Monday, 21 December 2020

How to sanitize sObjects that have been deserialized from an untrusted source with Security.stripInaccessible

 Hi ,

Let's assume we recieved  a json string with "Name" and "Annual Revenue" to update on Account.

But user doesn't have permisson to update Annual Revenue on Account object. 

Then we can avoid updating Annual Revenue on Account object as shown below.


String jsonInput =

'[' +

'{' +

'"Name": "InGen",' +

'"AnnualRevenue": "100"' +

'},' +

'{' +

'"Name": "Octan"' +

'}' +

']';


List<Account> accounts = (List<Account>)JSON.deserializeStrict(jsonInput, List<Account>.class);

SObjectAccessDecision securityDecision = Security.stripInaccessible(

                                         AccessType.UPDATABLE, accounts);

// Secure update

update securityDecision.getRecords(); // Doesn’t update AnnualRevenue field

System.debug(String.join(securityDecision.getRemovedFields().get('Account'), ', ')); // Prints "AnnualRevenue"

System.debug(String.join(securityDecision.getModifiedIndexes(), ', ')); // Prints "0”



Reference:

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_with_security_stripInaccessible.htm

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

What’s the difference between Einstein Article Recommendations and Suggested Articles?

How Does Einstein Article Recommendations Work? Einstein Article Recommendations helps support agents resolve customer cases efficiently by ...