+ Start a Discussion
Shruthi GM 6Shruthi GM 6 

I am facing this error in Platform developer 1 Spring 19 maintenance exam

"Your Apex code contains field level access checks that are redundant now that you've added 'WITH SECURITY_ENFORCED'. Please check your code again."

Code is:-

@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        if (Schema.SObjectType.Contact.isAccessible()
            && Schema.SObjectType.Contact.fields.Name.isAccessible()
            && Schema.SObjectType.Contact.fields.Secret_Key__c.isAccessible()){
            List<Contact> results = [SELECT id FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
            if (!results.isEmpty()) {
                result = results[0];
            }
        } else{
            throw new SecurityException('You don\'t have access to all contact fields required to use this API');
        }
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

Kindly suggest me what exactly I need to change in the code.
Thanks inadvance.
Best Answer chosen by Shruthi GM 6
Raj VakatiRaj Vakati
Refer this link 
https://success.salesforce.com/answers?id=9063A000000lSPsQAM

You dont have to provide access to any fields. If you read the challenge, you just have to edit the query to include the new WITH SECURITY_ENFORCED attribute, and remove other field level security checks. 

You need to put the query in a try/catch statement, and catch the System.Query Exception.

Use this code
 
@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        List<Contact> results;
        try{
            results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
        }catch(QueryException e){}
        
        if (!results.isEmpty()) {
                result = results[0];
        }
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

 

All Answers

Raj VakatiRaj Vakati
Refer this link 
https://success.salesforce.com/answers?id=9063A000000lSPsQAM

You dont have to provide access to any fields. If you read the challenge, you just have to edit the query to include the new WITH SECURITY_ENFORCED attribute, and remove other field level security checks. 

You need to put the query in a try/catch statement, and catch the System.Query Exception.

Use this code
 
@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        List<Contact> results;
        try{
            results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
        }catch(QueryException e){}
        
        if (!results.isEmpty()) {
                result = results[0];
        }
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

 
This was selected as the best answer
Deepak Srivastava 10Deepak Srivastava 10
Hi Sruthi ,

Here is your answer-
Read this line in the challenge "Add the WITH SECURITY_ENFORCED clause to the SOQL query on line 13 in the code provided. This will make the manual Schema.SObjectType checks redundant." which means when you are adding SECURITY_ENFORCED  in your SOQL it automatically checks for the Object level permission and field level permission but If you see the sample code provided, then in line# 10, 11 and 12 deleloper is already checking the same thing which is redundant in this case. 

Solution for this problem is simply remove this If condition with all three checks and save the code. It would work. I hope this will help you out. If this resolves your query, please let me know. If you still don't get, will share the code then.

Cheers,
Deepak
Thomas John 2Thomas John 2
You can contact me for any help and exact questions and answers for the latest Summer 19 certifications at salesforcecertguide2018[at]gmail.com
wihi rwihi r
Prepare from website : https://www.ebsose.com
For all latest salesforce certification dumps mail us at salesforceworldwide@gmail.com
If you need help on any superbadge or salesforce certification mail us at salesforceworldwide@gmail.com
We have Following latest certification of 
1. Admin 201
2. App Builder
3. Platform developer 1
4. Platform Developer 2
5. Sales Cloud
6. Service Cloud
7. Community Cloud
8. Marketing cloud Email Specialist
9. Marketing cloud Cloud Consultant
10. CPQ
11. FSL
12. Data Management Architecture
14. Integration architecture
15. Identity Access management
16. Development Lifecycle
17. Pardot Specialist/Consultant
19. Advance Admin
20. Sharing Visibilty Designer 
21. Einstein Analytics
22. Non- Profit Cloud
 
Thomas John 2Thomas John 2
You can contact me for any help and exact questions and answers for the latest Summer 19 certifications at salesforcecertguide2018[at]gmail.com