It is a very challenging requirement, Generally we will update records through trigger for complex requirement.
Lets think a scenario where we have to update a particular field value(say field name-IsUpdate) on an Opportunity and few profile is having editable access to that field,there is a already a trigger written for other purpose(updating some other thing) on Opportunity,So we have to modify same trigger and add our logic in that trigger.
Our first and foremost approach would be checking profile name in the condition as below.
Approach-1(Using profile)
Assume that profile "Test_profile_name" is having editable access to that field(IsUpdate)
Profile ProfileName = [select Name from profile where id = :userinfo.getProfileId()];
for(Opportunity opp:trigger.new){
if(profileName.Name.containsIgnoreCase('Test_profile_name')){
// opp.IsUpdate = true;
}
}
It will work fine no doubt, But let assume we have more than 100 profiles having editable access then we have add each profile name in same condition separated by OR.
if(profileName.Name.containsIgnoreCase('Test_profile_name') OR profileName.Name.containsIgnoreCase('Test_profile_name')...................)
What if profile name is renamed or deleted then also it wont work. So finally above approach is not good at all.
Approach-2(Enforcing Object and Field Permissions)
We can avoid above issue by using sobject describe result method.
if (Schema.sObjectType.Opportunity.fields.IsUpdate.isUpdateable()) {
// Update Opportunity IsUpdate
}
This approach is 90% right still some problem is there, By this approach we can check object level access but what about record level access ? As we are dealing with record(updating record) we have to check record level accessibility.
It is quite often that one user may have object level edit access still he/she cant edit particular record.
Approach-3(Using UserRecordAccess object).
You can write query to fetch user access to a record
Lets think a scenario where we have to update a particular field value(say field name-IsUpdate) on an Opportunity and few profile is having editable access to that field,there is a already a trigger written for other purpose(updating some other thing) on Opportunity,So we have to modify same trigger and add our logic in that trigger.
Our first and foremost approach would be checking profile name in the condition as below.
Approach-1(Using profile)
Assume that profile "Test_profile_name" is having editable access to that field(IsUpdate)
Profile ProfileName = [select Name from profile where id = :userinfo.getProfileId()];
for(Opportunity opp:trigger.new){
if(profileName.Name.containsIgnoreCase('Test_profile_name')){
// opp.IsUpdate = true;
}
}
It will work fine no doubt, But let assume we have more than 100 profiles having editable access then we have add each profile name in same condition separated by OR.
if(profileName.Name.containsIgnoreCase('Test_profile_name') OR profileName.Name.containsIgnoreCase('Test_profile_name')...................)
What if profile name is renamed or deleted then also it wont work. So finally above approach is not good at all.
Approach-2(Enforcing Object and Field Permissions)
We can avoid above issue by using sobject describe result method.
if (Schema.sObjectType.Opportunity.fields.IsUpdate.isUpdateable()) {
// Update Opportunity IsUpdate
}
This approach is 90% right still some problem is there, By this approach we can check object level access but what about record level access ? As we are dealing with record(updating record) we have to check record level accessibility.
It is quite often that one user may have object level edit access still he/she cant edit particular record.
Approach-3(Using UserRecordAccess object).
You can write query to fetch user access to a record
UserRecordAccess = [SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel
FROM UserRecordAccess
WHERE UserId = [single ID]
AND RecordId = [single ID]
or
SELECT Id, Name, UserRecordAccess.HasReadAccess, UserRecordAccess.HasTransferAccess, UserRecordAccess.MaxAccessLevel
FROM Opportunity
for more details
https://www.salesforce.com/developer/docs/api/Content/sforce_api_objects_userrecordaccess.htm
No comments:
Post a Comment