Monday, 21 December 2020

Removing inaccessible relationship fields from the query result with Security.stripInaccessible

 Hi,

Let's see the following code how it handles when user doesn’t have permission to insert the Account__c field, which is a lookup from MyCustomObject__c to Account.

// Account__c is a lookup from MyCustomObject__c to Account

@isTest

   public class TestCustomObjectLookupStripped {

      @isTest static void caseCustomObjectStripped() {

         Account a = new Account(Name='foo');

         insert a;

         List<MyCustomObject__c> records = new List<MyCustomObject__c>{

            new MyCustomObject__c(Name='Custom0', Account__c=a.id)

         };

         insert records;

         records = [SELECT Id, Account__c FROM MyCustomObject__c];

         SObjectAccessDecision securityDecision = Security.stripInaccessible

                                                  (AccessType.READABLE, records);

         

         // Verify stripped records

         System.assertEquals(1, securityDecision.getRecords().size());

         for (SObject strippedRecord : securityDecision.getRecords()) {

             System.debug('Id should be set as Id fields are ignored: ' + 

                           strippedRecord.isSet('Id')); // prints true

             System.debug('Lookup field FLS is not READABLE to running user, 

                           should not be set: ' +

                           strippedRecord.isSet('Account__c')); // prints false

         }

      }

   }


Reference:

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_with_security_stripInaccessible.htm

at

1 comment:

Subscribe to: Post Comments (Atom)

What’s the difference between Einstein Article Recommendations and Suggested Articles?

How Does Einstein Article Recommendations Work? Einstein Article Recommendations helps support agents resolve customer cases efficiently by ...