-
Notifications
You must be signed in to change notification settings - Fork 521
CanTheUser
A reusable, intuitive library for determining wether or not the current use can create, read, edit, or delete objects as well as determining if the user has access or update permissions on specific fields. This class name was chosen to facilitate easy-to-understand and read code. Whenever you need to check FLS or CRUD access your code reads like this if(CanTheUser.read(new account())){} making the calling and use of this code easy and intuitive.
bulk form of flsAccessible
| Param | Description |
|---|---|
obj |
Obj name on which to check |
fields |
Set of Fields to check for accessibility. |
String[] fields = new String[]{'Name', 'ShippingStreet'};
System.debug(CanTheUser.bulkFLSAccessible('Account', fields));bulk form of flsUpdatable call
| Param | Description |
|---|---|
obj |
Name of the object |
fields |
Set of Field names to check |
String[] fields = new String[]{'Name', 'ShippingStreet'};
System.debug(CanTheUser.bulkFLSUpdatable('Account', fields));convenience api for determining if the running user can create the specified object
| Param | Description |
|---|---|
obj |
Object type to check create permissions on |
System.debug(CanTheUser.create(new Account()));| Param | Description |
|---|---|
obj |
the object type to check |
permission |
create, read, update or delete |
System.debug(CanTheUser.crud(new Account(), CanTheUser.CrudType.READ));convenience api for determining if the running user can delete/destroy the specified object
| Param | Description |
|---|---|
obj |
object type to check destroy permissions on |
System.debug(CanTheUser.destroy(new Account()));convenience api for determining if the running user can edit / update the specified object
| Param | Description |
|---|---|
obj |
object type to check edit permissions on |
System.debug(CanTheUser.edit(new Account()));public method to determine if a given field on a given object is Accessible (readable)
| Param | Description |
|---|---|
obj |
the object in question, in string form |
field |
the field in question in SObjectField form |
System.debug(CanTheUser.flsAccessible('Account', 'Name'));public method to determine if a given field on a given object is Updatable.
| Param | Description |
|---|---|
obj |
the string version of an object name |
field |
the field to check |
System.debug(CanTheUser.flsUpdatable('Account', 'Name'));Abstracted method for retrieving or calculating (memoization) of the FLS for a given field on a given object.
| Param | Description |
|---|---|
obj |
String version of object name to check |
field |
String version of the field to check |
checkType |
Enum of Accessible or Updatable. |
Utilizes the Metadata catalog to determine FLS Note: this method contains a false-positive PMD violation. Normally, we'd want to check for FLS/CRUD here, but for metadata catalog objects that admins cannot remove permissions to we're ok. Additionally, even the minimum access profile user has read access to the FieldPermissions object.
| Param | Description |
|---|---|
objType |
String version of the object type to check |
action |
Enum of the FLS action to check permissions for |
convenience api for determining if the running user can read / access the specified object
| Param | Description |
|---|---|
obj |
object type to check read permissions on |
System.debug(CanTheUser.read(new Account()));Internal custom exception class
Description this cachebuilder interface allows the CanTheUser class to cache per-object results for each object requested. This prevents the need to repeatedly calculate permission usage by calling Schema.Describe* calls
Required method for the CacheBuilder interface. Used here to either calculate an objects per-user FLS, OR to return it from Cache. The return datastructure for this is Map<String, Map<FLSType,Boolean>> and represents: FieldName -> FLStype -> True/False
| Param | Description |
|---|---|
objType |
String object name used as the cache key |