function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
MATTYBMEMATTYBME 

Warning! Edit Action on apex:enhancedList allows Portal User to Edit entire Case

Not sure if it was intended but allowing a Customer Portal User edit access on Cases so that they can add Attachements and Comments to a Case allows them to edit the entire Case via the Edit Action on the enhancedList. This is a big no no and I do not know how to stop them from editing the entire Case while still allowing them to add Attachments and Comments. I need to use the enhanceList functionality for sorting purposes on the list.

 

Is there a way to stop the edit action on the enhancedList?

 

HarmpieHarmpie
I don't think you can hide the edit link on the enhanced list if the user who views it has edit access. Are you sure a person needs edit-access to a case to upload attachments or add comments? I think read should be sufficient. If you do need edit-access, you can probably work around it by assigning your customer portal users a different page layout for cases, if necessary in combination with record types (to differ between a New case and the Edit page for a case), which has less (or no) editable information on it.
MATTYBMEMATTYBME
Harm, yeah unfortunately you need edit access in order to add attachments and case comments. And even with a different record type(which I have for Portal users) they still can edit the subject and body of the Case on historical(past Cases). Not good news!
JAW99JAW99
Be sure to add history tracking then if there's people editing cases who you don't want to be.
MATTYBMEMATTYBME
Good Idea but seems to be a security issue that Salesforce need to address. Does not make sense to allow full edit access to a Case just to add attachments and Comments. If adding Comments and Attachments was some other check box on the profile, so as not to have to give Case Edit Access, then the Action to Edit on the apex enhancedList would not display.
JAW99JAW99
Could you alter the access at the field level for the users you want to preclude from editing.
MATTYBMEMATTYBME
If you adjust the field level security no one can add attachments or comments. Tried it all.
rtscottrtscott

Just came across this old thread and thought I would comment. We had this same problem - Customer Portal users need to have 'Edit' rights on the Case object to add attachments, but we did not want them to have the ability to edit the Case. What we did was hide the 'Edit' link on the list view by adding a bit of CSS to the header file. This will hide the 'Edit' button if the Customer Portal user is in the portal using a browser with CSS enabled (which, most should be by default.)

 

 

.mruItem .userMru,
th.actionColumn,
td.actionColumn,
select#hotlist_mode {
  display: none;
}

 

.mruItem .userMru,

th.actionColumn,

td.actionColumn,

select#hotlist_mode {

  display: none;

}

 

It's a bit of a hack. but it works.

 

HTH,

 

-- Rob

FrankWHansenFrankWHansen

Hi Rob. I added your css style to my visual force page. I was hoping to remove the edit/del action item. it did not seem to do the trick..."it" being the CSS you posted. Any other hints?

 

Thanks

Frank