fix: delete with grant (#334)

closes #262 * Fix Update/Delete issue when using grant * chore: align formatting * test: add authenticated deletion * test: restrict deletion to createdBy = $user Co-authored-by: Vasil Shmidt <[email protected]>
sapmentors · Aug 3, 2022 · d72ec82 · d72ec82
1 parent 83bc2db
commit d72ec82
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 6 deletions.
diff --git a/__tests__/__assets__/cap-proj/srv/beershop-admin-service.cds b/__tests__/__assets__/cap-proj/srv/beershop-admin-service.cds
@@ -2,8 +2,16 @@ using {csw} from '../db/schema';
 
 @(requires : 'authenticated-user')
 service BeershopAdminService {
-
+ @restrict : [{
+ grant : [
+ 'READ',
+ 'WRITE',
+ 'DELETE'
+ ],
+ where : 'createdBy = $user'
+ }]
  entity Beers as projection on csw.Beers;
+
  entity Breweries as projection on csw.Brewery;
 
  @readonly

diff --git a/__tests__/lib/pg/service-admin.test.js b/__tests__/lib/pg/service-admin.test.js
@@ -4,7 +4,7 @@ const deploy = require('@sap/cds/lib/deploy')
 cds.env.requires.db = { kind: 'postgres' }
 cds.env.requires.postgres = {
  dialect: 'plain',
- impl: './cds-pg', // hint: not really sure as to why this is, but...
+ impl: './cds-pg' // hint: not really sure as to why this is, but...
 }
 
 // default (single) test environment is local,
@@ -25,13 +25,13 @@ describe.each(suiteEnvironments)(
  info: jest.fn(),
  debug: jest.fn(),
  warn: jest.fn(),
- error: jest.fn(),
+ error: jest.fn()
  }
  this._model = model
  this._dbProperties = {
  kind: 'postgres',
  model: this._model,
- credentials: credentials,
+ credentials: credentials
  }
 
  // only bootstrap in local mode as scp app is deployed and running
@@ -74,7 +74,7 @@ describe.each(suiteEnvironments)(
  .send({
  name: 'Schlappe Seppel',
  ibu: 10,
- abv: '16.2',
+ abv: '16.2'
  })
  .set('content-type', 'application/json;charset=UTF-8;IEEE754Compatible=true')
  .auth('bob', '')
@@ -90,6 +90,9 @@ describe.each(suiteEnvironments)(
  expect(responseGet.status).toStrictEqual(200)
  expect(responseGet.body.createdBy).toStrictEqual('bob')
  expect(responseGet.body.modifiedBy).toStrictEqual('bob')
+
+ const responseDelete = await request.delete(`/beershop-admin/Beers(${response.body.ID})`).auth('bob', '')
+ expect(responseDelete.status).toStrictEqual(204)
  })
  })
  }

diff --git a/lib/pg/sql-builder/SelectBuilder.js b/lib/pg/sql-builder/SelectBuilder.js
@@ -61,7 +61,7 @@ class PGSelectBuilder extends SelectBuilder {
  // could not determine data type of parameter $1
  // described in issue #223
  if (this._obj.SELECT.columns.length === 1 && this._obj.SELECT.columns[0].func === 'count') {
- this._obj.SELECT.columns[0].args[0].val = 1
+ this._obj.SELECT.columns[0].args[0] = '1'
  } else {
  for (let index = 0; index < this._obj.SELECT.columns.length; index++) {
  const element = this._obj.SELECT.columns[index]