Friday, 15 May 2015

How to check accessibility of an user on a particular record ?

It is a very challenging requirement, Generally we will update records through trigger for complex requirement.
 Lets think a scenario where we have to update a particular field value(say field name-IsUpdate) on an Opportunity and few profile is having editable access to that field,there is a already a trigger written for other purpose(updating some other thing) on Opportunity,So we have to modify same trigger and add our logic in that trigger.
Our first and foremost approach  would be checking profile name in the condition as below.

Approach-1(Using profile)

Assume that profile "Test_profile_name" is having editable access to that field(IsUpdate)
Profile ProfileName = [select Name from profile where id = :userinfo.getProfileId()];
for(Opportunity opp:trigger.new){

     if(profileName.Name.containsIgnoreCase('Test_profile_name')){
   
          // opp.IsUpdate = true;
     }
}

It will work fine no doubt, But let assume we have more than 100 profiles having editable access then we have add each profile name in same condition separated by OR.

if(profileName.Name.containsIgnoreCase('Test_profile_name') OR profileName.Name.containsIgnoreCase('Test_profile_name')...................)

What if profile name is renamed or deleted then also it wont work. So finally above approach is not good at all.

Approach-2(Enforcing Object and Field Permissions)

We can avoid above issue by using sobject describe result method.

if (Schema.sObjectType.Opportunity.fields.IsUpdate.isUpdateable()) {
   // Update Opportunity IsUpdate
}

This approach is 90% right still some problem is there, By this approach we can check object level access but what about record level access ? As we are dealing with record(updating record) we have to check record level accessibility.

It is quite often that one user may have object level edit access still he/she cant edit particular record.

Approach-3(Using UserRecordAccess object).

You can write query to fetch user access to a record 

UserRecordAccess  = [SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel
                     FROM UserRecordAccess
                     WHERE UserId = [single ID]
                     AND RecordId = [single ID]
 
or 
 
SELECT Id, Name, UserRecordAccess.HasReadAccess, UserRecordAccess.HasTransferAccess, UserRecordAccess.MaxAccessLevel 
      FROM Opportunity
for more details 
https://www.salesforce.com/developer/docs/api/Content/sforce_api_objects_userrecordaccess.htm
 

No comments: