST {{bookshop}}/orders/Orders(ID={{newOrderID}},IsActiveEntity=false)/OrdersService.draftActivate
-Content-Type: application/json
-
-### Get active order
-GET {{bookshop}}/orders/Orders(ID={{newOrderID}},IsActiveEntity=true)
--- a/orders/db/schema.cds
+++ b/orders/db/schema.cds
@@ -18,7 +18,7 @@ entity Orders_Items {
 }

 /** This is a stand-in for arbitrary ordered Products */
-entity Products @(cds.persistence.skip:'always',cds.autoexpose) {
+entity Products @(cds.persistence.skip:'always') {
  key ID : String;
 }

--- a/orders/srv/orders-service.js
+++ b/orders/srv/orders-service.js
@@ -8,15 +8,19 @@ class OrdersService extends cds.ApplicationService {
    this.before ('UPDATE', 'Orders', async function(req) {
      const { ID, Items } = req.data
      if (Items) for (let { product_ID, amount } of Items) {
-        const { amount:before } = await SELECT.one.from (OrderItems, oi => oi.amount) .where ({up__ID:ID, product_ID})
-        if (amount != before) await this.orderChanged (product_ID, amount-before)
+        const { amount:before } = await cds.tx(req).run (
+          SELECT.one.from (OrderItems, oi => oi.amount) .where ({up__ID:ID, product_ID})
+        )
+        if (amount != before) this.orderChanged (product_ID, amount-before)
      }
    })

    this.before ('DELETE', 'Orders', async function(req) {
      const { ID } = req.data
-      const Items = await SELECT.from (OrderItems, oi => { oi.product_ID, oi.amount }) .where ({up__ID:ID})
-      if (Items) await Promise.all (Items.map(it => this.orderChanged (it.product_ID, -it.amount)))
+      const Items = await cds.tx(req).run (
+        SELECT.from (OrderItems, oi => { oi.product_ID, oi.amount }) .where ({up__ID:ID})
+      )
+      if (Items) for (let it of Items) this.orderChanged (it.product_ID, -it.amount)
    })

    return super.init()
--- a/package.json
+++ b/package.json
@@ -31,9 +31,6 @@
  "mocha": {
    "parallel": true
  },
-  "engines": {
-    "node": ">= 12.18"
-  },
  "jest": {
    "testEnvironment": "node"
  },
--- a/reviews/app/vue/app.js
+++ b/reviews/app/vue/app.js
@@ -37,7 +37,7 @@ const reviews = new Vue ({
            reviews.message = {}
        },

-        newReview () {
+        async newReview () {
            reviews.review = {}
            reviews.message = {}
            setTimeout (()=> $('form > input').focus(), 111)
--- a/reviews/srv/reviews-service.cds
+++ b/reviews/srv/reviews-service.cds
@@ -27,14 +27,7 @@ service ReviewsService {
 annotate ReviewsService.Reviews with @restrict:[
  { grant:'READ',   to:'any' },                 // everybody can read reviews
  { grant:'CREATE', to:'authenticated-user' },  // users must login to add reviews
-  /////////////////////////////////////////////////
-  //
-  // Temporarily disabling this due to glitch in CAP Node.js runtime:
-  // { grant:'UPDATE', to:'authenticated-user', where:'reviewer=$user' },
-  // -> reenable it when the issue is fixed
-     { grant:'UPDATE', to:'authenticated-user' },
-  //
-  ////////////////////////////////////////////////////
+  { grant:'UPDATE', to:'authenticated-user', where:'reviewer=$user' },
  { grant:'DELETE', to:'admin' },
 ];

--- a/reviews/srv/reviews-service.js
+++ b/reviews/srv/reviews-service.js
@@ -1,5 +1,5 @@
 const cds = require ('@sap/cds')
-module.exports = cds.service.impl (function(){
+module.exports = cds.service.impl (async function(){

  // Get the CSN definition for Reviews from the db schema for sub-sequent queries
  // ( Note: we explicitly specify the namespace to support embedded reuse )
@@ -12,16 +12,19 @@ module.exports = cds.service.impl (function(){
  // Emit an event to inform subscribers about new avg ratings for reviewed subjects
  this.after (['CREATE','UPDATE','DELETE'], 'Reviews', async function(_,req) {
    const {subject} = req.data
-    const {rating} = await SELECT.one (['round(avg(rating),2) as rating']) .from (Reviews) .where ({subject})
+    const {rating} = await cds.tx(req) .run (
+      SELECT.one (['round(avg(rating),2) as rating']) .from (Reviews) .where ({subject})
+    )
    global.it || console.log ('< emitting:', 'reviewed', { subject, rating })
-    await this.emit ('reviewed', { subject, rating })
+    this.emit ('reviewed', { subject, rating })
  })

  // Increment counter for reviews considered helpful
  this.on ('like', (req) => {
    if (!req.user)  return req.reject(400, 'You must be identified to like a review')
    const {review} = req.data, {user} = req
-    return cds.run ([
+    const tx = cds.tx(req)
+    return tx.run ([
      INSERT.into (Likes) .entries ({review_ID: review, user: user.id}),
      UPDATE (Reviews) .set({liked: {'+=': 1}}) .where({ID:review})
    ]).catch(() => req.reject(400, 'You already liked that review'))
@@ -31,8 +34,9 @@ module.exports = cds.service.impl (function(){
  this.on ('unlike', async (req) => {
    if (!req.user)  return req.reject(400, 'You must be identified to remove a former like of yours')
    const {review} = req.data, {user} = req
-    const affectedRows = await DELETE.from (Likes) .where ({review_ID: review,user: user.id})
-    if (affectedRows === 1)  return UPDATE (Reviews) .set ({liked: {'-=': 1}}) .where ({ID:review})
+    const tx = cds.tx(req)
+    const affectedRows = await tx.run (DELETE.from (Likes) .where ({review_ID: review,user: user.id}))
+    if (affectedRows === 1)  return tx.run (UPDATE (Reviews) .set ({liked: {'-=': 1}}) .where ({ID:review}))
  })

 })
--- a/test/cds.ql.test.js
+++ b/test/cds.ql.test.js
@@ -1,5 +1,5 @@
-const { expect } = require('../test')
 const cds = require('@sap/cds/lib')
+const { expect } = cds.test
 const CQL = ([cql]) => cds.parse.cql(cql)
 const Foo = { name: 'Foo' }
 const Books = { name: 'capire.bookshop.Books' }
--- a/test/consuming-services.test.js
+++ b/test/consuming-services.test.js
@@ -1,7 +1,7 @@
-const { expect } = require('../test') .run (
-  'serve', 'AdminService', '--from', '@capire/bookshop,@capire/common', '--in-memory'
-)
 const cds = require('@sap/cds/lib')
+const { expect } = cds.test (
+  'serve', 'AdminService', '--from', '@capire/bookshop,@capire/common', '--in-memory'
+).in(__dirname)

 describe('Consuming Services locally', () => {
  //
--- a/test/custom-handlers.test.js
+++ b/test/custom-handlers.test.js
@@ -1,7 +1,5 @@
-const { GET, POST, expect } = require('../test') .run ('bookshop')
-const cds = require('@sap/cds/lib')
-if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
-else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
+const cds = require('@sap/cds/lib'); cds.User = cds.User.Privileged // skip auth
+const { GET, POST, expect } = cds.test('bookshop').in(__dirname,'..')

 describe('Custom Handlers', () => {

--- a/test/hello-world.test.js
+++ b/test/hello-world.test.js
@@ -1,4 +1,5 @@
-const { GET, expect } = require('../test') .run ('serve','hello/world.cds')
+const cds = require('@sap/cds/lib')
+const { GET, expect } = cds.test('serve','hello/world.cds').in(__dirname,'..')

 describe('Hello world!', () => {

--- a/test/hierarchical-data.test.js
+++ b/test/hierarchical-data.test.js
@@ -1,5 +1,6 @@
-const {expect} = require('../test')
+const cwd = process.cwd(); process.chdir (__dirname) //> only for internal CI/CD@SAP
 const cds = require('@sap/cds/lib')
+const {expect} = cds.test

 // monkey patching older releases:
 if (!cds.compile.cdl) cds.compile.cdl = cds.parse
@@ -24,6 +25,8 @@ describe('Hierarchical Data', ()=>{
    expect (cds.db.model) .to.exist
 	})

+	after(()=> process.chdir(cwd))
+
 	it ('supports deeply nested inserts', ()=> INSERT.into (Cats,
    { ID:100, name:'Some Cats...', children:[
      { ID:101, name:'Cat', children:[
--- a/test/index.js
+++ b/test/index.js
@@ -1,6 +0,0 @@
-
-const test = require('@sap/cds/lib/utils/tests').in(__dirname,'..')
-module.exports = Object.assign(test,{run:test})
-
-// REVISIT: With upcoming release of @sap/cds this should become:
-// module.exports = require('@sap/cds/tests').in(__dirname,'..')
--- a/test/localized-data.test.js
+++ b/test/localized-data.test.js
@@ -1,7 +1,5 @@
-const { GET, expect } = require('../test') .run ('serve', 'test/localized-data.cds', '--in-memory')
-const cds = require('@sap/cds/lib')
-if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
-else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
+const cds = require('@sap/cds/lib'); cds.User = cds.User.Privileged // skip auth
+const { GET, expect } = cds.test ('serve', __dirname+'/localized-data.cds', '--in-memory')

 describe('Localized Data', () => {

--- a/test/messaging.test.js
+++ b/test/messaging.test.js
@@ -1,11 +1,13 @@
-const { expect } = require('../test')
 const cds = require('@sap/cds/lib')
+const cwd = process.cwd(); process.chdir (__dirname) //> only for internal CI/CD@SAP
+const {expect} = cds.test
 const _model = '@capire/reviews'
-if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
-else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
+cds.User = cds.User.Privileged // hard core monkey patch

 describe('Messaging', ()=>{

+    after(()=> process.chdir(cwd))
+
    it ('should bootstrap sqlite in-memory db', async()=>{
        const db = await cds.deploy (_model) .to ('sqlite::memory:')
        await db.delete('Reviews')
--- a/test/odata.test.js
+++ b/test/odata.test.js
@@ -1,11 +1,8 @@
-const { GET, expect } = require('../test') .run ('bookshop')
-const cds = require('@sap/cds/lib')
-if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
-else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
+const cds = require('@sap/cds/lib'); cds.User = cds.User.Privileged // skip auth
+const { GET, expect } = cds.test('bookshop').in(__dirname,'..')

 describe('OData Protocol', () => {

-
  it('serves $metadata documents in v4', async () => {
    const { headers, status, data } = await GET `/browse/$metadata`
    expect(status).to.equal(200)