31 lines
886 B
Plaintext
31 lines
886 B
Plaintext
using { sap.capire.reviews as my } from '../db/schema';
|
|
|
|
service ReviewsService {
|
|
|
|
entity Reviews as projection on my.Reviews excluding { likes }
|
|
action like (review: type of Reviews:ID);
|
|
action unlike (review: type of Reviews:ID);
|
|
|
|
// Input validation
|
|
annotate Reviews with {
|
|
subject @mandatory;
|
|
title @mandatory;
|
|
rating @mandatory @assert.enum;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
// Access control restrictions
|
|
annotate ReviewsService.Reviews with @restrict_:[
|
|
{ grant:'READ', to:'any' }, // everybody can read reviews
|
|
{ grant:'CREATE', to:'authenticated-user' }, // users must login to add reviews
|
|
{ grant:'UPDATE', to:'authenticated-user', where:'reviewer=$user' },
|
|
{ grant:'DELETE', to:'admin' },
|
|
];
|
|
|
|
annotate ReviewsService with @restrict_:[
|
|
{ grant:'like', to:'identified-user' },
|
|
{ grant:'unlike', to:'identified-user', where:'user=$user' },
|
|
];
|