Skip to Content

calling external CAP Service with restrict in Entity Definition

Hello,

We have the following scenario:

  1. Platform CAP service sitting on top of Hana Cloud
  2. API CAP service that calls Platform service using external service
const extSrv = await cds.connect.to('EntityService') 

In the definition of the MyInvoices Entity in the API service we added the

@(restrict:
    [
     {
      grant: 'READ',
      where: 'someId = $user.id'
     } ])  as projection on external.Invoices

The goal being that we could restrict the data in the API service to who is actually logged on.

this.on('READ', MyInvoices, req => {
    const tx = extSrv.tx(req)
    return tx.run(req.query)
})
GET /ApiService/Invoices?$filter=status eq '''Paid'''&$skip=0&$top=100
Processing: READ ApiService.Invoices. Query:
{
    "SELECT": {
        "from": {
            "ref": [
                "ApiService.Invoices"
            ]
        },
        "columns": [
            {
                "ref": [
                    "ID"
                ]
            },
            {
                "ref": [
                    "paymentDate"
                ]
            },
            {
                "ref": [
                    "interestChargeAmount"
                ]
            },
            {
                "ref": [
                    "amount"
                ]
            },
            {
                "ref": [
                    "currency_code"
                ]
            },
            {
                "ref": [
                    "contractName"
                ]
            },
            {
                "ref": [
                    "status"
                ]
            },
            {
                "ref": [
                    "supplierPartnerId"
                ]
            }
        ],
        "where": [
            "(",
            {
                "ref": [
                    "status"
                ]
            },
            "=",
            {
                "val": "'Paid'"
            },
            ")",
            "and",
            "(",
            "(",
            {
                "ref": [
                    "supplierPartnerId"
                ]
            },
            "=",
            {
                "val": "ANID"
            },
            ")",
            ")"
        ],
        "limit": {
            "rows": {
                "val": 100
            }
        },
        "orderBy": [
            {
                "ref": [
                    "ID"
                ],
                "sort": "asc"
            }
        ]
    }
}. For User{
    "id": "userID",
    "_roles": {
        "any": 1,
        "identified-user": 1,
        "authenticated-user": 1
    },
    "attr": {
        "UserID": "name@email.com",
        "ContactEmail": "name@email.com",
        "ANID": "ANID",
        "CompanyName": "Company",
        "ContactFirstName": "Name",
        "ContactLastName": "LastName",
        "UserTimeZone": "UTC"
    },
    "tenant": null
}

In the Above it makes reference to supplierPartnerId which in the platform service/entity

I then get this error thrown from CAP

[2021-01-13T19:27:25.113Z | ERROR | 1968819]: TypeError: Cannot read property 'type' of undefined
    at formatVal (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/utils.js:4:22)
    at _createFilterString (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/select.js:125:22)
    at select (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/select.js:149:20)
    at module.exports (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/index.js:7:26)
    at _cqnToReqOptions (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/service.js:144:23)
    at getReqOptions (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/service.js:181:9)
    at RestService.<anonymous> (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/service.js:37:11)
    at next (/Users/dev/project/apiProject/node_modules/@sap/cds/lib/srv/Service.js:87:30)
    at RestService.dispatch (/Users/dev/project/apiProject/node_modules/@sap/cds/lib/srv/Service.js:93:8)
    at RestService.emit (/Users/dev/project/apiProject/node_modules/@sap/cds/lib/srv/Service.js:37:34)
[INTERNAL ERROR] TypeError: Cannot read property 'type' of undefined
    at formatVal (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/utils.js:4:22)
    at _createFilterString (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/select.js:125:22)
    at select (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/select.js:149:20)
    at module.exports (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/query-generation/index.js:7:26)
    at _cqnToReqOptions (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/service.js:144:23)
    at getReqOptions (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/utils/service.js:181:9)
    at RestService.<anonymous> (/Users/dev/project/apiProject/node_modules/@sap/cds-runtime/lib/rest/service.js:37:11)
    at next (/Users/dev/project/apiProject/node_modules/@sap/cds/lib/srv/Service.js:87:30)
    at RestService.dispatch (/Users/dev/project/apiProject/node_modules/@sap/cds/lib/srv/Service.js:93:8)
    at RestService.emit (/Users/dev/project/apiProject/node_modules/@sap/cds/lib/srv/Service.js:37:34)
Please report this error.

So I guess the question is can you put the @restrict on an Entity that is backed by an external service? It appears like it should, but maybe not.

Jon

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on 2 days ago

    I found this git hub posting by Gregor Wolf

    https://github.com/gregorwolf/customer-material-management/blob/c1d04751c5b09ae0b6215ea1901909f30f930173/srv/customer-material-service.cds#L13

    Where he states the @restrict doesn't work with the fluent API

    So, I am back to writing my own READ handlers i guess.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.