Remove workaround for authorization glitch

fiori/srv/mashup.cds

@@ -19,7 +19,7 @@ extend Books with {
 //  Extend Orders with Books as Products
 //
 
-using { sap.capire.orders.OrderItems } from '@capire/orders';
+using { sap.capire.orders.Orders_Items } from '@capire/orders';
-extend OrderItems with {
+extend Orders_Items with {
   book : Association to Books on product.ID = book.ID
 }

orders/app/orders/fiori-service.cds

@@ -68,7 +68,7 @@ annotate OrdersService.Orders with @(
 
 
 
-annotate OrdersService.OrderItems with @(
+annotate OrdersService.Orders_Items with @(
 	UI: {
 		LineItem: [
 			{Value: product_ID, Label:'Product ID'},

orders/app/orders/webapp/manifest.json

@@ -121,7 +121,7 @@
                     "name": "sap.fe.templates.ObjectPage",
                     "options": {
                         "settings" : {
-                            "entitySet": "OrderItems"
+                            "entitySet": "Orders_Items"
                         }
                     }
                 },

orders/db/data/sap.capire.orders-Orders_Items.csv

@@ -1,4 +1,4 @@
-ID;order_ID;amount;product_ID;title;price
+ID;up__ID;amount;product_ID;title;price
 58040e66-1dcd-4ffb-ab10-fdce32028b79;7e2f2640-6866-4dcf-8f4d-3027aa831cad;1;201;Wuthering Heights;11.11
 64e718c9-ff99-47f1-8ca3-950c850777d4;7e2f2640-6866-4dcf-8f4d-3027aa831cad;1;271;Catweazle;15
 e9641166-e050-4261-bfee-d1e797e6cb7f;64e718c9-ff99-47f1-8ca3-950c850777d4;2;252;Eleonora;28

orders/db/schema.cds

@@ -1,26 +1,26 @@
 using { Currency, User, managed, cuid } from '@sap/cds/common';
-using from '@capire/common';
 namespace sap.capire.orders;
 
 entity Orders : cuid, managed {
   OrderNo  : String @title:'Order Number'; //> readable key
-  Items    : Composition of many OrderItems on Items.order = $self;
+  Items    : Composition of many Orders_Items on Items.up_ = $self;
   buyer    : User;
   currency : Currency;
 }
 
-entity OrderItems {
+entity Orders_Items {
   key ID    : UUID;
-  order     : Association to Orders;
+  up_       : Association to Orders;
-  @assert.integrity:false // REVISIT: this is a temporary workaround for a glitch in cds-runtime
+  product   : Association to Products @assert.integrity:false; // REVISIT: this is a temporary workaround for a glitch in cds-runtime
-  product   : Association to Products;
   amount    : Integer;
   title     : String;
   price     : Double;
 }
 
 /** This is a stand-in for arbitrary ordered Products */
-@cds.persistence.skip:'always'
+entity Products @(cds.persistence.skip:'always') {
-entity Products {
   key ID : String;
 }
+
+// Activate extension package
+using from '@capire/common';

orders/srv/orders-service.js

@@ -3,13 +3,13 @@ class OrdersService extends cds.ApplicationService {
 
   /** register custom handlers */
   init(){
-    const { OrderItems } = this.entities
+    const { Orders_Items:OrderItems } = this.entities
 
     this.before ('UPDATE', 'Orders', async function(req) {
       const { ID, Items } = req.data
       if (Items) for (let { product_ID, amount } of Items) {
         const { amount:before } = await cds.tx(req).run (
-          SELECT.one.from (OrderItems, oi => oi.amount) .where ({order_ID:ID, product_ID})
+          SELECT.one.from (OrderItems, oi => oi.amount) .where ({up__ID:ID, product_ID})
         )
         if (amount != before) this.orderChanged (product_ID, amount-before)
       }
@@ -18,7 +18,7 @@ class OrdersService extends cds.ApplicationService {
     this.before ('DELETE', 'Orders', async function(req) {
       const { ID } = req.data
       const Items = await cds.tx(req).run (
-        SELECT.from (OrderItems, oi => { oi.product_ID, oi.amount }) .where ({order_ID:ID})
+        SELECT.from (OrderItems, oi => { oi.product_ID, oi.amount }) .where ({up__ID:ID})
       )
       if (Items) for (let it of Items) this.orderChanged (it.product_ID, -it.amount)
     })

reviews/srv/reviews-service.cds

@@ -27,14 +27,7 @@ service ReviewsService {
 annotate ReviewsService.Reviews with @restrict:[
   { grant:'READ',   to:'any' },                 // everybody can read reviews
   { grant:'CREATE', to:'authenticated-user' },  // users must login to add reviews
-  /////////////////////////////////////////////////
+  { grant:'UPDATE', to:'authenticated-user', where:'reviewer=$user' },
-  //
-  // Temporarily disabling this due to glitch in CAP Node.js runtime:
-  // { grant:'UPDATE', to:'authenticated-user', where:'reviewer=$user' },
-  // -> reenable it when the issue is fixed
-     { grant:'UPDATE', to:'authenticated-user' },
-  //
-  ////////////////////////////////////////////////////
   { grant:'DELETE', to:'admin' },
 ];