use new kinds for audit log

Merge branch 'main' into audit-logging
cleanup
2022-03-18 09:30:42 +01:00 · 2022-02-08 13:48:35 +01:00 · 2022-02-08 13:47:32 +01:00 · 2022-02-08 13:45:36 +01:00 · 2022-02-08 13:41:30 +01:00 · 2022-02-03 17:57:35 +01:00
96 changed files with 9633 additions and 5003 deletions
--- a/.eslintrc
+++ b/.eslintrc
@@ -1,15 +1,15 @@
 {
-    "extends": [
+    "extends": "eslint:recommended",
        "eslint:recommended",
        "plugin:@sap/cds/recommended"
    ],
    "env": {
        "browser": true,
        "es2022": true,
        "node": true,
        "es6": true,
        "jest": true,
        "mocha": true
    },
    "parserOptions": {
        "ecmaVersion": 2020
    },
    "globals": {
        "SELECT": true,
        "INSERT": true,
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,8 +0,0 @@
 version: 2
 updates:
 - package-ecosystem: npm
  directory: /
  versioning-strategy: increase-if-necessary
  schedule:
    interval: daily
--- a/.github/workflows/node.js.yml
+++ b/.github/workflows/node.js.yml
@@ -16,7 +16,7 @@ jobs:
    strategy:
      matrix:
-        node-version: [16.x, 14.x]
+        node-version: [16.x, 14.x, 12.x]
    steps:
    - uses: actions/checkout@v2
@@ -24,6 +24,5 @@ jobs:
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
    - run: npm i -g npm@8
    - run: npm ci
    - run: npm test
--- a/.gitignore
+++ b/.gitignore
@@ -12,11 +12,8 @@ target/
 *.mtar
 connection.properties
 default-env.json
 .cdsrc-private.json
 packages/messageBox
 reviews/msg-box
 reviews/db/test.db
 *.openapi3.json
 *.sqlite
 *.db
--- a/.registry/server.js
+++ b/.registry/server.js
@@ -1,34 +1,26 @@
-const { exec, execSync } = require ('child_process')
+const { exec } = require ('child_process')
 const isWin = process.platform === 'win32'
 const express = require ('express')
 const fs = require ('fs')
 const { dirname, relative } = require('path')
 const axios = require('axios')
 const app = express()
 const { PORT=4444 } = process.env
 const [,,port=PORT,scope='@capire'] = process.argv
 const cwd = __dirname
 const port=process.env.PORT || 4444
 let scopes = process.argv.filter(a => a.startsWith('@'))
 if (!scopes.length)  scopes = ['@capire']
 // clean up on start (exit handler might not complete on Windows)
 exec(isWin ? 'del *.tgz' : 'rm *.tgz', {cwd})
-app.use('/-/:tarball', async (req,res,next) => {
+app.use('/-/:tarball', (req,res,next) => {
  console.debug ('GET', req.params)
  try {
    const { tarball } = req.params
-    const pkgFull = tarball.substring(0, tarball.lastIndexOf('-'))
+    const [, pkg ] = /^\w+-(\w+)/.exec(tarball)
    const scope = '@'+pkgFull.substring(0, pkgFull.indexOf('-'))
    const pkg = pkgFull.substring(pkgFull.indexOf('-')+1)
    fs.lstat(tarball,(err => {
-      if (err) { // no tgz yet
+      if (err) console.debug (`npm pack ../${pkg}`)
-        const loc = dirname(require.resolve(`${scope}/${pkg}/package.json`))
+      if (err) exec(`npm pack ../${pkg}`,{cwd},next)
-        console.debug (`npm pack ${relative(cwd, loc)}`)
+      else next()
        exec(`npm pack ${loc}`,{cwd},next)
      }
      else next() //> express.static below
    }))
  } catch (e) {
    console.error(e)
@@ -38,20 +30,14 @@ app.use('/-/:tarball', async (req,res,next) => {
 app.use('/-', express.static(__dirname))
-app.get('/*', async (req,res)=>{
+app.get('/*', (req,res)=>{
-  const urlRegex = /^\/(@[\w-]+)\/(.+)/
+  const urlRegex = /^\/(@\w+)\/(\w+)/
  const url = decodeURIComponent(req.url)
  console.debug ('GET',url)
  try {
    if (!urlRegex.test(url))  return res.sendStatus(404)
    const [, scpe, pkg ] = urlRegex.exec(url)
-    const packageName = `${scpe}/${pkg}`
+    const package = require (`${scpe}/${pkg}/package.json`)
    // delegate to default registry for @sap/non-cds packages
    if (scpe === ('@sap') && !packageName.startsWith('@sap/cds')) {
      return forward(req, res)
    }
    const package = require (`${packageName}/package.json`)
    const tarball = `${scpe.slice(1)}-${pkg}-${package.version}.tgz`
    // https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md
    res.json({
@@ -66,8 +52,6 @@ app.get('/*', async (req,res)=>{
          "dist": {
            "tarball": `${server.url}/-/${tarball}`
          },
          dependencies: package.dependencies,
          devDependencies: package.devDependencies
        }
      },
    })
@@ -79,32 +63,15 @@ app.get('/*', async (req,res)=>{
 const server = app.listen(port, ()=>{
  const url = server.url = `http://localhost:${server.address().port}`
-
+  console.log (`npm set ${scope}:registry=${url}`)
-  for (const scope of scopes) {
+  exec(`npm set ${scope}:registry=${url}`)
-    console.log (`npm set ${scope}:registry=${url}`)
+  console.log (`${scope} registry listening on ${url}`)
    execSync(`npm set ${scope}:registry=${url}`)
  }
  console.log (`registry listening on ${url}`)
 })
 const _exit = ()=>{
  server.close()
-  for (const scope of scopes) {
+  exec(`npm conf rm "${scope}:registry"`, ()=> { process.exit() })
    execSync(`npm conf rm "${scope}:registry"`)
  }
  process.exit()
 }
 async function forward(req, res) {
  try {
    const url = `https://registry.npmjs.org${req.url}`
    const resAxios = await axios.get(url)
    console.debug('->', decodeURI(url), resAxios.status)
    return res.json(resAxios.data)
  } catch (e) {
    return res.sendStatus(e.response.status)
  }
 }
 process.on ('SIGTERM',_exit)
--- a/.tours/samples.tour
+++ b/.tours/samples.tour
@@ -104,7 +104,7 @@
    },
    {
      "file": "fiori/app/services.cds",
-      "description": "### Annotations for SAP Fiori Elements\n\nAdds an SAP Fiori elements application to bookstore, thereby introducing:\n- OData Annotations in `.cds` files\n- Support for Fiori Draft\n- Support for Value Helps\n- Serving SAP Fiori apps locally\n\nSee the [Serving Fiori UIs](https://cap.cloud.sap/docs/advanced/fiori) documentation for more information.",
+      "description": "### Annotations for SAP Fiori Elements\n\n- [Adds an SAP Fiori elements application](https://cap.cloud.sap/docs/guides/fiori/) to bookstore, thereby introducing to:\n- [OData Annotations](https://cap.cloud.sap/docs/guides/fiori#adding-odata-annotations) in `.cds` files\n- Support for [Fiori Draft](https://cap.cloud.sap/docs/guides/fiori#draft)\n- Support for [Value Helps](https://cap.cloud.sap/docs/guides/fiori#value-help)\n- Serving SAP Fiori apps locally\n",
      "line": 1,
      "selection": {
        "start": {
@@ -136,4 +136,4 @@
  ],
  "isPrimary": true,
  "description": "Overview of CAP Samples for Node.js"
-}
+}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -14,13 +14,5 @@
      "**/odata-v4/okra/**"
    ]
  },
-  "mochaExplorer.parallel": true,
+  "mochaExplorer.parallel": true
-  "eslint.validate": [
+}
    "cds",
    "csn",
    "csv",
    "csv (semicolon)",
    "tsv",
    "tab"
  ]
 }
--- a/LICENSES/Apache-2.0.txt
+++ b/LICENSES/Apache-2.0.txt
@@ -1,73 +0,0 @@
 Apache License
 Version 2.0, January 2004
 http://www.apache.org/licenses/
 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 1. Definitions.
 "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
 "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
 "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
 "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
 "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
 "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
 "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
 "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
 "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
 "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
     (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
     (b) You must cause any modified files to carry prominent notices stating that You changed the files; and
     (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
     (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
     You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
 END OF TERMS AND CONDITIONS
 APPENDIX: How to apply the Apache License to your work.
 To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!)  The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
 Copyright [yyyy] [name of copyright owner]
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
--- a/README.md
+++ b/README.md
@@ -7,14 +7,13 @@ Find here a collection of samples for the [SAP Cloud Application Programming Mod
 ### Preliminaries
-1. Ensure you have the latest LTS version of Node.js installed (see [Getting Started](https://cap.cloud.sap/docs/get-started/))
+1. Install [**@sap/cds-dk**](https://cap.cloud.sap/docs/get-started/) globally:
 2. Install [**@sap/cds-dk**](https://cap.cloud.sap/docs/get-started/) globally:
   ```sh
   npm i -g @sap/cds-dk
   ```
-3. _Optional:_ [Use Visual Studio Code](https://cap.cloud.sap/docs/get-started/tools#vscode)
+2. _Optional:_ [Use Visual Studio Code](https://cap.cloud.sap/docs/get-started/tools#vscode)
 ### Download
--- a/bookshop/app/vue/app.js
+++ b/bookshop/app/vue/app.js
@@ -3,15 +3,14 @@ const $ = sel => document.querySelector(sel)
 const GET = (url) => axios.get('/browse'+url)
 const POST = (cmd,data) => axios.post('/browse'+cmd,data)
-const books = Vue.createApp ({
+const books = new Vue ({
-    data() {
+    el:'#app',
-      return {
+
    data: {
        list: [],
        book: undefined,
-        order: { quantity:1, succeeded:'', failed:'' },
+        order: { quantity:1, succeeded:'', failed:'' }
        user: undefined
      }
    },
    methods: {
@@ -38,52 +37,12 @@ const books = Vue.createApp ({
                book.stock = res.data.stock
                books.order = { quantity, succeeded: `Successfully ordered ${quantity} item(s).` }
            } catch (e) {
-                books.order = { quantity, failed: e.response.data.error ? e.response.data.error.message : e.response.data }
+                books.order = { quantity, failed: e.response.data.error.message }
            }
-        },
+        }
        async login() {
            try {
                const { data:user } = await axios.post('/user/login',{})
                if (user.id !== 'anonymous') books.user = user
            } catch (err) { books.user = { id: err.message } }
        },
        async getUserInfo() {
            try {
                const { data:user } = await axios.get('/user/me')
                if (user.id !== 'anonymous') books.user = user
            } catch (err) { books.user = { id: err.message } }
        },
    }
 }).mount('#app')
 books.getUserInfo()
 books.fetch() // initially fill list of books
 document.addEventListener('keydown', (event) => {
    // hide user info on request
    if (event.key === 'u')  books.user = undefined
 })
-axios.interceptors.request.use(csrfToken)
+// initially fill list of books
-function csrfToken (request) {
+books.fetch()
    if (request.method === 'head' || request.method === 'get') return request
    if ('csrfToken' in document) {
        request.headers['x-csrf-token'] = document.csrfToken
        return request
    }
    return fetchToken().then(token => {
        document.csrfToken = token
        request.headers['x-csrf-token'] = document.csrfToken
        return request
    }).catch(_ => {
        document.csrfToken = null // set mark to not try again
        return request
    })
    function fetchToken() {
        return axios.get('/', { headers: { 'x-csrf-token': 'fetch' } })
        .then(res => res.headers['x-csrf-token'])
    }
 }
--- a/bookshop/app/vue/index.html
+++ b/bookshop/app/vue/index.html
@@ -5,32 +5,19 @@
    <title> Capire Books </title>
    <link rel="stylesheet" href="https://unpkg.com/primitive-ui/dist/css/main.css">
    <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/vue@3/dist/vue.global.prod.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/vue"></script>
    <style>
        .hovering tr:hover td { color:cyan; background: #123; cursor: pointer; }
        .rating-stars { color:teal }
        .succeeded { color:teal }
        .failed { color:red }
        .user {text-align: end; color: grey;}
    </style>
 </head>
 <body class="small-container", style="margin-top: 70px;">
 <div id='app'>
-    <form class="user" @submit.prevent="login">
+    <h1> {{ document.title }} </h1>
        <div v-if="user">
            <div v-if="user.tenant">Tenant: {{ user.tenant }}</div>
            <div> User: {{ user.id }}</div>
            <div>Locale: {{ user.locale }}</div>
        </div>
        <div v-else>
            <input type="submit" value="Login" class="muted-button">
            <!-- <a href="/user/login()">Login</a> -->
        </div>
    </form>
    <h1> Capire Books </h1>
    <input type="text" placeholder="Search..." @input="search">
--- a/bookshop/index.cds
+++ b/bookshop/index.cds
@@ -2,4 +2,3 @@ namespace sap.capire.bookshop; //> important for reflection
 using from './db/schema';
 using from './srv/cat-service';
 using from './srv/admin-service';
 using from './srv/user-service';
--- a/bookshop/package.json
+++ b/bookshop/package.json
@@ -2,17 +2,10 @@
  "name": "@capire/bookshop",
  "version": "1.0.0",
  "description": "A simple self-contained bookshop service.",
  "files": [
    "app",
    "srv",
    "db",
    "index.cds",
    "index.js"
  ],
  "dependencies": {
-    "@sap/cds": ">=5.9",
+    "@sap/cds": "^5.0.4",
    "express": "^4.17.1",
-    "passport": ">=0.4.1"
+    "passport": "0.4.1"
  },
  "scripts": {
    "genres": "cds serve test/genres.cds",
@@ -21,7 +14,9 @@
  },
  "cds": {
    "requires": {
-      "db": "sql"
+      "db": {
        "kind": "sql"
      }
    }
  }
 }
--- a/bookshop/srv/admin-service.js
+++ b/bookshop/srv/admin-service.js
@@ -1,10 +1,9 @@
-const cds = require('@sap/cds/lib')
+const cds = require('@sap/cds')
-module.exports = class AdminService extends cds.ApplicationService { init(){
+module.exports = cds.service.impl (function(){
  this.before ('NEW','Authors', genid)
  this.before ('NEW','Books', genid)
-  return super.init()
+})
 }}
 /** Generate primary keys for target entity in request */
 async function genid (req) {
--- a/bookshop/srv/cat-service.js
+++ b/bookshop/srv/cat-service.js
@@ -3,7 +3,6 @@ const cds = require('@sap/cds')
 class CatalogService extends cds.ApplicationService { init(){
  const { Books } = cds.entities ('sap.capire.bookshop')
  const { ListOfBooks } = this.entities
  // Reduce stock of ordered books if available stock suffices
  this.on ('submitOrder', async req => {
@@ -19,7 +18,7 @@ class CatalogService extends cds.ApplicationService { init(){
  })
  // Add some discount for overstocked books
-  this.after ('READ', ListOfBooks, each => {
+  this.after ('READ','ListOfBooks', each => {
    if (each.stock > 111) each.title += ` -- 11% discount!`
  })
--- a/bookshop/srv/user-service.cds
+++ b/bookshop/srv/user-service.cds
@@ -1,15 +0,0 @@
 /**
 * Exposes user information
 */
 service UserService {
  /**
   * The current user
   */
  @odata.singleton entity me @cds.persistence.skip {
    id     : String; // user id
    locale : String;
    tenant : String;
  }
  action login() returns me;
 }
--- a/bookshop/srv/user-service.js
+++ b/bookshop/srv/user-service.js
@@ -1,9 +0,0 @@
 const cds = require('@sap/cds')
 module.exports = class UserService extends cds.Service { init(){
  this.on('READ', 'me', ({ tenant, user, locale }) => ({ id: user.id, locale, tenant }))
  this.on('login', (req) => {
    if (req.user._is_anonymous)
      req._.res.set('WWW-Authenticate','Basic realm="Users"').sendStatus(401)
    else return this.read('me')
  })
 }}
--- a/bookshop/test/requests.http
+++ b/bookshop/test/requests.http
@@ -16,9 +16,9 @@ GET {{server}}/browse/$metadata
 ### ------------------------------------------------------------------------
 # Browse Books as any user
-GET {{server}}/browse/ListOfBooks?
+GET {{server}}/browse/Books?
  # &$select=title,stock
-  &$expand=genre
+  # &$expand=currency
  # &sap-language=de
 {{me}}
--- a/bookstore/package.json
+++ b/bookstore/package.json
@@ -7,7 +7,7 @@
    "@capire/orders": "*",
    "@capire/common": "*",
    "@capire/data-viewer": "*",
-    "@sap/cds": ">=5",
+    "@sap/cds": "^5",
    "express": "^4.17.1"
  },
  "cds": {
--- a/bookstore/server.js
+++ b/bookstore/server.js
@@ -19,4 +19,4 @@ module.exports = cds.server
 // For didactic reasons in capire
 const { ReviewsService, OrdersService } = cds.requires
-if (!ReviewsService?.credentials && !OrdersService?.credentials) cds.requires.messaging = false
+if (!ReviewsService.credentials && !OrdersService.credentials) cds.requires.messaging = false
--- a/data-viewer/package.json
+++ b/data-viewer/package.json
@@ -3,7 +3,7 @@
  "version": "0.1.0",
  "description": "A generic browser for data",
  "dependencies": {
-    "@sap/cds": ">=5.0.4"
+    "@sap/cds": "^5.0.4"
  },
  "files": [
    "app",
--- a/data-viewer/srv/data-service.cds
+++ b/data-viewer/srv/data-service.cds
@@ -2,12 +2,12 @@
 * Exposes data + entity metadata
 */
@requires:'authenticated-user'
-@odata service DataService @( path:'-data' ) {
+service DataService @( path:'-data' ) {
  /**
   * Metadata like name and columns/elements
   */
-  entity Entities @cds.persistence.skip {
+  entity Entities {
    key name : String;
    columns: Composition of many {
      name :  String;
@@ -19,7 +19,7 @@
  /**
   * The actual data, organized by column name
   */
-  entity Data @cds.persistence.skip {
+  entity Data {
    record   : array of {
      column : String;
      data   : String;
--- a/fiori-ext/.vscode/settings.json
+++ b/fiori-ext/.vscode/settings.json
@@ -1,11 +0,0 @@
 {
  "eslint.validate": [
    "cds",
    "csn",
    "csv",
    "csv",
    "csv (semicolon)",
    "tsv",
    "tab"
  ]
 }
--- a/fiori-ext/README.md
+++ b/fiori-ext/README.md
@@ -1,21 +0,0 @@
 # Welcome to your Extension Project for the CAP Bookshop Fiori App
 It contains these folders and files, following our recommended project layout:
 | File or Folder | Purpose                            |
 |----------------|------------------------------------|
 | `app/`         | content for UI frontends goes here |
 | `test/`        | contet for local tests             |
 | `package.json` | project metadata and configuration |
 | `readme.md`    | this getting started guide         |
 ## Next Steps
 - Runs `cds login ...`
 - Runs `cds pull ...`
 ## Learn More
 Learn more at https://cap.cloud.sap/docs/get-started/.
--- a/fiori-ext/app/extension.cds
+++ b/fiori-ext/app/extension.cds
@@ -1,25 +0,0 @@
 using { OrdersService, sap, sap.capire.orders.Orders } from '@capire/fiori';
 namespace x_bookshop.extension;
 // Adding 2 new fields for Orders
 extend Orders with {
  x_priority    : String @assert.range enum {high; medium; low} default 'medium' ;
  x_salesRegion : Association to SalesRegion;
 }
 /** Value Help for x_salesRegion */
 entity SalesRegion : sap.common.CodeList {
  key code : String(11);
 }
 // --- UI ---
 annotate Orders:x_priority with @title : 'Priority';
 annotate SalesRegion:name with @title : 'Sales Region';
 annotate OrdersService.Orders with @UI.LineItem : [
  ... up to { Value: OrderNo },
  { Value : x_priority },
  { Value : x_salesRegion.name },
  ...
 ];
--- a/fiori-ext/package.json
+++ b/fiori-ext/package.json
@@ -1,49 +0,0 @@
 {
  "name": "@capire/fiori-ext",
  "version": "1.0.0",
  "description": "A simple CAP project.",
  "repository": "<Add your repository here>",
  "license": "UNLICENSED",
  "private": true,
  "dependencies": {
    "@sap/cds": "^6"
  },
  "devDependencies": {
    "sqlite3": "^5.0.4",
    "@sap/eslint-plugin-cds": "^2.5.0"
  },
  "scripts": {
    "start": "cds run"
  },
  "cds": {
    "extends": "@capire/fiori"
  },
  "eslintConfig": {
    "extends": [
      "eslint:recommended",
      "plugin:@sap/cds/recommended"
    ],
    "env": {
      "es2020": true,
      "node": true,
      "jest": true,
      "mocha": true
    },
    "globals": {
      "SELECT": true,
      "INSERT": true,
      "UPDATE": true,
      "DELETE": true,
      "CREATE": true,
      "DROP": true,
      "CDL": true,
      "CQL": true,
      "CXL": true,
      "cds": true
    },
    "rules": {
      "no-console": "off",
      "require-atomic-updates": "off"
    }
  }
 }
--- a/fiori-ext/test/data/sap.capire.orders-Orders.csv
+++ b/fiori-ext/test/data/sap.capire.orders-Orders.csv
@@ -1,3 +0,0 @@
 ID;createdAt;createdBy;buyer;OrderNo;currency_code;Z_priority;Z_SalesRegion_regionCode
 7e2f2640-6866-4dcf-8f4d-3027aa831cad;2019-01-31;john.doe@test.com;john.doe@test.com;1;EUR;high;AMER
 64e718c9-ff99-47f1-8ca3-950c850777d4;2019-01-30;jane.doe@test.com;jane.doe@test.com;2;EUR;low;APJ
--- a/fiori-ext/test/data/x_bookshop.extension-SalesRegion.csv
+++ b/fiori-ext/test/data/x_bookshop.extension-SalesRegion.csv
@@ -1,4 +0,0 @@
 code;name;descr
 AMER;Americas;North, Central and South America
 EMEA;Europe, the Middle East and Africa;Europe, the Middle East and Africa
 APJ;Asia Pacific and Japan;Asia Pacific and Japan
--- a/fiori/app/_router/package.json
+++ b/fiori/app/_router/package.json
@@ -1,12 +0,0 @@
 {
  "name": "approuter",
  "dependencies": {
    "@sap/approuter": "^11.0.0"
  },
  "engines": {
    "node": "^16"
  },
  "scripts": {
    "start": "node node_modules/@sap/approuter/approuter.js"
  }
 }
--- a/fiori/app/_router/xs-app.json
+++ b/fiori/app/_router/xs-app.json
@@ -1,23 +0,0 @@
 {
  "authenticationMethod": "route",
  "routes": [
    {
      "source": "^/app/(.*)$",
      "target": "$1",
      "localDir": ".",
      "authenticationType": "xsuaa",
      "cacheControl": "no-cache, no-store, must-revalidate"
    },
    {
      "source": "^/-/cds/.*",
      "destination": "mtx-api",
      "authenticationType": "none"
    },
    {
      "source": "^/(.*)$",
      "target": "$1",
      "destination": "srv-api",
      "authenticationType": "xsuaa"
    }
  ]
 }
--- a/fiori/app/admin-authors/webapp/manifest.json
+++ b/fiori/app/admin-authors/webapp/manifest.json
@@ -11,7 +11,7 @@
    },
    "dataSources": {
      "AdminService": {
-        "uri": "admin/",
+        "uri": "/admin/",
        "type": "OData",
        "settings": {
          "odataVersion": "4.0"
--- a/fiori/app/admin-books/webapp/manifest.json
+++ b/fiori/app/admin-books/webapp/manifest.json
@@ -8,7 +8,7 @@
        "i18n": "i18n/i18n.properties",
        "dataSources": {
            "AdminService": {
-                "uri": "admin/",
+                "uri": "/admin/",
                "type": "OData",
                "settings": {
                    "odataVersion": "4.0"
--- a/fiori/app/appconfig/fioriSandboxConfig.json
+++ b/fiori/app/appconfig/fioriSandboxConfig.json
@@ -19,14 +19,6 @@
                    "title": "Browse Books",
                    "targetURL": "#Books-display"
                  }
                },
                {
                  "id": "BrowseGenres",
                  "tileType": "sap.ushell.ui.tile.StaticTile",
                  "properties": {
                    "title": "Browse Genres (OData v2)",
                    "targetURL": "#Genres-display"
                  }
                }
              ]
            },
@@ -115,24 +107,6 @@
                "url": "/admin-authors/webapp"
              }
            },
            "BrowseGenres": {
              "semanticObject": "Genres",
              "action": "display",
              "title": "Browse Genres",
              "signature": {
                "parameters": {
                  "Genre.ID": {
                    "renameTo": "ID"
                  }
                },
                "additionalParameters": "ignored"
              },
              "resolutionResult": {
                "applicationType": "SAPUI5",
                "additionalInformation": "SAPUI5.Component=genres",
                "url": "/genres/webapp"
              }
            },
            "ManageBooks": {
              "semanticObject": "Books",
              "action": "manage",
--- a/fiori/app/browse/webapp/manifest.json
+++ b/fiori/app/browse/webapp/manifest.json
@@ -11,7 +11,7 @@
    },
    "dataSources": {
      "CatalogService": {
-        "uri": "browse/",
+        "uri": "/browse/",
        "type": "OData",
        "settings": {
          "odataVersion": "4.0"
@@ -32,7 +32,7 @@
                "renameTo": "ID"
              },
              "Authors.books.ID": {
-                "renameTo": "ID"
+                "renameTo": "ID"                    
              }
            },
            "additionalParameters": "ignored"
--- a/fiori/app/fiori-apps.html
+++ b/fiori/app/fiori-apps.html
@@ -16,10 +16,10 @@
 	<script id="sap-ushell-bootstrap" src="https://sapui5.hana.ondemand.com/test-resources/sap/ushell/bootstrap/sandbox.js"></script>
 	<script id="sap-ui-bootstrap" src="https://sapui5.hana.ondemand.com/resources/sap-ui-core.js"
-			data-sap-ui-libs="sap.m, sap.ushell, sap.collaboration, sap.ui.layout"
+    	data-sap-ui-libs="sap.m, sap.ushell, sap.collaboration, sap.ui.layout"
-			data-sap-ui-compatVersion="edge"
+    	data-sap-ui-compatVersion="edge"
-			data-sap-ui-theme="sap_horizon"
+    	data-sap-ui-theme="sap_fiori_3"
-			data-sap-ui-frameOptions="allow"
+    	data-sap-ui-frameOptions="allow"
 	></script>
 	<script>
 		sap.ui.getCore().attachInit(()=> sap.ushell.Container.createRenderer().placeAt("content"))
--- a/fiori/app/genres/fiori-service.cds
+++ b/fiori/app/genres/fiori-service.cds
@@ -1,8 +0,0 @@
 using { sap.capire.bookshop } from '../../db/common';
 annotate bookshop.GenreHierarchy {
  ID             @sap.hierarchy.node.for;
  parent         @sap.hierarchy.parent.node.for;
  hierarchyLevel @sap.hierarchy.level.for;
  drillState     @sap.hierarchy.drill.state.for;
 }
--- a/fiori/app/genres/webapp/Component.js
+++ b/fiori/app/genres/webapp/Component.js
@@ -1,7 +0,0 @@
 sap.ui.define(["sap/suite/ui/generic/template/lib/AppComponent"], (AppComponent) =>
  AppComponent.extend("genres.Component", {
    metadata: {
      manifest: "json",
    },
  })
 );
--- a/fiori/app/genres/webapp/i18n/i18n.properties
+++ b/fiori/app/genres/webapp/i18n/i18n.properties
@@ -1,4 +0,0 @@
 #XTIT
 appTitle=Genres
 #XTXT
 appDescription=Browse Genres
--- a/fiori/app/genres/webapp/manifest.json
+++ b/fiori/app/genres/webapp/manifest.json
@@ -1,155 +0,0 @@
 {
  "_version": "1.8.0",
  "sap.app": {
    "id": "genres",
    "type": "application",
    "i18n": "i18n/i18n.properties",
    "applicationVersion": {
      "version": "1.0.0"
    },
    "title": "Browse Genres Hierarchy (OData v2)",
    "description": "{{appDescription}}",
    "tags": {
      "keywords": []
    },
    "crossNavigation": {
      "inbounds": {
        "appShow": {
          "title": "{{appTitle}}",
          "semanticObject": "GenreHierarchy",
          "action": "display",
          "deviceTypes": {
            "desktop": true,
            "tablet": true,
            "phone": true
          },
          "icon": "sap-icon://settings",
          "size": "1x1"
        }
      },
      "outbounds": {}
    },
    "ach": "",
    "resources": "resources.json",
    "dataSources": {
      "main": {
        "uri": "/v2/browse",
        "type": "OData",
        "settings": {
          "annotations": ["localAnnotations"],
          "localUri": "localService/metadata.xml"
        }
      },
      "localAnnotations": {
        "type": "ODataAnnotation",
        "uri": "annotations/localAnnotations.xml",
        "settings": {
          "localUri": "annotations/localAnnotations.xml"
        }
      }
    },
    "offline": false,
    "sourceTemplate": {
      "id": "ui5template.smartTemplate",
      "version": "1.40.12"
    }
  },
  "sap.ui": {
    "technology": "UI5",
    "icons": {
      "icon": "",
      "favIcon": "",
      "phone": "",
      "phone@2": "",
      "tablet": "",
      "tablet@2": ""
    },
    "deviceTypes": {
      "desktop": true,
      "tablet": true,
      "phone": true
    },
    "supportedThemes": ["sap_hcb", "sap_belize", "sap_belize_deep", "sap_fiori_3"]
  },
  "sap.ui5": {
    "resources": {
      "js": [],
      "css": []
    },
    "dependencies": {
      "minUI5Version": "1.65.6",
      "libs": {},
      "components": {}
    },
    "models": {
      "i18n": {
        "type": "sap.ui.model.resource.ResourceModel",
        "uri": "i18n/i18n.properties"
      },
      "@i18n": {
        "type": "sap.ui.model.resource.ResourceModel",
        "uri": "i18n/i18n.properties"
      },
      "json": {
        "type": "sap.ui.model.json.JSONModel"
      },
      "i18n|sap.suite.ui.generic.template.ListReport|Genres": {
        "type": "sap.ui.model.resource.ResourceModel",
        "uri": "i18n/ListReport/Genres/i18n.properties"
      },
      "": {
        "dataSource": "main",
        "preload": true,
        "settings": {
          "useBatch": true,
          "defaultBindingMode": "TwoWay",
          "defaultCountMode": "Inline",
          "refreshAfterChange": true,
          "metadataUrlParams": {
            "sap-value-list": "none"
          }
        }
      }
    },
    "contentDensities": {
      "compact": true,
      "cozy": true
    }
  },
  "sap.ui.generic.app": {
    "_version": "1.3.0",
    "settings": {
      "forceGlobalRefresh": false,
      "useColumnLayoutForSmartForm": false,
      "showBasicSearch": false
    },
    "pages": {
      "ListReport|Genres": {
        "entitySet": "GenreHierarchy",
        "component": {
          "name": "sap.suite.ui.generic.template.ListReport",
          "list": true,
          "settings": {
            "condensedTableLayout": true,
            "smartVariantManagement": true,
            "tableType": "TreeTable",
            "enableTableFilterInPageVariant": true,
            "dataLoadSettings": {
              "loadDataOnAppLaunch": "always"
            }
          }
        }
      }
    }
  },
  "sap.fiori": {
    "registrationIds": [],
    "archeType": "transactional"
  },
  "sap.platform.hcp": {
    "uri": ""
  },
  "sap.platform.cf": {
    "oAuthScopes": []
  }
 }
--- a/fiori/app/services.cds
+++ b/fiori/app/services.cds
@@ -5,6 +5,5 @@
 using from './admin-authors/fiori-service';
 using from './admin-books/fiori-service';
 using from './browse/fiori-service';
 using from './genres/fiori-service';
 using from './common';
 using from '@capire/bookstore/srv/mashup';
--- a/fiori/app/xs-app.json
+++ b/fiori/app/xs-app.json
@@ -1,24 +0,0 @@
 {
  "authenticationMethod": "route",
  "routes": [
    {
      "source": "^/-/cds/.*",
      "destination": "mtx-api",
      "authenticationType": "none"
    },
    {
      "source": "^/app/(.*)$",
      "target": "$1",
      "localDir": ".",
      "authenticationType": "xsuaa",
      "cacheControl": "no-cache, no-store, must-revalidate"
    },
    {
      "source": "^/(.*)$",
      "target": "$1",
      "destination": "srv-api",
      "authenticationType": "xsuaa",
      "csrfProtection": true
    }
  ]
 }
--- a/fiori/db/common.cds
+++ b/fiori/db/common.cds
@@ -1,14 +0,0 @@
 namespace sap.capire.bookshop;
 using { sap.capire.bookshop } from '@capire/bookstore/srv/mashup';
 entity GenreHierarchy : bookshop.Genres {
  hierarchyLevel : Integer default 0;
  drillState     : String default 'leaf';
  parent         : Association to GenreHierarchy;
  children       : Composition of many GenreHierarchy on children.parent = $self;
 }
 extend service CatalogService with {
  @readonly entity GenreHierarchy as projection on bookshop.GenreHierarchy;
 }
--- a/fiori/db/data/sap.capire.bookshop-Books_texts.csv
+++ b/fiori/db/data/sap.capire.bookshop-Books_texts.csv
@@ -1,5 +0,0 @@
 ID_texts;ID;locale;title;descr
 201_de;201;de;Sturmhöhe;Sturmhöhe (Originaltitel: Wuthering Heights) ist der einzige Roman der englischen Schriftstellerin Emily Brontë (1818–1848). Der 1847 unter dem Pseudonym Ellis Bell veröffentlichte Roman wurde vom viktorianischen Publikum weitgehend abgelehnt, heute gilt er als ein Klassiker der britischen Romanliteratur des 19. Jahrhunderts.
 201_fr;201;fr;Les Hauts de Hurlevent;Les Hauts de Hurlevent (titre original : Wuthering Heights), parfois orthographié Les Hauts de Hurle-Vent, est l'unique roman d'Emily Brontë, publié pour la première fois en 1847 sous le pseudonyme d’Ellis Bell. Loin d'être un récit moralisateur, Emily Brontë achève néanmoins le roman dans une atmosphère sereine, suggérant le triomphe de la paix et du Bien sur la vengeance et le Mal.
 207_de;207;de;Jane Eyre;Jane Eyre. Eine Autobiographie (Originaltitel: Jane Eyre. An Autobiography), erstmals erschienen im Jahr 1847 unter dem Pseudonym Currer Bell, ist der erste veröffentlichte Roman der britischen Autorin Charlotte Brontë und ein Klassiker der viktorianischen Romanliteratur des 19. Jahrhunderts. Der Roman erzählt in Form einer Ich-Erzählung die Lebensgeschichte von Jane Eyre (ausgesprochen /ˌdʒeɪn ˈɛə/), die nach einer schweren Kindheit eine Stelle als Gouvernante annimmt und sich in ihren Arbeitgeber verliebt, jedoch immer wieder um ihre Freiheit und Selbstbestimmung kämpfen muss. Als klein, dünn, blass, stets schlicht dunkel gekleidet und mit strengem Mittelscheitel beschrieben, gilt die Heldin des Romans Jane Eyre nicht zuletzt aufgrund der Kino- und Fernsehversionen der melodramatischen Romanvorlage als die bekannteste englische Gouvernante der Literaturgeschichte
 207_fr;252;de;Eleonora;“Eleonora” ist eine Erzählung von Edgar Allan Poe. Sie wurde 1841 erstveröffentlicht. In ihr geht es um das Paradox der Treue in der Treulosigkeit.
--- a/fiori/db/data/sap.capire.bookshop-GenreHierarchy.csv
+++ b/fiori/db/data/sap.capire.bookshop-GenreHierarchy.csv
@@ -1,16 +0,0 @@
 ID;parent_ID;name;hierarchyLevel;drillState
 10;;Fiction;0;expanded
 11;10;Drama;1;leaf
 12;10;Poetry;1;leaf
 13;10;Fantasy;1;leaf
 14;10;Science Fiction;1;leaf
 15;10;Romance;1;leaf
 16;10;Mystery;1;leaf
 17;10;Thriller;1;leaf
 18;10;Dystopia;1;leaf
 20;;Non-Fiction;0;expanded
 19;10;Fairy Tale;1;leaf
 21;20;Biography;1;expanded
 22;21;Autobiography;2;leaf
 23;20;Essay;1;leaf
 24;20;Speech;1;leaf
--- a/fiori/db/hana/index.cds
+++ b/fiori/db/hana/index.cds
@@ -2,14 +2,9 @@
 //  Add Author.age and .lifetime with a DB-specific function
 //
-using { AdminService, sap.common } from '@capire/bookshop';
+using { AdminService } from '@capire/bookshop';
 extend projection AdminService.Authors with {
  YEARS_BETWEEN(dateOfBirth, dateOfDeath)         as age: Integer,
  YEAR(dateOfBirth) || ' – ' || YEAR(dateOfDeath) as lifetime : String
 }
 // Workaround: include Countries table because csv files point to it
 // TODO fix by ignoring hdbtabledata generation for unused entities
 annotate common.Countries with @cds.persistence.skip : false;
--- a/fiori/mta.yaml
+++ b/fiori/mta.yaml
@@ -1,97 +0,0 @@
 _schema-version: '3.1'
 ID: capire.fiori
 version: 1.0.0
 description: "fiori"
 parameters:
  enable-parallel-deployments: true
 build-parameters:
  before-all:
    - builder: custom
      commands:
        - npx -p @sap/cds-dk cds build --production
 modules:
  - name: fiori-srv
    type: nodejs
    path: gen/srv
    parameters:
      buildpack: nodejs_buildpack
    build-parameters:
      builder: npm
    provides:
      - name: srv-api # required by consumers of CAP services (e.g. approuter)
        properties:
          srv-url: ${default-url}
      - name: mtx-api # potentially required by approuter
        properties:
          mtx-url: ${default-url}
    requires:
      - name: fiori-db
      - name: fiori-registry
      - name: fiori-auth
      - name: app-api
        properties:
          SUBSCRIPTION_URL: ~{app-protocol}://\${tenant_subdomain}-~{app-uri}
  - name: fiori
    type: approuter.nodejs
    path: app/_router # from cds.env.folders. Consider also cds.env.build.target -> gen/app
    parameters:
      keep-existing-routes: true
      disk-quota: 256M
      memory: 256M
    properties:
      TENANT_HOST_PATTERN: "^(.*)-${default-uri}"
    requires:
      - name: srv-api
        group: destinations
        properties:
          name: srv-api # must be used in xs-app.json as well
          url: ~{srv-url}
          forwardAuthToken: true
      - name: mtx-api
        group: destinations
        properties:
          name: mtx-api # must be used in xs-app.json as well
          url: ~{mtx-url}
      - name: fiori-auth
    provides:
      - name: app-api
        properties:
          app-protocol: ${protocol}
          app-uri: ${default-uri}
 resources:
  - name: fiori-db
    type: org.cloudfoundry.managed-service
    parameters:
      service: service-manager
      service-plan: container
  - name: fiori-registry
    type: org.cloudfoundry.managed-service
    requires:
      - name: mtx-api
    parameters:
      service: saas-registry
      service-plan: application
      config:
        xsappname: fiori-${org}-${space}
        appName: fiori-${org}-${space}
        displayName: fiori
        description: A simple CAP project.
        category: 'Category'
        appUrls:
          getDependencies: ~{mtx-api/mtx-url}/-/cds/saas-provisioning/dependencies
          onSubscription: ~{mtx-api/mtx-url}/-/cds/saas-provisioning/tenant/{tenantId}
          onSubscriptionAsync: false
          onUnSubscriptionAsync: false
          callbackTimeoutMillis: 300000
  - name: fiori-auth
    type: org.cloudfoundry.managed-service
    parameters:
      service: xsuaa
      service-plan: application
      path: ./xs-security.json
      config:
        xsappname: fiori-${org}-${space}
        tenant-mode: shared
--- a/fiori/package.json
+++ b/fiori/package.json
@@ -3,26 +3,19 @@
  "version": "1.0.0",
  "dependencies": {
    "@capire/bookstore": "*",
-    "@sap/cds": ">=5",
+    "@sap/cds": "^5",
    "@sap/cds-mtxs": "^1",
    "@sap/cds-odata-v2-adapter-proxy": "^1.9.0",
    "@sap/xssec": "^3",
    "express": "^4.17.1",
-    "hdb": "^0.19.5",
+    "passport": "^0.4.1"
    "passport": ">=0.4.1"
  },
  "scripts": {
    "start": "cds run --in-memory?",
    "watch": "cds watch"
  },
  "engines": {
    "node": "^16"
  },
  "cds": {
    "features": {
      "deploy_data_onconflict": "replace"
    },
    "requires": {
      "auth": {
        "strategy": "dummy"
      },
      "ReviewsService": {
        "kind": "odata",
        "model": "@capire/reviews"
@@ -43,7 +36,7 @@
        }
      },
      "db": {
-        "kind": "sql-mt"
+        "kind": "sql"
      },
      "db-ext": {
        "[development]": {
@@ -53,39 +46,8 @@
          "model": "db/hana"
        }
      },
-      "multitenancy": true,
+      "hana": {
-      "toggles": true,
+        "deploy-format": "hdbtable"
      "extensibility": true,
      "cds.xt.ExtensibilityService": {
        "element-prefix": [
          "x_"
        ],
        "extension-allowlist": [
          {
            "for": [
              "sap.capire.orders"
            ],
            "kind": "entity",
            "new-fields": 3
          },
          {
            "for": [
              "OrdersService"
            ],
            "new-entities": 2
          }
        ]
      },
      "[production]": {
        "auth": {
          "kind": "xsuaa"
        },
        "db": {
          "kind": "hana-mt"
        }
      },
      "approuter": {
        "kind": "cloudfoundry"
      }
    }
  }
--- a/fiori/server.js
+++ b/fiori/server.js
@@ -1,15 +1 @@
 const cds = require("@sap/cds")
 // install OData v2 adapter
 const proxy = require('@sap/cds-odata-v2-adapter-proxy')
 const proxyOpts = global.it ? { target:'auto' } : {} // for tests, set 'auto' to detect port dynamically
 cds.on('bootstrap', app => app.use(proxy(proxyOpts)))
 module.exports = require('@capire/bookstore/server.js')
 // For didactic reasons in capire, run below services embedded
 // TODO find a better way to switch this
 if (cds.requires.multitenancy) {
  delete cds.env.requires.OrdersService
  delete cds.env.requires.ReviewsService
 }
--- a/fiori/srv/index.cds
+++ b/fiori/srv/index.cds
@@ -1 +0,0 @@
 using from '@capire/bookstore';
--- a/fiori/xs-security.json
+++ b/fiori/xs-security.json
@@ -1,51 +0,0 @@
 {
  "scopes": [
    {
      "name": "$XSAPPNAME.admin",
      "description": "admin"
    },
    {
      "name": "$XSAPPNAME.mtcallback",
      "description": "Subscription via SaaS Registry",
      "grant-as-authority-to-apps": [
        "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)"
      ]
    },
    {
      "name": "$XSAPPNAME.cds.Subscriber",
      "description": "Subscribe to applications"
    },
    {
      "name": "$XSAPPNAME.cds.ExtensionDeveloper",
      "description": "Extend CAP applications via extension projects"
    },
    {
      "name": "$XSAPPNAME.cds.UIFlexDeveloper",
      "description": "Extend CAP applications via UIFlex extensibility"
    }
  ],
  "attributes": [],
  "role-templates": [
    {
      "name": "admin",
      "description": "admin",
      "scope-references": [
        "$XSAPPNAME.admin"
      ]
    },
    {
      "name": "ExtensionDeveloper",
      "description": "Extension development including UIFlex extensibility",
      "scope-references": [
        "$XSAPPNAME.cds.ExtensionDeveloper",
        "$XSAPPNAME.cds.UIFlexDeveloper"
      ]
    }
  ],
  "authorities-inheritance": false,
  "authorities": [
    "$XSAPPNAME.cds.Subscriber",
    "$XSAPPNAME.cds.ExtensionDeveloper",
    "$XSAPPNAME.cds.UIFlexDeveloper"
  ]
 }
--- a/gdpr/.cdsrc.json
+++ b/gdpr/.cdsrc.json
@@ -0,0 +1,28 @@
 {
  "build": {
    "target": "gen",
    "tasks": [{
        "for": "hana",
        "src": "db",
        "options": {
          "model": [
            "db",
            "srv",
            "app"
          ]
        }
      },
      {
        "for": "node-cf",
        "src": "srv",
        "options": {
          "model": [
            "db",
            "srv",
            "app"
          ]
        }
      }
    ]
  }
 }
--- a/gdpr/.env
+++ b/gdpr/.env
@@ -0,0 +1 @@
 PORT = 4007
--- a/gdpr/.etc/deploy.sh
+++ b/gdpr/.etc/deploy.sh
@@ -0,0 +1,4 @@
 npm run build
 cf create-service-push
 cf bind-service gdpr-srv gdpr-pdm -c .pdm/pdm-binding-config.json
 cf restage gdpr-srv
--- a/gdpr/.etc/undeploy.sh
+++ b/gdpr/.etc/undeploy.sh
@@ -0,0 +1,7 @@
 cf delete gdpr-srv -f
 cf delete gdpr-db-deployer -f
 cf delete-service gdpr-pdm -f
 cf delete-service gdpr-auditlog -f
 cf delete-service gdpr-uaa -f
 cf delete-service gdpr-hdi -f
 cf delete-service gdpr-logs -f
--- a/gdpr/.pdm/pdm-binding-config.json
+++ b/gdpr/.pdm/pdm-binding-config.json
@@ -0,0 +1,16 @@
 {
  "fullyQualifiedApplicationName": "capire-gdpr",
  "fullyQualifiedModuleName": "gdpr-srv",
  "applicationTitle": "Capire GDPR Sample App",
  "applicationTitleKey": "Capire GDPR Sample App",
  "applicationURL": "https://capire-gdpr-srv.cfapps.eu10.hana.ondemand.com",
  "endPoints": [{
    "type": "odatav4",
    "serviceName": "PDMService",
    "serviceURI": "/pdm",
    "serviceTitle": "Capire GDPR Sample App PDM Service",
    "serviceTitleKey": "Capire GDPR Sample App PDM Service",
    "hasGdprV4Annotations": true,
    "cacheControl": "no-cache"
  }]
 }
--- a/gdpr/.pdm/pdm-instance-config.json
+++ b/gdpr/.pdm/pdm-instance-config.json
@@ -0,0 +1,8 @@
 {
  "xs-security": {
    "xsappname": "capire-gdpr",
    "authorities": ["$ACCEPT_GRANTED_AUTHORITIES"]
  },
  "fullyQualifiedApplicationName": "capire-gdpr",
  "appConsentServiceEnabled": true
 }
--- a/gdpr/app/fiori.cds
+++ b/gdpr/app/fiori.cds
@@ -0,0 +1,317 @@
 ////////////////////////////////////////////////////////////////////////////
 //
 //	Note: this is designed for the GDPRService being co-located with
 //	orders. It does not work if GDPRService is run as a separate
 // 	process, and is not intended to do so.
 //
 ////////////////////////////////////////////////////////////////////////////
 using {GDPRService} from '../srv/gdpr-service';
 annotate cds.UUID with @Core.Computed;
 /*
 * Orders
 */
@odata.draft.enabled
 annotate GDPRService.Orders with @(UI : {
  SelectionFields      : [
    createdAt,
    createdBy
  ],
  LineItem             : [
    {
      Value : OrderNo,
      Label : 'Order number'
    },
    {
      Value : customer.firstName,
      Label : 'First Name'
    },
    {
      Value : customer.lastName,
      Label : 'Last Name'
    }
  ],
  HeaderInfo           : {
    TypeName       : 'Order',
    TypeNamePlural : 'Orders',
    Title          : {
      Value : OrderNo,
      Label : 'Order number'
    }
  },
  Identification       : [
    {
      Value : createdBy,
      Label : 'Created by'
    },
    {
      Value : createdAt,
      Label : 'Created at'
    }
  ],
  HeaderFacets         : [
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>Created}',
      Target : '@UI.FieldGroup#Created'
    },
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>Modified}',
      Target : '@UI.FieldGroup#Modified'
    },
  ],
  Facets               : [
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>Details}',
      Target : '@UI.FieldGroup#Details'
    },
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>OrderItems}',
      Target : 'Items/@UI.LineItem'
    },
  ],
  FieldGroup #Details  : {Data : [
    {
      Value : customer_ID,
      Label : 'Customer'
    },
    {
      Value : customer.firstName,
      Label : 'First Name'
    },
    {
      Value : customer.lastName,
      Label : 'Last Name'
    },
    {
      Value : currency_code,
      Label : 'Currency'
    }
  ]},
  FieldGroup #Created  : {Data : [
    {
      Value : createdBy,
      Label : 'Created by'
    },
    {
      Value : createdAt,
      Label : 'Created at'
    }
  ]},
  FieldGroup #Modified : {Data : [
    {
      Value : modifiedBy,
      Label : 'Modified by'
    },
    {
      Value : modifiedAt,
      Label : 'Modified at'
    }
  ]},
 }, ) {
  createdAt @UI.HiddenFilter  : false;
  createdBy @UI.HiddenFilter  : false;
  customer  @ValueList.entity : 'Customers';
 };
 /*
 * TODO: Order Items are not really maintainable in Fiori preview app
 */
 annotate GDPRService.Orders.Items with @(UI : {
  LineItem       : [
    {
      Value : product_ID,
      Label : 'Product ID'
    },
    {
      Value : title,
      Label : 'Product Name'
    },
    {
      Value : price,
      Label : 'Price'
    },
    {
      Value : quantity,
      Label : 'Quantity'
    },
  ],
  Identification : [
    {
      Value : product_ID,
      Label : 'Product ID'
    },
    {
      Value : title,
      Label : 'Product Name'
    },
    {
      Value : quantity,
      Label : 'Quantity'
    },
    {
      Value : price,
      Label : 'Price'
    },
  ],
  Facets         : [{
    $Type  : 'UI.ReferenceFacet',
    Label  : 'Order Items',
    Target : '@UI.Identification'
  }, ],
 }, ) {
  ID       @Core.Computed  @UI.Hidden : true;
  title    @Core.Computed;
  price    @Core.Computed;
  quantity @(Common.FieldControl : #Mandatory);
 };
 /*
 * Customers
 */
@odata.draft.enabled
 annotate GDPRService.Customers with @(UI : {
  SelectionFields      : [
    firstName,
    lastName
  ],
  LineItem             : [
    {
      Value : firstName,
      Label : 'First Name'
    },
    {
      Value : lastName,
      Label : 'Last Name'
    },
    {
      Value : dateOfBirth,
      Label : 'Date of Birth'
    }
  ],
  HeaderInfo           : {
    TypeName       : 'Customer',
    TypeNamePlural : 'Customers',
    Title          : {
      Value : lastName,
      Label : 'Last Name'
    },
    Description    : {
      Value : firstName,
      Label : 'First Name'
    }
  },
  Identification       : [
    {
      Value : createdBy,
      Label : 'Created by'
    },
    {
      Value : createdAt,
      Label : 'Created at'
    }
  ],
  HeaderFacets         : [
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>Created}',
      Target : '@UI.FieldGroup#Created'
    },
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>Modified}',
      Target : '@UI.FieldGroup#Modified'
    },
  ],
  Facets               : [
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>Details}',
      Target : '@UI.FieldGroup#Details'
    },
    {
      $Type  : 'UI.ReferenceFacet',
      Label  : '{i18n>Addresses}',
      Target : 'addresses/@UI.LineItem'
    },
  ],
  FieldGroup #Details  : {Data : [
    {
      Value : dateOfBirth,
      Label : 'Date of Birth'
    },
    {
      Value : email,
      Label : 'E-Mail'
    },
    {
      Value : creditCardNo,
      Label : 'Credit Card Number'
    }
  ]},
  FieldGroup #Created  : {Data : [
    {
      Value : createdBy,
      Label : 'Created by'
    },
    {
      Value : createdAt,
      Label : 'Created at'
    }
  ]},
  FieldGroup #Modified : {Data : [
    {
      Value : modifiedBy,
      Label : 'Modified by'
    },
    {
      Value : modifiedAt,
      Label : 'Modified at'
    }
  ]},
 }, ) {
  createdAt @UI.HiddenFilter : false;
  createdBy @UI.HiddenFilter : false;
 };
 annotate GDPRService.CustomerPostalAddresses with @(UI : {
  LineItem       : [
    {
      Value : town,
      Label : 'Town'
    },
    {
      Value : street,
      Label : 'Street'
    },
    {
      Value : country.name,
      Label : 'Country'
    }
  ],
  Identification : [
    {
      Value : town,
      Label : 'Town'
    },
    {
      Value : street,
      Label : 'Street'
    },
    {
      Value : country_code,
      Label : 'Country Code'
    }
  ],
  Facets         : [{
    $Type  : 'UI.ReferenceFacet',
    Label  : 'Customer Postal Address',
    Target : '@UI.Identification'
  }, ],
 }, );
--- a/gdpr/db/data-privacy.cds
+++ b/gdpr/db/data-privacy.cds
@@ -0,0 +1,56 @@
 using {sap.capire.orders} from '@capire/orders';
 using {sap.capire.gdpr} from './schema';
 /*
 * annotations for Data Privacy (Personal Data Manager and Audit Logging)
 */
 annotate gdpr.Customers with @PersonalData  : {
  DataSubjectRole : 'Customer',
  EntitySemantics : 'DataSubject'
 }{
  ID           @PersonalData.FieldSemantics : 'DataSubjectID';
  email        @PersonalData.IsPotentiallyPersonal;
  firstName    @PersonalData.IsPotentiallyPersonal;
  lastName     @PersonalData.IsPotentiallyPersonal;
  creditCardNo @PersonalData.IsPotentiallySensitive;
  dateOfBirth  @PersonalData.IsPotentiallyPersonal;
 }
 annotate gdpr.CustomerPostalAddresses with @PersonalData : {
  DataSubjectRole : 'Customer',
  EntitySemantics : 'DataSubjectDetails'
 }{
  customer @PersonalData.FieldSemantics                  : 'DataSubjectID';
  street   @PersonalData.IsPotentiallyPersonal;
  town     @PersonalData.IsPotentiallyPersonal;
  country  @PersonalData.IsPotentiallyPersonal;
 }
 /*
 * TODO: Personal Data Manager doesn't know EntitySemantics: 'Other' and FieldSemantics: 'ContractRelatedID'
 *       see: https://help.sap.com/viewer/620a3ea6aaf64610accdd05cca9e3de2/Cloud/en-US/5a55fae1eb7c496c92c56071186d76b3.html
 */
 annotate orders.Orders with @PersonalData : {
  DataSubjectRole : 'Customer',
  EntitySemantics : 'LegalGround'
 }{
  ID       @PersonalData.FieldSemantics   : 'LegalGroundID';
  customer @PersonalData.FieldSemantics   : 'DataSubjectID';
 }
 /*
 * additional annotations for Audit Logging
 */
 annotate gdpr.Customers with @AuditLog.Operation : {
  Read   : true,
  Insert : true,
  Update : true,
  Delete : true
 };
 annotate gdpr.CustomerPostalAddresses with @AuditLog.Operation : {
  Read   : true,
  Insert : true,
  Update : true,
  Delete : true
 };
--- a/gdpr/db/data/sap.capire.gdpr-CustomerPostalAddresses.csv
+++ b/gdpr/db/data/sap.capire.gdpr-CustomerPostalAddresses.csv
@@ -0,0 +1,3 @@
 ID;modifiedAt;createdAt;createdBy;modifiedBy;customer_ID;street;town;country_code
 1e2f2640-6866-4dcf-8f4d-3027aa831cad;2019-04-04;2019-01-31;admin@business.com;admin@business.com;8e2f2640-6866-4dcf-8f4d-3027aa831cad;Hauptstrasse 11;Berlin;DE
 24e718c9-ff99-47f1-8ca3-950c850777d4;2019-04-04;2019-01-30;admin@business.com;admin@business.com;74e718c9-ff99-47f1-8ca3-950c850777d4;Main Street 22;London;GB
--- a/gdpr/db/data/sap.capire.gdpr-Customers.csv
+++ b/gdpr/db/data/sap.capire.gdpr-Customers.csv
@@ -0,0 +1,3 @@
 ID;modifiedAt;createdAt;createdBy;modifiedBy;email;firstName;lastName;creditCardNo;dateOfBirth
 8e2f2640-6866-4dcf-8f4d-3027aa831cad;2019-04-04;2019-01-31;admin@business.com;admin@business.com;john.doe@test.com;John;Doe;9977-6655-4433-2211;1970-01-01
 74e718c9-ff99-47f1-8ca3-950c850777d4;2019-04-04;2019-01-30;admin@business.com;admin@business.com;jane.doe@sap.com;Jane;Doe;2211-3344-5566-7788;1980-11-11
--- a/gdpr/db/data/sap.capire.orders-Orders.Items.csv
+++ b/gdpr/db/data/sap.capire.orders-Orders.Items.csv
@@ -0,0 +1,4 @@
 ID;up__ID;quantity;product_ID;title;price
 4bd2c9df-c19f-47b8-a921-3cde0d863b52;29f15ef6-4a13-47d4-aef4-329a403b49eb;1;201;Wuthering Heights;11.11
 6c42a40d-5f7c-4c2f-816b-a73c7c28d722;29f15ef6-4a13-47d4-aef4-329a403b49eb;1;271;Catweazle;15
 748555fc-2cb0-42b5-a361-dd19a50bd682;31c2bd15-5146-4418-b574-866a08911de7;2;252;Eleonora;28
--- a/gdpr/db/data/sap.capire.orders-Orders.csv
+++ b/gdpr/db/data/sap.capire.orders-Orders.csv
@@ -0,0 +1,3 @@
 ID;createdAt;createdBy;customer_ID;OrderNo;currency_code
 29f15ef6-4a13-47d4-aef4-329a403b49eb;2019-01-31;john.doe@test.com;8e2f2640-6866-4dcf-8f4d-3027aa831cad;1;EUR
 31c2bd15-5146-4418-b574-866a08911de7;2019-01-30;jane.doe@test.com;74e718c9-ff99-47f1-8ca3-950c850777d4;2;EUR
--- a/gdpr/db/schema.cds
+++ b/gdpr/db/schema.cds
@@ -0,0 +1,30 @@
 using {
  Country,
  managed,
  cuid
 } from '@sap/cds/common';
 using {sap.capire.orders} from '@capire/orders';
 namespace sap.capire.gdpr;
 extend orders.Orders with {
  customer : Association to Customers;
 }
 entity Customers : cuid, managed {
  email        : String;
  firstName    : String;
  lastName     : String;
  creditCardNo : String;
  dateOfBirth  : Date;
  addresses    : Composition of many CustomerPostalAddresses
                   on addresses.customer = $self;
 }
 entity CustomerPostalAddresses : cuid, managed {
  customer : Association to Customers;
  street   : String(128);
  town     : String(128);
  @assert.integrity : false
  country  : Country;
 };
--- a/gdpr/db/src/.hdiconfig
+++ b/gdpr/db/src/.hdiconfig
@@ -0,0 +1,136 @@
 {
    "file_suffixes": {
        "csv": {
            "plugin_name": "com.sap.hana.di.tabledata.source"
        },
        "hdbafllangprocedure": {
            "plugin_name": "com.sap.hana.di.afllangprocedure"
        },
        "hdbanalyticprivilege": {
            "plugin_name": "com.sap.hana.di.analyticprivilege"
        },
        "hdbcalculationview": {
            "plugin_name": "com.sap.hana.di.calculationview"
        },
        "hdbcollection": {
            "plugin_name": "com.sap.hana.di.collection"
        },
        "hdbconstraint": {
            "plugin_name": "com.sap.hana.di.constraint"
        },
        "hdbdropcreatetable": {
            "plugin_name": "com.sap.hana.di.dropcreatetable"
        },
        "hdbflowgraph": {
            "plugin_name": "com.sap.hana.di.flowgraph"
        },
        "hdbfunction": {
            "plugin_name": "com.sap.hana.di.function"
        },
        "hdbgraphworkspace": {
            "plugin_name": "com.sap.hana.di.graphworkspace"
        },
        "hdbhadoopmrjob": {
            "plugin_name": "com.sap.hana.di.virtualfunctionpackage.hadoop"
        },
        "hdbindex": {
            "plugin_name": "com.sap.hana.di.index"
        },
        "hdblibrary": {
            "plugin_name": "com.sap.hana.di.library"
        },
        "hdbmigrationtable": {
            "plugin_name": "com.sap.hana.di.table.migration"
        },
        "hdbprocedure": {
            "plugin_name": "com.sap.hana.di.procedure"
        },
        "hdbprojectionview": {
            "plugin_name": "com.sap.hana.di.projectionview"
        },
        "hdbprojectionviewconfig": {
            "plugin_name": "com.sap.hana.di.projectionview.config"
        },
        "hdbreptask": {
            "plugin_name": "com.sap.hana.di.reptask"
        },
        "hdbresultcache": {
            "plugin_name": "com.sap.hana.di.resultcache"
        },
        "hdbrole": {
            "plugin_name": "com.sap.hana.di.role"
        },
        "hdbroleconfig": {
            "plugin_name": "com.sap.hana.di.role.config"
        },
        "hdbsearchruleset": {
            "plugin_name": "com.sap.hana.di.searchruleset"
        },
        "hdbsequence": {
            "plugin_name": "com.sap.hana.di.sequence"
        },
        "hdbstatistics": {
            "plugin_name": "com.sap.hana.di.statistics"
        },
        "hdbstructuredprivilege": {
            "plugin_name": "com.sap.hana.di.structuredprivilege"
        },
        "hdbsynonym": {
            "plugin_name": "com.sap.hana.di.synonym"
        },
        "hdbsynonymconfig": {
            "plugin_name": "com.sap.hana.di.synonym.config"
        },
        "hdbsystemversioning": {
            "plugin_name": "com.sap.hana.di.systemversioning"
        },
        "hdbtable": {
            "plugin_name": "com.sap.hana.di.table"
        },
        "hdbtabledata": {
            "plugin_name": "com.sap.hana.di.tabledata"
        },
        "hdbtabletype": {
            "plugin_name": "com.sap.hana.di.tabletype"
        },
        "hdbtrigger": {
            "plugin_name": "com.sap.hana.di.trigger"
        },
        "hdbview": {
            "plugin_name": "com.sap.hana.di.view"
        },
        "hdbvirtualfunction": {
            "plugin_name": "com.sap.hana.di.virtualfunction"
        },
        "hdbvirtualfunctionconfig": {
            "plugin_name": "com.sap.hana.di.virtualfunction.config"
        },
        "hdbvirtualpackagehadoop": {
            "plugin_name": "com.sap.hana.di.virtualpackage.hadoop"
        },
        "hdbvirtualpackagesparksql": {
            "plugin_name": "com.sap.hana.di.virtualpackage.sparksql"
        },
        "hdbvirtualprocedure": {
            "plugin_name": "com.sap.hana.di.virtualprocedure"
        },
        "hdbvirtualprocedureconfig": {
            "plugin_name": "com.sap.hana.di.virtualprocedure.config"
        },
        "hdbvirtualtable": {
            "plugin_name": "com.sap.hana.di.virtualtable"
        },
        "hdbvirtualtableconfig": {
            "plugin_name": "com.sap.hana.di.virtualtable.config"
        },
        "properties": {
            "plugin_name": "com.sap.hana.di.tabledata.properties"
        },
        "tags": {
            "plugin_name": "com.sap.hana.di.tabledata.properties"
        },
        "txt": {
            "plugin_name": "com.sap.hana.di.copyonly"
        }
    }
 }
--- a/gdpr/manifest.yml
+++ b/gdpr/manifest.yml
@@ -0,0 +1,31 @@
 ---
 applications:
 # -----------------------------------------------------------------------------------
 # HANA Database Content Deployer App
 # -----------------------------------------------------------------------------------
 - name: gdpr-db-deployer
  path: gen/db
  no-route: true
  health-check-type: process
  memory: 256M
  buildpack: nodejs_buildpack
  services:
  - gdpr-logs
  - gdpr-hdi
 # -----------------------------------------------------------------------------------
 # Backend Service
 # -----------------------------------------------------------------------------------
 - name: gdpr-srv
  path: gen/srv
  memory: 256M
  buildpack: nodejs_buildpack
  routes:
  - route: capire-gdpr-srv.cfapps.eu10.hana.ondemand.com
  services:
  - gdpr-logs
  - gdpr-hdi
  - gdpr-uaa
  - gdpr-auditlog
  # binding with parameters not yet supported -> binding done manually in .etc/deploy.sh
  #- name: gdpr-pdm
  #  parameters: ./pdm-binding-config.json
--- a/gdpr/package.json
+++ b/gdpr/package.json
@@ -0,0 +1,49 @@
 {
  "name": "@capire/gdpr",
  "version": "0.0.1",
  "dependencies": {
    "@capire/orders": "../orders",
    "@sap/audit-logging": "^5.1.0",
    "@sap/cds": "^5.9",
    "express": "^4.17.1",
    "hdb": "^0.19.0"
  },
  "scripts": {
    "build": "rm -rf gen && cds build --production",
    "deploy": "sh .etc/deploy.sh",
    "undeploy": "sh .etc/undeploy.sh",
    "start": "cds run"
  },
  "cds": {
    "requires": {
      "auth": {
        "__comment__": "workaround to avoid approuter et al. setup",
        "impl": "srv/auth.js"
      },
      "audit-log": {
        "[development]": {
          "kind": "audit-log-to-console"
        },
        "[production]": {
          "kind": "audit-log-service"
        }
      },
      "db": {
        "kind": "sql"
      },
      "uaa": {
        "kind": "xsuaa"
      }
    },
    "features": {
      "audit_personal_data": true,
      "fiori_preview": true,
      "[production]": {
        "kibana_formatter": true
      }
    },
    "hana": {
      "deploy-format": "hdbtable"
    }
  }
 }
--- a/gdpr/readme.md
+++ b/gdpr/readme.md
@@ -0,0 +1,35 @@
 # how-to
 ## required services and subscriptions
 services:
 - Audit Log Service
 - SAP HANA Cloud
 - SAP HANA Schemas & HDI Containers
 - Application Logging Service
 - Personal Data Manager
 - Authorization and Trust Management Service
 subscriptions:
 - Audit Log Viewer Service
 - Personal Data Manager
 ## deploy
 after adding the necessary entitlements, do:
 - `cf l` to log into the respective account
 - `cd gdpr` (if still in root of `cloud-cap-samples`)
 - `npm run deploy`, which executes build and deployment via `.etc/deploy.sh`
 ## authorization
 create roles for Audit Log Viewer Service and Personal Data Manager, and assign the roles to the respective users
 # open issues
 - deploy via mta, which can bind with parameters, and get rid of scripts in `.etc`
 - use approuter to remove hacky custom auth impl (`srv/auth.js`)
 - clarify annotation `EntitySemantics`, which differs between audit logging (`Other`) and personal data manager (`LegalGround`)
 - annotations for order items Fiori preview app
  + `Products` has `@cds.persistence.skip:'always'`
 - how to reuse intial data from `common`?
--- a/gdpr/services-manifest.yml
+++ b/gdpr/services-manifest.yml
@@ -0,0 +1,20 @@
 ---
 create-services:
  - name:       gdpr-logs         # > for kibana
    broker:     application-logs
    plan:       standard
  - name:       gdpr-hdi          # > hana
    broker:     hana
    plan:       hdi-shared
  - name:       gdpr-auditlog     # > audit log sink
    broker:     auditlog
    plan:       standard
  # gdpr-pdm needs to exist before creating gdpr-uaa for authorization grant
  - name:       gdpr-pdm          # > personal data manager
    broker:     personal-data-manager-service
    plan:       standard
    parameters: ./.pdm/pdm-instance-config.json
  - name:       gdpr-uaa          # > uaa for authentication
    broker:     xsuaa
    plan:       application
    parameters: xs-security.json
--- a/gdpr/srv/auth.js
+++ b/gdpr/srv/auth.js
@@ -0,0 +1,43 @@
 /*
 * workaround to avoid approuter et al. setup
 */
 const jwt = require('jsonwebtoken')
 const tenant = process.env.VCAP_SERVICES
  ? JSON.parse(process.env.VCAP_SERVICES).xsuaa[0].credentials.tenantid
  : 'anonymous'
 module.exports = (req, res, next) => {
  /*
   * decode JWT coming from Personal Data Manager
   *
   * DO NOT USE FOR PRODUCTION!
   * - no token validation
   * - no xsappname check
   */
  const bearer = req.headers.authorization && req.headers.authorization.split('Bearer ')[1]
  if (bearer) {
    const { client_id: id, zid: tenant, scope: roles } = jwt.decode(bearer)
    req.user = {
      id,
      tenant,
      is: role => roles.some(r => r.endsWith(`.${role}`))
    }
    return next()
  }
  // mock user that has every role EXCEPT PersonalDataManagerUser
  const basic = req.headers.authorization && req.headers.authorization.split('Basic ')[1]
  if (basic) {
    const [id] = Buffer.from(basic, 'base64').toString('utf-8').split(':')
    req.user = {
      id,
      tenant,
      is: role => role !== 'PersonalDataManagerUser'
    }
    return next()
  }
  // no bearer & no basic -> 401
  res.set('WWW-Authenticate', 'Basic realm="Users"').status(401).end()
 }
--- a/gdpr/srv/gdpr-service.cds
+++ b/gdpr/srv/gdpr-service.cds
@@ -0,0 +1,10 @@
 using {
  sap.capire.orders,
  sap.capire.gdpr
 } from '../db/schema';
@requires : 'admin' // > authorization check
 service GDPRService {
  entity Customers as projection on gdpr.Customers;
  entity Orders    as projection on orders.Orders;
 }
--- a/gdpr/srv/pdm-service.cds
+++ b/gdpr/srv/pdm-service.cds
@@ -0,0 +1,24 @@
 using {
  sap.capire.gdpr as gdpr,
  sap.capire.orders as orders
 } from '../db/data-privacy';
@requires : 'PersonalDataManagerUser' // > authorization check
 service PDMService {
  entity Customers               as projection on gdpr.Customers;
  entity CustomerPostalAddresses as projection on gdpr.CustomerPostalAddresses;
  entity Orders                  as projection on orders.Orders;
  /*
   * additional annotations for Personal Data Manager's Search Fields
   */
  annotate Customers with @(Communication.Contact : {
    n    : {
      surname : lastName,
      given   : firstName
    },
    bday : dateOfBirth
  });
 };
--- a/gdpr/srv/server.js
+++ b/gdpr/srv/server.js
@@ -0,0 +1,26 @@
 const cds = require('@sap/cds')
 /*
 * in development, write audit logs to custom sink (i.e., to console in this example)
 */
 cds.on('served', async () => {
  if (process.env.NODE_ENV === 'production') return
  const auditLogService = await cds.connect.to('audit-log')
  // use prepend to get called before the generic implementation
  auditLogService.prepend(function() {
    const LOG = cds.log('my custom audit logging impl')
    // triggered when reading sensitive personal data
    this.on('dataAccessLog', function(req) {
      const { accesses } = req.data
      for (const access of accesses) LOG.info(access)
    })
    // triggered when modifying personal data
    this.on('dataModificationLog', function(req) {
      const { modifications } = req.data
      for (const modification of modifications) LOG.info(modification)
    })
  })
 })
 module.exports = cds.server
--- a/gdpr/xs-security.json
+++ b/gdpr/xs-security.json
@@ -0,0 +1,14 @@
 {
  "xsappname": "capire-gdpr",
  "tenant-mode": "shared",
  "scopes": [{
    "name": "$XSAPPNAME.PersonalDataManagerUser",
    "description": "Authority for Personal Data Manager",
    "grant-as-authority-to-apps": [
      "$XSSERVICENAME(gdpr-pdm)"
    ]
  }, {
    "name": "$XSAPPNAME.admin",
    "description": "Administrator"
  }]
 }
--- a/hello/package.json
+++ b/hello/package.json
@@ -7,13 +7,28 @@
    "start:ts": "cds-ts serve srv/world.cds"
  },
  "dependencies": {
-    "@sap/cds": ">=5.0.4"
+    "@sap/cds": "^5.0.4"
  },
  "devDependencies": {
-    "@types/jest": "*",
+    "@types/jest": "^27.0.2",
-    "@types/node": "*",
+    "@types/node": "^16.11.6",
    "ts-jest": "^27.0.2",
    "typescript": "^4.3.5"
  },
  "jest": {
    "testEnvironment": "node",
    "preset": "ts-jest",
    "globals": {
      "ts-jest": {
        "diagnostics": {
          "_comment": "see https://githubmemory.com/repo/kulshekhar/ts-jest/issues/2722",
          "ignoreCodes": [
            151001
          ]
        }
      }
    }
  },
  "eslintConfig": {
    "extends": "eslint:recommended",
    "env": {
--- a/hello/test/hello-world-test.js
+++ b/hello/test/hello-world-test.js
@@ -1,13 +0,0 @@
 const cds = require ('@sap/cds')
 describe('Hello world!', () => {
    beforeAll (()=> process.env.CDS_TYPESCRIPT = true)
    afterAll (()=> delete process.env.CDS_TYPESCRIPT)
    const {GET} = cds.test.in(__dirname,'../srv').run('serve', 'world.cds')
    it('should say hello with class impl', async () => {
        const {data} = await GET`/say/hello(to='world')`
        expect(data.value).toMatch(/Hello world.*typescript.*/i)
    })
 })
--- a/hello/test/hello-world-ts.test.ts
+++ b/hello/test/hello-world-ts.test.ts
@@ -0,0 +1,15 @@
 process.env.CDS_TYPESCRIPT = 'true';
 import * as cds from '@sap/cds';
 //@ts-ignore
 const {GET} = cds.test.in(__dirname,'../srv').run('serve', 'world.cds');
 describe('Hello world!', () => {
    afterAll(() => { delete process.env.CDS_TYPESCRIPT; });
    it('should say hello with class impl from a typescript file', async () => {
        const {data} = await GET`/say/hello(to='world')`
        expect(data.value).toMatch(/Hello world.*typescript.*/i)
    })
 })
--- a/orders/app/orders/index.html
+++ b/orders/app/orders/index.html
@@ -25,10 +25,10 @@
 	<script id="sap-ushell-bootstrap" src="https://sapui5.hana.ondemand.com/test-resources/sap/ushell/bootstrap/sandbox.js"></script>
 	<script id="sap-ui-bootstrap" src="https://sapui5.hana.ondemand.com/resources/sap-ui-core.js"
-			data-sap-ui-libs="sap.m, sap.ushell, sap.collaboration, sap.ui.layout"
+    	data-sap-ui-libs="sap.m, sap.ushell, sap.collaboration, sap.ui.layout"
-			data-sap-ui-compatVersion="edge"
+    	data-sap-ui-compatVersion="edge"
-			data-sap-ui-theme="sap_horizon"
+    	data-sap-ui-theme="sap_fiori_3"
-			data-sap-ui-frameOptions="allow"
+    	data-sap-ui-frameOptions="allow"
 	></script>
 	<script>
 		sap.ui.getCore().attachInit(()=> sap.ushell.Container.createRenderer().placeAt("content"))
--- a/orders/app/orders/webapp/manifest.json
+++ b/orders/app/orders/webapp/manifest.json
@@ -167,4 +167,4 @@
 		"registrationIds": [],
 		"archeType": "transactional"
 	}
-}
+}
--- a/orders/package.json
+++ b/orders/package.json
@@ -3,6 +3,6 @@
  "version": "1.0.0",
  "dependencies": {
    "@capire/common": "*",
-    "@sap/cds": ">=5"
+    "@sap/cds": "^5"
  }
 }
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -5,24 +5,30 @@
  "repository": "https://github.com/sap-samples/cloud-cap-samples.git",
  "author": "daniel.hutzel@sap.com",
  "dependencies": {
-    "@sap/cds": ">=5.5.3"
+    "@capire/bookstore": "./bookstore",
    "@capire/bookshop": "./bookshop",
    "@capire/common": "./common",
    "@capire/data-viewer": "./data-viewer",
    "@capire/fiori": "./fiori",
    "@capire/gdpr": "./gdpr",
    "@capire/hello": "./hello",
    "@capire/media": "./media",
    "@capire/orders": "./orders",
    "@capire/reviews": "./reviews",
    "@sap/cds": "^5.5.3"
  },
  "workspaces": [
    "./*/"
  ],
  "devDependencies": {
    "axios": "^0",
    "chai": "^4.3.4",
    "chai-as-promised": "^7.1.1",
    "chai-subset": "^1.6.0",
-    "semver": "^7",
+    "sqlite3": "npm:@mendix/sqlite3@^5"
    "sqlite3": "^5"
  },
  "scripts": {
    "cleanup": "rm -rf node_modules && rm -rf */node_modules && rm -rf */*/node_modules",
    "registry": "node .registry/server.js",
    "bookshop": "cds watch bookshop",
    "fiori": "cds watch fiori",
    "gdpr": "cds watch gdpr",
    "hello": "cds watch hello",
    "media": "cds watch media",
    "mocha": "npx mocha || echo",
@@ -32,6 +38,7 @@
    "test:hello": "cd hello && npm test"
  },
  "jest": {
    "testEnvironment": "node",
    "testTimeout": 20000,
    "testMatch": [
      "**/*.test.js"
--- a/reviews/app/vue/app.js
+++ b/reviews/app/vue/app.js
@@ -4,21 +4,21 @@ const GET = (url) => axios.get('/reviews'+url)
 const PUT = (cmd,data) => axios.patch('/reviews'+cmd,data)
 const POST = (cmd,data) => axios.post('/reviews'+cmd,data)
-const reviews = Vue.createApp ({
+const reviews = new Vue ({
-    data() {
+    el:'#app',
-        return {
+
-          list: [],
+    data: {
-          review: undefined,
+        list: [],
-          message: {},
+        review: undefined,
-          Ratings: Object.entries({
+        message: {},
        Ratings: Object.entries({
            5 : '★★★★★',
            4 : '★★★★',
            3 : '★★★',
            2 : '★★',
            1 : '★',
-          }).reverse()
+        }).reverse()
        }
    },
    methods: {
@@ -66,7 +66,7 @@ const reviews = Vue.createApp ({
        datetime: (d) => d && new Date(d).toLocaleString(),
    },
-}).mount("#app")
+})
 // initially fill list of my reviews
 reviews.fetch()
--- a/reviews/app/vue/index.html
+++ b/reviews/app/vue/index.html
@@ -5,7 +5,7 @@
    <title> Capire Reviews </title>
    <link rel="stylesheet" href="https://unpkg.com/primitive-ui/dist/css/main.css">
    <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
-    <script src="https://cdn.jsdelivr.net/npm/vue@3/dist/vue.global.prod.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/vue"></script>
    <style>
        .hovering tr:hover td { color:cyan; background: #123; cursor: pointer; }
        .rating-stars { color:teal }
@@ -18,7 +18,7 @@
 <body class="small-container", style="margin-top: 70px;">
 <div id='app'>
-    <h1> Capire Reviews </h1>
+    <h1> {{ document.title }} </h1>
    <input type="text" placeholder="Search..." @input="search">
--- a/reviews/db/data/sap.capire.reviews-Reviews.csv
+++ b/reviews/db/data/sap.capire.reviews-Reviews.csv
@@ -1,5 +1,5 @@
-ID;subject;rating;reviewer;title;text
+subject;rating;reviewer;title;text
-5de47328-2ad2-4449-bb8c-e4000586b687;201;5;bob;Intriguing;Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
+201;5;bob;Intriguing;Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
-f77ea7a8-01c8-469d-bf9e-80988758a2ee;201;4;bob;Fascinating;Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Id diam maecenas ultricies mi eget mauris pharetra et. Risus at ultrices mi tempus imperdiet nulla malesuada pellentesque. Pulvinar mattis nunc sed blandit libero. Facilisis magna etiam tempor orci eu. Nec sagittis aliquam malesuada bibendum arcu. Eu consequat ac felis donec. Ultricies tristique nulla aliquet enim tortor at auctor urna nunc. Tortor posuere ac ut consequat semper viverra nam libero. Amet nisl suscipit adipiscing bibendum est ultricies integer quis auctor. Scelerisque purus semper eget duis at tellus. Elementum tempus egestas sed sed risus pretium. Arcu dictum varius duis at. Amet luctus venenatis lectus magna fringilla urna. Eget velit aliquet sagittis id consectetur purus ut faucibus. Vitae auctor eu augue ut lectus. Fermentum iaculis eu non diam phasellus vestibulum.
+201;4;bob;Fascinating;Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Id diam maecenas ultricies mi eget mauris pharetra et. Risus at ultrices mi tempus imperdiet nulla malesuada pellentesque. Pulvinar mattis nunc sed blandit libero. Facilisis magna etiam tempor orci eu. Nec sagittis aliquam malesuada bibendum arcu. Eu consequat ac felis donec. Ultricies tristique nulla aliquet enim tortor at auctor urna nunc. Tortor posuere ac ut consequat semper viverra nam libero. Amet nisl suscipit adipiscing bibendum est ultricies integer quis auctor. Scelerisque purus semper eget duis at tellus. Elementum tempus egestas sed sed risus pretium. Arcu dictum varius duis at. Amet luctus venenatis lectus magna fringilla urna. Eget velit aliquet sagittis id consectetur purus ut faucibus. Vitae auctor eu augue ut lectus. Fermentum iaculis eu non diam phasellus vestibulum.
-6b7ee8c9-0a18-4716-b333-eb95b7570f4e;207;2;bob;What is this?;Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Libero justo laoreet sit amet cursus sit amet dictum. Nunc faucibus a pellentesque sit. Dis parturient montes nascetur ridiculus mus mauris vitae ultricies. Enim nunc faucibus a pellentesque. Commodo quis imperdiet massa tincidunt nunc pulvinar sapien. Cras ornare arcu dui vivamus. Facilisi etiam dignissim diam quis enim lobortis. Et molestie ac feugiat sed. Urna neque viverra justo nec ultrices dui. Ullamcorper a lacus vestibulum sed arcu non. Volutpat ac tincidunt vitae semper quis. Dignissim sodales ut eu sem. Feugiat in fermentum posuere urna nec. At augue eget arcu dictum varius.
+207;2;bob;What is this?;Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Libero justo laoreet sit amet cursus sit amet dictum. Nunc faucibus a pellentesque sit. Dis parturient montes nascetur ridiculus mus mauris vitae ultricies. Enim nunc faucibus a pellentesque. Commodo quis imperdiet massa tincidunt nunc pulvinar sapien. Cras ornare arcu dui vivamus. Facilisi etiam dignissim diam quis enim lobortis. Et molestie ac feugiat sed. Urna neque viverra justo nec ultrices dui. Ullamcorper a lacus vestibulum sed arcu non. Volutpat ac tincidunt vitae semper quis. Dignissim sodales ut eu sem. Feugiat in fermentum posuere urna nec. At augue eget arcu dictum varius.
-10403669-7e56-4668-bfb0-2071bbc947f3;251;3;bob;It's dark...;Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Suscipit tellus mauris a diam. Velit aliquet sagittis id consectetur purus ut. Viverra adipiscing at in tellus integer. Vitae elementum curabitur vitae nunc. Mattis ullamcorper velit sed ullamcorper morbi. Diam quis enim lobortis scelerisque. Auctor neque vitae tempus quam pellentesque nec nam aliquam. Semper auctor neque vitae tempus. Quis eleifend quam adipiscing vitae proin. Neque convallis a cras semper auctor neque vitae. Imperdiet massa tincidunt nunc pulvinar sapien et ligula. Sit amet consectetur adipiscing elit ut aliquam purus. Pretium quam vulputate dignissim suspendisse.
+251;3;bob;It's dark...;Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Suscipit tellus mauris a diam. Velit aliquet sagittis id consectetur purus ut. Viverra adipiscing at in tellus integer. Vitae elementum curabitur vitae nunc. Mattis ullamcorper velit sed ullamcorper morbi. Diam quis enim lobortis scelerisque. Auctor neque vitae tempus quam pellentesque nec nam aliquam. Semper auctor neque vitae tempus. Quis eleifend quam adipiscing vitae proin. Neque convallis a cras semper auctor neque vitae. Imperdiet massa tincidunt nunc pulvinar sapien et ligula. Sit amet consectetur adipiscing elit ut aliquam purus. Pretium quam vulputate dignissim suspendisse.
--- a/reviews/package.json
+++ b/reviews/package.json
@@ -7,7 +7,7 @@
    "index.cds"
  ],
  "dependencies": {
-    "@sap/cds": ">=5",
+    "@sap/cds": "^5",
    "express": "^4.17.1"
  },
  "cds": {
--- a/samples.md
+++ b/samples.md
@@ -69,20 +69,14 @@ Each sub directory essentially is an individual npm package arranged in an [all-
 ## [@capire/fiori](fiori)
- Adds an SAP Fiori elements application to bookstore, thereby introducing:
+- [Adds an SAP Fiori elements application](https://cap.cloud.sap/docs/guides/fiori/) to bookstore, thereby introducing to:
- OData Annotations in `.cds` files
+- [OData Annotations](https://cap.cloud.sap/docs/guides/fiori#adding-odata-annotations) in `.cds` files
- Support for Fiori Draft
+- Support for [Fiori Draft](https://cap.cloud.sap/docs/guides/fiori#draft)
- Support for Value Helps
+- Support for [Value Helps](https://cap.cloud.sap/docs/guides/fiori#value-help)
 - Serving SAP Fiori apps locally
 - Fiori Elements V2
  - OData V2 using CDS OData V2 Adapter Proxy
  - List Report (type `TreeTable`)
  - `@sap.hierarchy` annotations
 See the [Serving Fiori UIs](https://cap.cloud.sap/docs/advanced/fiori) documentation for more information.
 <br>
 # All-in-one Monorepo
-Each sample sub directory essentially is a standard npm package, some with standard npm dependencies to other samples. The root folder's [package.json](package.json) has local links to the sub folders, such that an `npm install` populates a local `node_modules` folder and acts like a local npm registry to the individual sample packages.
+Each sample sub directory essentially is a standard npm package, some with standard npm dependencies to other samples. The root folder's [package.json](package.json) has local links to the sub folders, such that an `npm install` populates a local `node_modules` folder acts like a local npm registry to the individual sample packages.
--- a/test/cds.ql.test.js
+++ b/test/cds.ql.test.js
@@ -1,18 +1,20 @@
 const cds = require('@sap/cds/lib')
 const { expect } = cds.test
 const { cdr } = cds.ql
 const Foo = { name: 'Foo' }
 const Books = { name: 'capire.bookshop.Books' }
 const STAR = cdr ? '*' : { ref: ['*'] }
 const skip = {to:{eql:()=>skip}}
 const srv = new cds.Service
 let cqn
 expect.plain = (cqn) => !cqn.SELECT.one && !cqn.SELECT.distinct ? expect(cqn) : skip
 expect.one = (cqn) => !cqn.SELECT.distinct ? expect(cqn) : skip
 describe('cds.ql → cqn', () => {
-
+  //
  const cds = require('@sap/cds/lib')
  const { expect } = cds.test
  const { cdr } = cds.ql
  const Foo = { name: 'Foo' }
  const Books = { name: 'capire.bookshop.Books' }
  const STAR = cdr ? '*' : { ref: ['*'] }
  const skip = {to:{eql:()=>skip}}
  const srv = new cds.Service
  let cqn
  expect.plain = (cqn) => !cqn.SELECT.one && !cqn.SELECT.distinct ? expect(cqn) : skip
  expect.one = (cqn) => !cqn.SELECT.distinct ? expect(cqn) : skip
  describe.each(['SELECT', 'SELECT one', 'SELECT distinct'])(`%s...`, (each) => {
@@ -79,8 +81,6 @@ describe('cds.ql → cqn', () => {
      .to.eql(SELECT('Foo','Boo').from('Bar'))
      .to.eql(SELECT(['Foo','Boo']).from('Bar'))
      .to.eql(SELECT `Bar` .columns `Foo, Boo`)
      .to.eql(SELECT `Bar` .columns `{ Foo, Boo }`)
      .to.eql(SELECT `Bar` .columns ('{ Foo, Boo }'))
      .to.eql(SELECT `Bar` .columns ('Foo','Boo'))
      .to.eql(SELECT `Bar` .columns (['Foo','Boo']))
      .to.eql(SELECT.from `Bar` .columns ('Foo','Boo'))
@@ -411,67 +411,18 @@ describe('cds.ql → cqn', () => {
        ]
      }})
-      const ql_with_groups_fix = !!cds.ql.Query.prototype.flat
+      expect (
-      if (ql_with_groups_fix) {
+        SELECT.from(Foo).where({x:1,or:{y:2}})
-
+      ).to.eql (
-        expect (
+        CQL`SELECT from Foo where x=1 or y=2`
-          SELECT.from(Foo).where({x:1}).or({y:2}).and({z:3})
+      ).to.eql ({ SELECT: {
-        ).to.eql ({ SELECT: {
+        from: {ref:['Foo']},
-          from: {ref:['Foo']},
+        where: [
-          where: [
+          {ref:['x']}, '=', {val:1},
-            {ref:['x']}, '=', {val:1},
+          'or',
-            'or',
+          {ref:['y']}, '=', {val:2}
-            {ref:['y']}, '=', {val:2},
+        ]
-            'and',
+      }})
            {ref:['z']}, '=', {val:3},
          ]
        }})
        expect (
          SELECT.from(Foo).where({x:1,or:{y:2}}).and({z:3})
        ).to.eql ({ SELECT: {
          from: {ref:['Foo']},
          where: [
            {xpr:[
              {ref:['x']}, '=', {val:1},
              'or',
              {ref:['y']}, '=', {val:2},
            ]},
            'and',
            {ref:['z']}, '=', {val:3},
          ]
        }})
        expect (
          SELECT.from(Foo).where({a:1}).or({x:1,or:{y:2}}).and({z:3})
        ).to.eql ({ SELECT: {
          from: {ref:['Foo']},
          where: [
            {ref:['a']}, '=', {val:1},
            'or',
            {xpr:[
              {ref:['x']}, '=', {val:1},
              'or',
              {ref:['y']}, '=', {val:2},
            ]},
            'and',
            {ref:['z']}, '=', {val:3},
          ]
        }})
        expect (
          { SELECT: SELECT.from(Foo).where({x:1,or:{y:2}}).SELECT }
        ).to.eql ({ SELECT: {
          from: {ref:['Foo']},
          where: [
            {ref:['x']}, '=', {val:1},
            'or',
            {ref:['y']}, '=', {val:2},
          ]
        }})
      }
      expect (
        SELECT.from(Foo).where({x:1,and:{y:2}}).or({z:3})
--- a/test/consuming-services.test.js
+++ b/test/consuming-services.test.js
@@ -1,9 +1,8 @@
 const cds = require('@sap/cds/lib')
 const { expect } = cds.test ('@capire/bookshop')
-describe('cap/samples - Consuming Services locally', () => {
+describe('Consuming Services locally', () => {
-
+  //
  const { expect } = cds.test ('@capire/bookshop')
  it('bootstrapped the database successfully', ()=>{
    const { AdminService } = cds.services
    const { Authors } = AdminService.entities
@@ -15,7 +14,7 @@ describe('cap/samples - Consuming Services locally', () => {
    const AdminService = await cds.connect.to('AdminService')
    const { Authors } = AdminService.entities
    expect (await SELECT.from(Authors))
-    // .to.eql(await SELECT.from('Authors'))
+    .to.eql(await SELECT.from('Authors'))
    .to.eql(await AdminService.read(Authors))
    .to.eql(await AdminService.read('Authors'))
    .to.eql(await AdminService.run(SELECT.from(Authors)))
@@ -33,27 +32,6 @@ describe('cap/samples - Consuming Services locally', () => {
            })
        })
    }).where(`name like`, 'E%')
    if (require('semver').gte(cds.version, '5.9.0')) {
      expect(authors).to.containSubset([
        {
          name: 'Emily Brontë',
          books: [
            {
              title: 'Wuthering Heights',
              currency: { name: 'British Pound', symbol: '£' },
            },
          ],
        },
        {
          name: 'Edgar Allen Poe',
          books: [
            { title: 'The Raven', currency: { name: 'US Dollar', symbol: '$' } },
            { title: 'Eleonora', currency: { name: 'US Dollar', symbol: '$' } },
          ],
        },
      ])
      return
    }
    expect(authors).to.containSubset([
      {
        name: 'Emily Brontë',
--- a/test/custom-handlers.test.js
+++ b/test/custom-handlers.test.js
@@ -1,10 +1,9 @@
 const cds = require('@sap/cds/lib')
 const { GET, POST, expect } = cds.test(__dirname+'/../bookshop')
 if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
 else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
-describe('cap/samples - Custom Handlers', () => {
+describe('Custom Handlers', () => {
  const { GET, POST, expect } = cds.test(__dirname+'/../bookshop')
  if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
  else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
  it('should reject out-of-stock orders', async () => {
    await POST `/browse/submitOrder ${{ book: 201, quantity: 5 }}`
--- a/test/fiori.test.js
+++ b/test/fiori.test.js
@@ -1,23 +0,0 @@
 const cds = require('@sap/cds/lib')
 describe('cap/samples - Fiori APIs - v2', () => {
  const { GET, expect, axios } = cds.test ('@capire/fiori', '--with-mocks')
  axios.defaults.auth = { username: 'alice', password: 'admin' }
  it('serves $metadata documents in v2', async () => {
    const { headers, data } = await GET `/v2/browse/$metadata`
    expect(headers).to.contain({
      'content-type': 'application/xml',
      'dataserviceversion': '2.0',
    })
    expect(data).to.contain('<EntitySet Name="GenreHierarchy" EntityType="CatalogService.GenreHierarchy"/>')
  })
  it('serves Books in v2', async () => {
    const { data } = await GET `/v2/browse/Books`
    expect(data).to.containSubset({d:{results:[]}})
    expect(data.d.results.length).to.be.greaterThanOrEqual(5)
  })
 })
--- a/test/hello-world.test.js
+++ b/test/hello-world.test.js
@@ -1,8 +1,7 @@
 const cds = require('@sap/cds/lib')
 const { GET, expect } = cds.test (__dirname+'/../hello')
-describe('cap/samples - Hello world!', () => {
+describe('Hello world!', () => {
  const { GET, expect } = cds.test (__dirname+'/../hello')
  it('should say hello with class impl', async () => {
    const {data} = await GET `/say/hello(to='world')`
--- a/test/hierarchical-data.test.js
+++ b/test/hierarchical-data.test.js
@@ -1,17 +1,19 @@
 const cds = require('@sap/cds/lib')
 const {expect} = cds.test
-describe('cap/samples - Hierarchical Data', ()=>{
+// should become cds.compile(...) when cds5 is released
 const model = cds.compile.to.csn (`
  entity Categories {
    key ID   : Integer;
    name     : String;
    children : Composition of many Categories on children.parent = $self;
    parent   : Association to Categories;
  }
 `)
 const {Categories:Cats} = model.definitions
-	const model = CDL`
+
-		entity Categories {
+describe('Hierarchical Data', ()=>{
 			key ID   : Integer;
 			name     : String;
 			children : Composition of many Categories on children.parent = $self;
 			parent   : Association to Categories;
 		}
 	`
 	const {Categories:Cats} = model.definitions
 	const {expect} = cds.test
 	before ('bootstrap sqlite in-memory db...', async()=>{
 		await cds.deploy (model) .to ('sqlite::memory:')
@@ -33,21 +35,6 @@ describe('cap/samples - Hierarchical Data', ()=>{
  ))
 	it ('supports nested reads', async()=>{
 		if (require('semver').gte(cds.version, '5.9.0')) {
 			expect (await
 				SELECT.one.from (Cats, c=>{
 					c.ID, c.name.as('parent'), c.children (c=>{
 						c.name.as('child')
 					})
 				}) .where ({name:'Cat'})
 			) .to.eql (
 				{ ID:101, parent:'Cat', children:[
 					{ child:'Kitty' },
 					{ child:'Catwoman' },
 				]}
 			)
 			return
 		}
 		expect (await
 			SELECT.one.from (Cats, c=>{
 				c.ID, c.name.as('parent'), c.children (c=>{
@@ -63,25 +50,6 @@ describe('cap/samples - Hierarchical Data', ()=>{
 	})
 	it ('supports deeply nested reads', async()=>{
 		if (require('semver').gte(cds.version, '5.9.0')) {
 			expect (await SELECT.one.from (Cats, c=>{
 				c.ID, c.name, c.children (
 					c => { c.name },
 					{levels:3}
 				)
 			}) .where ({name:'Cat'})
 			) .to.eql (
 				{ ID:101, name:'Cat', children:[
 					{ name:'Kitty', children:[
 						{ name:'Kitty Cat', children:[
 							{ name:'Aristocat' }, ]},  // level 3
 						{ name:'Kitty Bat', children:[] }, ]},
 					{ name:'Catwoman', children:[
 						{ name:'Catalina', children:[] } ]},
 				]}
 			)
 			return
 		}
 		expect (await SELECT.one.from (Cats, c=>{
 			c.ID, c.name, c.children (
 				c => { c.name },
--- a/test/localized-data/services.test.js
+++ b/test/localized-data/services.test.js
@@ -1,14 +1,25 @@
-describe('cap/samples - Localized Data', () => {
+const { GET, expect, cds } = require('@sap/cds/lib').test (__dirname)
 if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
 else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
-  const { GET, expect, cds } = require('@sap/cds/lib').test (__dirname)
+describe('Localized Data', () => {
  if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
  else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
  it('serves localized $metadata documents', async () => {
-    const { data } = await GET(`/browse/$metadata?sap-language=de`, { headers: { 'accept-language': 'de' }})
+    const { data } = await GET`/browse/$metadata?sap-language=de`
    expect(data).to.contain('<Annotation Term="Common.Label" String="Währung"/>')
  })
  it('supports sap-language param', async () => {
    const { data } = await GET(`/browse/Books?$select=title,author` + '&sap-language=de')
    expect(data.value).to.containSubset([
      { title: 'Sturmhöhe', author: 'Emily Brontë' },
      { title: 'Jane Eyre', author: 'Charlotte Brontë' },
      { title: 'The Raven', author: 'Edgar Allen Poe' },
      { title: 'Eleonora', author: 'Edgar Allen Poe' },
      { title: 'Catweazle', author: 'Richard Carpenter' },
    ])
  })
  it('supports accept-language header', async () => {
    const { data } = await GET(`/browse/Books?$select=title,author`, {
      headers: { 'Accept-Language': 'de' },
--- a/test/messaging.test.js
+++ b/test/messaging.test.js
@@ -1,20 +1,14 @@
 const cds = require('@sap/cds/lib')
-const {resolve} = require('path')
+const { expect } = cds.test
 const _model = '@capire/reviews'
 if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
 else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
-describe('cap/samples - Messaging', ()=>{
+describe('Messaging', ()=>{
    const { expect } = cds.test
    const _model = '@capire/reviews'
    const Reviews = 'sap.capire.reviews.Reviews'
    if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
    else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
    beforeAll(() => { cds.root = resolve(__dirname, '..') })
    afterAll(() => { cds.root = process.cwd() })
    it ('should bootstrap sqlite in-memory db', async()=>{
        const db = await cds.deploy (_model) .to ('sqlite::memory:')
-        await db.delete(Reviews)
+        await db.delete('Reviews')
        expect (db.model) .not.undefined
    })
--- a/test/odata.test.js
+++ b/test/odata.test.js
@@ -1,48 +1,9 @@
 const cds = require('@sap/cds/lib')
 const { GET, expect } = cds.test ('@capire/bookshop')
 if (cds.User.default) cds.User.default = cds.User.Privileged // hard core monkey patch
 else cds.User = cds.User.Privileged // hard core monkey patch for older cds releases
-describe('cap/samples - Bookshop APIs', () => {
+describe('OData Protocol', () => {
  const { GET, expect, axios } = cds.test ('@capire/bookshop')
  axios.defaults.auth = { username: 'alice', password: 'admin' }
  // Genres
  const Drama = {
    "name": "Drama",
    "descr": null,
    "ID": 11,
    "parent_ID": 10
  }
  const Mystery = {
    "name": "Mystery",
    "descr": null,
    "ID": 16,
    "parent_ID": 10
  }
  const Fantasy = {
    "name": "Fantasy",
    "descr": null,
    "ID": 13,
    "parent_ID": 10
  }
  // Currencies
  const GBP = {
    "name": "British Pound",
    "descr": null,
    "code": "GBP",
    "symbol": "£"
  }
  const USD = {
    "name": "US Dollar",
    "descr": null,
    "code": "USD",
    "symbol": "$"
  }
  const JPY = {
    "name": "Yen",
    "descr": null,
    "code": "JPY",
    "symbol": "¥"
  }
  it('serves $metadata documents in v4', async () => {
@@ -56,16 +17,6 @@ describe('cap/samples - Bookshop APIs', () => {
    expect(data).to.contain('<Annotation Term="Common.Label" String="Currency"/>')
  })
  it('serves ListOfBooks?$expand=genre,currency', async () => {
    const { data } = await GET `/browse/ListOfBooks ${{
      params: { $search: 'Po', $select: `title,author`, $expand:`genre,currency` },
    }}`
    expect(data.value).to.eql([
      { ID: 251, title: 'The Raven', author: 'Edgar Allen Poe', genre:Mystery, currency:USD  },
      { ID: 252, title: 'Eleonora', author: 'Edgar Allen Poe', genre:Mystery, currency:USD  },
    ])
  })
  it('supports $search in multiple fields', async () => {
    const { data } = await GET `/browse/Books ${{
      params: { $search: 'Po', $select: `title,author` },
@@ -124,16 +75,4 @@ describe('cap/samples - Bookshop APIs', () => {
      { ID: 271, title: 'Catweazle' },
    ])
  })
  it('serves user info', async () => {
    {
      const { data } = await GET (`/user/me`)
      expect(data).to.containSubset({ id: 'alice', locale:'en', tenant: null })
    }
    {
      const { data } = await GET (`/user/me`, {auth: { username: 'joe' }})
      expect(data).to.containSubset({ id: 'joe', locale:'en', tenant: null })
    }
  })
 })
--- a/test/registry.test.js
+++ b/test/registry.test.js
@@ -1,14 +1,12 @@
 const cds = require('@sap/cds/lib')
 const { expect } = cds.test
 const { fork } = require('child_process')
 const { resolve } = require('path')
 const verbose = process.env.CDS_TEST_VERBOSE
 // ||true
-describe('cap/samples - Local NPM registry', () => {
+describe('Local NPM registry', () => {
  const { expect } = cds.test
  // ||true
  let registry
  let axios
  const cwd = resolve(__dirname, '..')
@@ -22,7 +20,7 @@ describe('cap/samples - Local NPM registry', () => {
  after(() => { registry.kill() })
-  for (const mod of ['bookshop', 'data-viewer', 'fiori','orders','reviews']) {
+  for (const mod of ['bookshop','fiori','orders','reviews']) {
    it(`should serve ${mod}`, async () => {
      const resp = await axios.get(`/@capire/${mod}`)
      expect(resp.data).to.containSubset({name: `@capire/${mod}`, versions:{}})
Author	SHA1	Message	Date
Johannes Vogel	08a3157f1d	use new kinds for audit log	2022-03-18 09:30:42 +01:00
sjvans	c9ecef4e21	Merge branch 'main' into audit-logging	2022-02-08 13:48:35 +01:00
sjvans	46f1be4395	cleanup	2022-02-08 13:47:32 +01:00
sjvans	b932637400	Update manifest.json	2022-02-08 13:45:36 +01:00
sjvans	3c6d49b88e	in development, write audit logs to custom sink	2022-02-08 13:41:30 +01:00
sjvans	6928ae907a	initial	2022-02-03 17:57:35 +01:00