Apex Code Development You need to sign in to do that
Don't have an account?
emlizmue Sharing Settings and Guest Users
I am trying to do 2 things:
1 - have one user (API user) who has access to only contact records of a specific record type
2 - use a force.com site as a webhook to record unsubscribes from an outside email marketing system
I had the force.com site webhook working great when I had our Sharing Settings set to Contacts: Public Read/Write. But I had to change the setting to Private in order to restrict the access of the API user and now the webhook no longer works because the Guest User of that site can no longer edit the Email Opt Out field. The field accessibility is not the problem, as it was working before I changed Sharing Settings and I've double checked.
Does anyone have any idea on how I can accomplish both of these tasks? Is there another way to restrict the access of that user without changing the Sharing Settings of the Contact object to Private and then creating exceptions?
Are you using standard controllers for the page that allows the editing of the Email Opt Out field?
Actually, it's a custom controller created by the email marketing company (MailChimp). Here is the apex class body:
/** UnsubscribeController Created: 04/06/10 Updated: 04/08/10 */ public with sharing class UnsubscribeController { public PageReference handleUnsubscribe() { System.debug('*** Starting handleUnsubscribe()'); // Retrieve the "secret" code for the page String code = getCode(); System.debug('*** Code = ' + code); // Check the "security code" to make (somewhat) sure the request // is from our MailChimp WebHook String requestCode = ApexPages.currentPage().getParameters().get('code'); if (requestCode == null || !code.equals(requestCode)) { // Missing or wrong security code - fail silently so we don't reveal anything to the caller System.debug('*** Invalid security code: ' + requestCode); return null; } // Get email address from posted parameters String email = ApexPages.currentPage().getParameters().get('data[email]'); if (email == null || email.length() <= 0) { System.debug('*** Missing email parameter'); return null; } else { System.debug('*** Email to unsubscribe: ' + email); } // "Neutralize" characters in the email which could be used maliciously in search query String saferEmail = String.escapeSingleQuotes(email); saferEmail.replace('*', '\\*'); saferEmail.replace('?', '\\?'); // Search for any lead(s) and contact(s) record(s) with the email address List<List<SObject>> searchList = [FIND :saferEmail IN EMAIL FIELDS RETURNING Contact(id), Lead(id) ]; List<Contact> contacts = ((List<Contact>)searchList[0]); List<Lead> leads = ((List<Lead>)searchList[1]); // Update the opt-out field of record(s) (make sure the // current user has permission to view and update the opt-out field) for (Contact c : contacts) { c.HasOptedOutOfEmail = true; } for (Lead l : leads) { l.HasOptedOutOfEmail = true; } // Save the updates if (contacts.size() > 0) { update contacts; } if (leads.size() > 0) { update leads; } return null; } private String getCode() { try { StaticResource sr = [ SELECT Body, Name FROM StaticResource WHERE Name = 'WebHooksConfig' LIMIT 1 ]; String xml = sr.Body.toString(); System.debug('**** XML: \n' + xml); Dom.Document doc = new Dom.Document(); doc.load(xml); Dom.XMLNode webhooks = doc.getRootElement(); for (Dom.XMLNode node : webhooks.getChildElements()) { String id = node.getAttribute('id', ''); if (id.equalsIgnoreCase('unsubscribe')) { return node.getAttribute('code', ''); } } } catch (Exception e) { System.debug('*** Error: ' + e); } return null; } public static testMethod void testHandleUnsubscribe() { // Create lead and contact for testing Lead myLead = new Lead( firstName = 'John', lastName = 'Tester', company = 'Test Corp.', email = 'tester@test.com'); Contact myContact = new Contact( firstName = 'Jane', lastName = 'Tester', email = 'jtester@coolcorp.com'); insert myLead; insert myContact; // Verify that lead has not opted out myLead = [ SELECT Id, Name, email, HasOptedOutOfEmail FROM Lead WHERE Id = :myLead.id ]; System.assert(!myLead.HasOptedOutOfEmail, '*** Lead should not have opted out!'); // Set up fixed SOSL search results (otherwise SOSL returns empty in testing) Id[] fixedSearchResults = new Id[2]; fixedSearchResults[0] = myLead.Id; fixedSearchResults[1] = myContact.Id; Test.setFixedSearchResults(fixedSearchResults); // Instantiate controller UnsubscribeController controller = new UnsubscribeController(); // Verify that we have a "secret" code and can read it String code = controller.getCode(); System.assert(code != NULL && code.length() > 0, 'Code is null!'); // Set up page context and parameters PageReference pageRef = Page.Unsubscribe; Test.setCurrentPage(pageRef); ApexPages.currentPage().getParameters().put('type', 'unsubscribe'); ApexPages.currentPage().getParameters().put('data[email]', myLead.Email); ApexPages.currentPage().getParameters().put('code', code); // Call controller and verify that lead has now opted out controller.handleUnsubscribe(); myLead = [ SELECT Id, Name, HasOptedOutOfEmail FROM Lead WHERE Id = :myLead.id ]; System.assert(myLead.HasOptedOutOfEmail, '*** Lead should have opted out!'); // Try again, but without the right security code myLead.HasOptedOutOfEmail = false; update myLead; ApexPages.currentPage().getParameters().remove('code'); controller.handleUnsubscribe(); myLead = [ SELECT Id, Name, HasOptedOutOfEmail FROM Lead WHERE Id = :myLead.Id ]; System.assert(!myLead.HasOptedOutOfEmail, '*** Lead should not have opted out!'); // Try again with correct code and contact's email ApexPages.currentPage().getParameters().put('data[email]', myContact.Email); ApexPages.currentPage().getParameters().put('code', code); controller.handleUnsubscribe(); myContact = [ SELECT Id, Name, HasOptedOutOfEmail FROM Contact WHERE Id = :myContact.Id ]; System.assert(myContact.HasOptedOutOfEmail, '*** Contact should have opted out!'); // Try again without email parameter ApexPages.currentPage().getParameters().remove('data[email]'); controller.handleUnsubscribe(); } }This class is declared as with sharing, which means it will respect the sharing rules of the current user - in this case the guest user won't have any access to these records. You could change this to without sharing, which would give access to all data.
There's more information in this at:
http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_classes_keywords_sharing.htm
Hello Bob
I was encountering the same problem with my site guest user login and accessing standard object (with Sharing Setting set to PRIVATE)
But when i changed the Apex Controlelr defination from 'with sharing' to 'without sharing', i can access the Object.
Just wondering if its the correct way / workaround. Will there be any CONS to this alternative?
Thanks
Sid
Hello emlizmue
I am facing the same issue. Have you used the same solution advised by Bob or come up with some other alternative?
Thanks
Sid
We never did get this to work long-term. It worked for a while and when it stopped working we were never able to determine if the error was caused by a change we made or a change that MailChimp (the provider of the code above) made.