cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

sap build code authorization error: Cannot read properties of undefined (reading '$count')

mostafa4
Explorer

on ‎2025 Feb 03 1:22 PM

0 Kudos
500

I am working on a CAP (Cloud Application Programming) model where I have an entity called booksService.books, and I am applying role-based access control to filter certain fields based on user roles.

entity books {
key ID : UUID;
title : String;
author : String;
Sales : Integer;
Price : Integer;

User Roles and Their Permissions:

  • AdminAll → Can see all data
  • viewExSales → Can see all fields except sales 

I initially wrote this event handler to modify the query when a user has the "viewExSales" role, so they cannot see the Sales column:

 

/**
 * 
 * @On(event = { "READ" }, entity = "booksService.books")
 * @Param {Object} request - User information, tenant-specific CDS model, headers, and query parameters
 */
module.exports = async function (request) {
    if (request.user.is('viewExSales')) {
        // Remove the 'Sales' column from the query
        request.query.columns = request.query.columns.filter(column => column !== 'Sales');
    }
};

 

 i get error

 

[cds] - ️Uncaught TypeError: Cannot read properties of undefined (reading '$count')
    at all (/home/user/projects/books/node_modules/@sap/cds/libx/_runtime/fiori/lean-draft.js:982:80)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async cds.ApplicationService.handle (/home/user/projects/books/node_modules/@sap/cds/libx/_runtime/fiori/lean-draft.js:447:20)

 

So, I also tried implementing manual query filtering based on roles like this

 

module.exports = async function(request) {
    const { books } = cds.entities;
    const user = request.user;
    
    let columns = ['ID', 'title', 'author', 'Sales', 'Price'];

    if (user) {
        const userRoles = Array.isArray(user.roles) ? user.roles : Object.keys(user.roles);

        if (userRoles.includes('AdminAll')) {
            return await SELECT.from(books).columns(...columns);
        } 
        
        if (userRoles.includes('viewExSales')) {
            columns = columns.filter(col => col !== 'Sales');
        }

        return await SELECT.from(books).columns(...columns);
    } 

    return await SELECT.from(books).columns(...columns);
};

 

it works and returned the data correctly but there were issues in it

Issue:

  1. Filters and searches applied via the generated Fiori UI are ignored.
  • If I filter by title or author, the backend still returns the full dataset instead of the filtered results.
  • It seems like my custom query is overriding the default behavior of CAP filtering.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
xinye
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 05 8:16 AM
0 Kudos
Hi @mostafa4, regarding your question, I have tried to reproduce the same steps as yours. Have you added the corresponding role into your BTP user? I did it, and re-login the BTP subaccount and verified it after waiting for a few moments, the `Sales` column data is hidden as expected. Would you double check it?
mostafa4
Explorer
‎2025 Feb 05 8:28 AM
0 Kudos
hi @xinye sorry for the confusion the problem in the second code is that any additional queries will not work as I return the same book data. for example in the ui if i use the search field to search for a title or a author it will always return all the data and the same for the filters. I asked joule to generate code to help me but it code always gave me the error Uncaught TypeError: Cannot read properties of undefined (reading '$count').
xinye
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 05 9:02 AM
0 Kudos
Hi @mostafa4, thanks for the clarification, I got your point now. Per my testing, it looks your requirement can not be achieved from the custom logic. Have you tried the alternative option? For example, create a new service projection entity without `Sales`, and assign role to this new service entity only?

Accepted Solutions (0)

Answers (0)

Ask a Question