45 lines
1.2 KiB
Plaintext
45 lines
1.2 KiB
Plaintext
using { sap.capire.reviews as my } from '../db/schema';
|
|
|
|
service ReviewsService {
|
|
|
|
// Sync API
|
|
entity Reviews as projection on my.Reviews excluding { likes }
|
|
action like (review: type of Reviews:ID);
|
|
action unlike (review: type of Reviews:ID);
|
|
|
|
// Async API
|
|
event reviewed : projection on Reviews {
|
|
subject,
|
|
rating
|
|
}
|
|
|
|
// Input validation
|
|
annotate Reviews with {
|
|
subject @mandatory;
|
|
title @mandatory;
|
|
rating @assert.range;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
// Access control restrictions
|
|
annotate ReviewsService.Reviews with @restrict:[
|
|
{ grant:'READ', to:'any' }, // everybody can read reviews
|
|
{ grant:'CREATE', to:'authenticated-user' }, // users must login to add reviews
|
|
/////////////////////////////////////////////////
|
|
//
|
|
// Temporarily disabling this due to glitch in CAP Node.js runtime:
|
|
// { grant:'UPDATE', to:'authenticated-user', where:'reviewer=$user' },
|
|
// -> reenable it when the issue is fixed
|
|
{ grant:'UPDATE', to:'authenticated-user' },
|
|
//
|
|
////////////////////////////////////////////////////
|
|
{ grant:'DELETE', to:'admin' },
|
|
];
|
|
|
|
annotate ReviewsService with @restrict:[
|
|
{ grant:'like', to:'identified-user' },
|
|
{ grant:'unlike', to:'identified-user', where:'user=$user' },
|
|
];
|