Skip to content

feat: use path expressions on new dbs #133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 12 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/).
The format is based on [Keep a Changelog](http://keepachangelog.com/).

## Version 0.8.3 - 2024-11-28

### Fixed

- Rewrite subselects to use path expressions on @cap-js databases
Copy link
Contributor Author

@sjvans sjvans Dec 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Rewrite subselects to use path expressions on @cap-js databases
- Use path expressions instead of manually constructed semi joins on @cap-js databases


## Version 0.8.2 - 2024-11-27

### Fixed
Expand Down
96 changes: 94 additions & 2 deletions lib/utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ const _buildSubSelect = (model, { entity, relative, element, next }, row, previo
return childCqn
}

const _getDataSubjectIdQuery = ({ dataSubjectEntity, subs }, row, model) => {
const _old_getDataSubjectIdQuery = ({ dataSubjectEntity, subs }, row, model) => {
const keys = Object.values(dataSubjectEntity.keys)
const as = _alias(dataSubjectEntity)

Expand All @@ -156,6 +156,93 @@ const _getDataSubjectIdQuery = ({ dataSubjectEntity, subs }, row, model) => {
return cqn
}

const _getRelation = (left, right, abort) => {
let a
for (const assoc in left.associations) {
if (left.associations[assoc].target === right.name) {
a = left.associations[assoc]
break
}
}
if (a) {
let backlink
for (const assoc in right.associations) {
if (right.associations[assoc].target === left.name) {
backlink = right.associations[assoc]
break
}
}
return { base: left, target: right, assoc: a, backlink }
}
return abort ? undefined : _getRelation(right, left, true)
}

const _new_getDataSubjectIdQuery = ({ dataSubjectEntity, subs }, row) => {
const qs = []

// multiple subs => entity reused in different branches => must check all
for (const sub of subs) {
const path = []
let s = sub
while (s) {
if (!path.length) {
// the known entity instance as starting point
const kp = Object.keys(s.entity.keys).reduce((acc, cur) => {
if (cur !== 'IsActiveEntity') acc.push(`${cur}='${row[cur]}'`)
return acc
}, [])
path.push({ id: s.entity.name, where: kp })
}

let relation = _getRelation(s.entity, s.next?.entity || dataSubjectEntity)
if (!relation) {
// TODO: no relation found
} else if (relation.base === s.entity) {
// assoc in base
if (relation.assoc === s.element) {
// forwards
path.push({ to: relation.assoc.name })
} else {
// backwards
path[0].id = relation.backlink?.name || s.element.name
path.unshift({ id: relation.target.name })
}
} else {
// assoc in target
path[0].id = s.element.name
path.unshift({ id: relation.base.name })
}

s = s.next
}

// construct path as string
const p = path.reduce((acc, cur) => {
if (!acc) {
acc += `${cur.id}${cur.where ? `[${cur.where.join(' and ')}]` : ''}`
} else {
if (cur.id) {
const close = acc.match(/([\]]+)$/)?.[1]
if (close)
acc =
acc.slice(0, close.length * -1) +
`[exists ${cur.id}${cur.where ? `[${cur.where.join(' and ')}]` : ''}]` +
close
else acc += `[exists ${cur.id}${cur.where ? `[${cur.where.join(' and ')}]` : ''}]`
} else if (cur.to) acc += `.${cur.to}`
}
return acc
}, '')

qs.push(SELECT.one.from(p).columns(...Object.keys(dataSubjectEntity.keys)))
}

// merge queries, if necessary
const q = qs[0]
for (let i = 1; i < qs.length; i++) q.SELECT.from.ref[0].where.push('or', ...qs[i].SELECT.from.ref[0].where)
return q
}

const _getUps = (entity, model) => {
if (entity.own($parents) == null) {
const ups = []
Expand Down Expand Up @@ -246,7 +333,12 @@ const addDataSubjectForDetailsEntity = (row, log, req, entity, model) => {
const map = _getDataSubjectsMap(req)
if (map.has(role)) log.data_subject.id = map.get(role)
// REVISIT by downward lookups row might already contain ID - some potential to optimize
else map.set(role, _getDataSubjectIdQuery(dataSubjectInfo, row, model))
else {
module.exports._getDataSubjectIdQuery ??= cds.env.requires.db?.impl?.startsWith('@cap-js/')
Copy link
Contributor Author

@sjvans sjvans Dec 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

explicit feature flag!

? _new_getDataSubjectIdQuery
: _old_getDataSubjectIdQuery
map.set(role, module.exports._getDataSubjectIdQuery(dataSubjectInfo, row, model))
}
}

const resolveDataSubjects = (logs, req) => {
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@cap-js/audit-logging",
"version": "0.8.2",
"version": "0.8.3",
Copy link
Contributor Author

@sjvans sjvans Dec 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0.9.0

"description": "CDS plugin providing integration to the SAP Audit Log service as well as out-of-the-box personal data-related audit logging based on annotations.",
"repository": "cap-js/audit-logging",
"author": "SAP SE (https://www.sap.com)",
Expand Down
60 changes: 60 additions & 0 deletions test/personal-data-complex/crud.test.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
const cds = require('@sap/cds')

const { POST: _POST, /* PATCH: _PATCH, GET: _GET, DELETE: _DELETE, */ data } = cds.test().in(__dirname)

// the persistent outbox adds a delay
const wait = require('util').promisify(setTimeout)
const DELAY = process.env.CI ? 42 : 7
const POST = (...args) => _POST(...args).then(async res => (await wait(DELAY), res))
// const PATCH = (...args) => _PATCH(...args).then(async res => (await wait(DELAY), res))
// const GET = (...args) => _GET(...args).then(async res => (await wait(DELAY), res))
// const DELETE = (...args) => _DELETE(...args).then(async res => (await wait(DELAY), res))

// TODO: @cap-js/sqlite doesn't support structured properties
// // needed for testing structured properties
// cds.env.odata.flavor = 'x4'

const _logger = require('../utils/logger')({ debug: true })
cds.log.Logger = _logger

describe('personal data audit logging in CRUD with complex model', () => {
if (cds.version.split('.')[0] < 8) return test.skip('only for cds >= 8', () => {})

let __log, _logs
const _log = (...args) => {
if (!(args.length === 2 && typeof args[0] === 'string' && args[0].match(/\[audit-log\]/i))) {
// > not an audit log (most likely, anyway)
return __log(...args)
}

_logs.push(args[1])
}

const ALICE = { username: 'alice', password: 'password' }

beforeAll(() => {
__log = global.console.log
global.console.log = _log
})

afterAll(() => {
global.console.log = __log
})

beforeEach(async () => {
await data.reset()
_logs = []
_logger._resetLogs()
})

describe('data deletion logging', () => {
test('Delete PII record in action', async () => {
const { status: statusLeave } = await POST(
'/collaborations/Collaborations(ID=36ca041a-a337-4d08-8099-c2a0980823a0,IsActiveEntity=true)/CollaborationsService.leave',
{},
{ auth: ALICE }
)
expect(statusLeave).toEqual(204)
})
})
})
192 changes: 192 additions & 0 deletions test/personal-data-complex/db/collaborations.cds
Original file line number Diff line number Diff line change
@@ -0,0 +1,192 @@
using {
cuid,
managed
} from '@sap/cds/common';

using {
sap.taco.core.Students,
sap.hcm.Employees
} from './schema';

namespace sap.taco.collaborations;

entity Collaborations : cuid, managed {
title : String(100);
participants : Composition of many Participants
on participants.collaboration = $self;
applications : Composition of many Applications
on applications.collaboration = $self;
subCollaborations : Composition of many SubCollaborations
on subCollaborations.collaboration = $self;
leadAssignments : Composition of many CollaborationLeadAssignments
on leadAssignments.collaboration = $self;
collaborationLogs : Association to many CollaborationLogs
on collaborationLogs.collaboration = $self;
leads = participants[validFrom <= $now
and validTo >= $now
and isLead = true];
activeParticipants = participants[validFrom <= $now
and validTo >= $now];
}

@assert.unique: {onlyOne: [
collaboration,
student
], }
entity Participants : cuid {
collaboration : Association to one Collaborations;
student : Association to one Students;
employeeNav : Association to one Employees
on employeeNav.userID = student.userID;
validFrom : Date;
validTo : Date;
isLead : Boolean default false;
leadAssignment : Association to one CollaborationLeadAssignments
on leadAssignment.collaboration = collaboration
and leadAssignment.student = student;
subCollaborations : Composition of many SubCollaborationAssignments
on subCollaborations.participant = $self;
collaborationLogs : Association to many CollaborationLogs
on collaborationLogs.collaboration_ID = collaboration.ID
and student.userID = collaborationLogs.userID;
}

@assert.unique: {onlyOne: [
collaboration,
student
], }
entity CollaborationLeadAssignments : cuid {
collaboration : Association to one Collaborations;
student : Association to one Students;
employeeNav : Association to one Employees
on employeeNav.userID = student.userID;
validFrom : Date;
validTo : Date;
}

@assert.unique: {onlyOne: [
collaboration,
student
], }
entity Applications : cuid {
collaboration : Association to one Collaborations;
student : Association to one Students;
employeeNav : Association to one Employees
on employeeNav.userID = student.userID;
application : String(1000);
subCollaborationApplications : Composition of many SubCollaborationApplications
on subCollaborationApplications.application = $self;
}

@assert.unique: {onlyOne: [
subCollaboration,
application
], }
entity SubCollaborationApplications : cuid {
subCollaboration : Association to one SubCollaborations;
application : Association to one Applications;
leads : Association to many SubCollaborationLeads
on leads.subCollaboration_ID = subCollaboration.ID;
}

entity SubCollaborations : cuid {
collaboration : Association to one Collaborations;
title : String(100);
participants : Association to many SubCollaborationAssignments
on participants.subCollaboration = $self @odata.draft.enclosed;
activeParticipants : Association to many ActiveSubCollaborationAssignments
on activeParticipants.subCollaboration = $self;
leads : Association to many SubCollaborationLeads
on leads.subCollaboration = $self /* and leads.isLead = true */;
}

entity ActiveSubCollaborationAssignments as
select from SubCollaborationAssignments {
*,
participant.student.userID as student_userID @UI.Hidden,
}
where
validFrom <= $now
and validTo >= $now;

entity SubCollaborationsVH as select from SubCollaborations;

annotate SubCollaborationsVH with {
ID @UI.Hidden: false @Common.Text: title @Common.TextArrangement: #TextOnly
}

@assert.unique: {onlyOne: [
subCollaboration_ID,
participant
], }
entity SubCollaborationAssignments : cuid {
subCollaboration_ID : UUID;
subCollaboration : Association to one SubCollaborations
on subCollaboration.ID = subCollaboration_ID;
participant : Association to one Participants;
isLead : Boolean default false;
validFrom : Date;
validTo : Date;
}

//REVISIT: Once isLead = true works also in associations and within exists navigations can be used
@readonly
entity SubCollaborationLeads as
projection on SubCollaborationAssignments {
*,
participant.student.userID as student_userID @readonly
}
where
isLead = true
and validFrom <= $now
and validTo >= $now;

annotate SubCollaborationLeads with {
participant @readonly;
}

entity CollaborationLogs : cuid {
userID : String;
student : Association to one Students
on student.userID = userID;
collaboration_ID : UUID;
collaboration : Association to one Collaborations
on collaboration.ID = collaboration_ID;
participant : Association to one Participants
on participant.student.userID = userID
and participant.collaboration.ID = collaboration_ID;
title : String(100);
approver : Association to one Employees;
}

annotate Collaborations {
endDate @PersonalData.FieldSemantics: 'EndOfBusinessDate';
}

annotate Applications with @PersonalData : {
DataSubjectRole : 'Student',
EntitySemantics : 'Other'
} {
student @PersonalData.FieldSemantics: 'DataSubjectID';
application @PersonalData.IsPotentiallyPersonal;
}

annotate CollaborationLeadAssignments with @PersonalData : {
DataSubjectRole : 'Student',
EntitySemantics : 'Other'
} {
student @PersonalData.FieldSemantics: 'DataSubjectID';
}

annotate Participants with @PersonalData: {
DataSubjectRole: 'Student',
EntitySemantics: 'Other'
} {
student @PersonalData.FieldSemantics: 'DataSubjectID';
validTo @PersonalData.FieldSemantics: 'EndOfBusinessDate';
}

annotate CollaborationLogs with {
userID @PersonalData.FieldSemantics: 'DataSubjectID';
approver @PersonalData.FieldSemantics: 'UserID';
}
3 changes: 3 additions & 0 deletions test/personal-data-complex/db/data/sap.hcm-Employees.csv
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
userID;displayName;firstName;lastName;initials;email;mobilePhone;officePhone;manager_userID
alice;Alice;Alice;;A;[email protected];123;456;I123456
I123456;Bettina;Bettina;;B;[email protected];789;101112;
Loading
Loading