UNPKG

@sap/xsodata

Version:

Expose data from a HANA database as OData V2 service with help of .xsodata files.

78 lines (64 loc) 3.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
'use strict'; var Http405_MethodNotAllowed = require('../../utils/errors/http/methodNotAllowed'), Http501_MethodNotSupported = require('../../utils/errors/http/notSupported'); module.exports = function checkAllowdMethodsForResourePath(context, callback) { var method = context.request.method.toLowerCase(); var dbLast = context.oData.dbSegmentLast; if (context.batchContext) { if (!context.batchContext.inChangeSet) { if (method === 'post') { return callback(new Http405_MethodNotAllowed('When using OData batch method POST is only allowed inside changesets'), context); } if (method === 'put') { return callback(new Http405_MethodNotAllowed('When using OData batch method PUT is only allowed inside changesets'), context); } if (method === 'delete') { return callback(new Http405_MethodNotAllowed('When using OData batch method DELETE is only allowed inside changesets'), context); } } } //normal request processing if (method === 'post') { if (!dbLast.isCollection) { if ( context.oData.dbSegment && context.oData.dbSegment.isLinks ) { return callback(new Http405_MethodNotAllowed('The URI is not valid for POST operation. To edit linked resources of this relationship type, please use PUT.'), context); } else { return callback(new Http405_MethodNotAllowed('The URI is not valid for POST operation. The URI must point to an entity set for POST operations.'), context); } } } if (method === 'put') { if (dbLast.isCollection) { if ( !context.oData.dbSegment || context.oData.dbSegment === context.oData.dbSegmentLast) { return callback(new Http405_MethodNotAllowed('The URI is not valid for PUT operation. The URI must point to a single resource for PUT operations.'), context); } if ( context.oData.dbSegment && !context.oData.dbSegment.isLinks ) { return callback(new Http405_MethodNotAllowed('The URI is not valid for PUT operation. The URI must point to a single resource for PUT operations.'), context); } if ( context.oData.dbSegment && context.oData.dbSegment.isLinks && !context.oData.dbSegment.getOver()) { return callback(new Http405_MethodNotAllowed('The URI is not valid for PUT operation. To edit linked resources of this relationship type, please use POST.'), context); } } //no check for $count because $count is only allowed collections and the "no PUT on collections check" is done first //and if $cound is used behind property than the check "Count only on collections " is done first if (dbLast.restriction.onlyValue) { return callback(new Http501_MethodNotSupported('PUT is not supported for $value'), context); } } if (method === 'delete') { if (dbLast.isCollection) { return callback(new Http405_MethodNotAllowed('The URI is not valid for DELETE operation. The URI must point to a single resource from an entity set or from a property referring to a set of resources.'), context); } //no check for $count because $count is only allowed collections and the "no PUT on collections check" is done first //and if $cound is used behind property than the check "Count only on collections " is done first if (dbLast.restriction.onlyValue) { return callback(new Http405_MethodNotAllowed('DELETE is not valid for $value'), context); } if (dbLast.singleProperty) { return callback(new Http405_MethodNotAllowed('DELETE is not valid for property'), context); } } return callback(null, context); } ;