SAP-archive · lvhengel · Nov 2, 2021 · Nov 3, 2021 · Nov 3, 2021 · Nov 3, 2021
diff --git a/cap/package-lock.json b/cap/package-lock.json
diff --git a/cap/package.json b/cap/package.json
@@ -1,54 +1,72 @@
 {
-    "name": "cap",
-    "version": "1.0.0",
-    "description": "A simple CAP project.",
-    "repository": "<Add your repository here>",
-    "license": "UNLICENSED",
-    "private": true,
-    "dependencies": {
-        "@sap/cds": "^5.5.4",
-        "express": "^4",
-        "hdb": "^0.19"
+  "name": "cap",
+  "version": "1.0.0",
+  "description": "A simple CAP project.",
+  "repository": "<Add your repository here>",
+  "license": "UNLICENSED",
+  "private": true,
+  "dependencies": {
+    "@sap/cds": "^5.5.4",
+    "cors": "^2.8.5",
+    "express": "^4",
+    "hdb": "^0.19",
+    "helmet": "^4.6.0",
+    "passport": "^0.5.0"
+  },
+  "devDependencies": {
+    "sqlite3": "^5.0.2"
+  },
+  "scripts": {
+    "start": "cds run"
+  },
+  "eslintConfig": {
+    "extends": "eslint:recommended",
+    "env": {
+      "es2020": true,
+      "node": true,
+      "jest": true,
+      "mocha": true
     },
-    "devDependencies": {
-        "sqlite3": "^5.0.2"
+    "globals": {
+      "SELECT": true,
+      "INSERT": true,
+      "UPDATE": true,
+      "DELETE": true,
+      "CREATE": true,
+      "DROP": true,
+      "CDL": true,
+      "CQL": true,
+      "CXL": true,
+      "cds": true
     },
-    "scripts": {
-        "start": "cds run"
-    },
-    "eslintConfig": {
-        "extends": "eslint:recommended",
-        "env": {
-            "es2020": true,
-            "node": true,
-            "jest": true,
-            "mocha": true
-        },
-        "globals": {
-            "SELECT": true,
-            "INSERT": true,
-            "UPDATE": true,
-            "DELETE": true,
-            "CREATE": true,
-            "DROP": true,
-            "CDL": true,
-            "CQL": true,
-            "CXL": true,
-            "cds": true
-        },
-        "rules": {
-            "no-console": "off",
-            "require-atomic-updates": "off"
+    "rules": {
+      "no-console": "off",
+      "require-atomic-updates": "off"
+    }
+  },
+  "cds": {
+    "requires": {
+      "db": {
+        "kind": "sql"
+      },
+      "auth": {
+        "kind": "basic-auth",
+        "users": {
+          "employee": {
+            "roles": [
+              "Employee"
+            ]
+          },
+          "admin": {
+            "roles": [
+              "Admin"
+            ]
+          }
         }
+      }
     },
-    "cds": {
-        "requires": {
-            "db": {
-                "kind": "sql"
-            }
-        },
-        "hana": {
-            "deploy-format": "hdbtable"
-        }
+    "hana": {
+      "deploy-format": "hdbtable"
     }
+  }
 }
diff --git a/cap/srv/cat-service.cds b/cap/srv/cat-service.cds
@@ -1,5 +1,15 @@
 using my.bookshop as my from '../db/data-model';
 
-service CatalogService {
-    @readonly entity Books as projection on my.Books;
-}
+service CatalogService @(requires : 'authenticated-user') {
+    entity Books @(restrict : [
+        {
+            grant : ['READ'],
+            to    : 'Employee',
+            where : 'stock > 100'
+        },
+        {
+            grant : ['*'],
+            to    : 'Admin'
+        }
+    ]) as projection on my.Books;
+}
diff --git a/cap/srv/server.js b/cap/srv/server.js
@@ -1,6 +1,24 @@
-const cds = require ('@sap/cds')
-cds.on('bootstrap', (app) => {
+const cds = require("@sap/cds");
+const cors = require("cors");
+const helmet = require("helmet");
 
-})
+cds.on("bootstrap", (app) => {
+  var corsOptions = {
+    origin: "http://localhost:4004",
+    optionsSuccessStatus: 200, // some legacy browsers (IE11, various SmartTVs) choke on 204
+  };
 
-module.exports = cds.server
+  app.use(cors(corsOptions));
+  app.use(
+    helmet({
+      contentSecurityPolicy: {
+        directives: {
+          ...helmet.contentSecurityPolicy.getDefaultDirectives(),
+          // custom settings
+        },
+      },
+    })
+  );
+});
+
+module.exports = cds.server;
diff --git a/cap/test.http b/cap/test.http
@@ -0,0 +1,38 @@
+### Read without authenticatino
+GET http://localhost:4004/catalog/Books HTTP/1.1
+
+### Read all with employee
+GET http://localhost:4004/catalog/Books HTTP/1.1
+Authorization: Basic employee:
+
+### Single Read
+GET http://localhost:4004/catalog/Books(1) HTTP/1.1
+Authorization: Basic employee:
+
+### Write with employee
+PATCH http://localhost:4004/catalog/Books(1) HTTP/1.1
+Authorization: Basic employee:
+content-type: application/json
+
+{
+    "stock": 200
+}
+
+### Delete with employee
+DELETE http://localhost:4004/catalog/Books(1) HTTP/1.1
+Authorization: Basic employee:
+
+
+### Write with admin
+PATCH http://localhost:4004/catalog/Books(1) HTTP/1.1
+Authorization: Basic admin:
+content-type: application/json
+
+{
+    "stock": 200
+}
+
+### Delete with admin
+DELETE http://localhost:4004/catalog/Books(1) HTTP/1.1
+Authorization: Basic admin:
+