+ Start a Discussion
MVJMVJ 

Restrict Edit on custom object

I have a custom object "Quote" that is related to an opportunity.  Original we had setup the visibility to the Quote object as Private.  This was problematic as we had support team members that needed to view the quote.

 

We have changed that to Public and now all the users can see the Quote.  That has solved the initial problem but raise a new one.  All team members can now edit the quote.  We want to restrict the editing of the Quote to the Owner and the users that are team members of the related opportunity.

 

I could not find a validation rule to do this.  I know I can do this with a apex trigger.

 

The way I would like to implement this is to not even let the user get to the edit detail page.  I would like the user to get an error when they click on the edit button.  With the trigger I would have to wait till the user completes the edit and hits save.

 

Any thoughts on overriding the button?

 

Thanks

 

 

Best Answer chosen by Admin (Salesforce Developers) 
MVJMVJ

I resolved this with a custom s-control to override the edit buton:

 

 

Here is the code:

 

 

<html> <head> <script src="/soap/ajax/13.0/connection.js"> </script> <script> function init() { var queryResult = sforce.connection.query("Select count() from cmgtQuote__c Where Id = '{!cmgtQuote__c.Id}' and opportunity__r.OwnerId = '{!$User.Id}' "); var size = queryResult.size; queryResult = sforce.connection.query("Select count() from cmgtQuote__c Where Id = '{!cmgtQuote__c.Id}' and cmgtQuote__c.OwnerId = '{!$User.Id}' "); size = size + queryResult.size; queryResult = sforce.connection.query("Select Count() from OpportunityTeamMember where OpportunityId = '{!cmgtQuote__c.opportunityId__c}' and UserId = '{!$User.Id}' "); size = size + queryResult.size; if (size > 0) { //go to the Edit Quote Page window.parent.location.href = "{!URLFOR($Action.cmgtQuote__c.Edit, cmgtQuote__c.Id, [retURL=URLFOR($Action.cmgtQuote__c.View, cmgtQuote__c.Id)], true)}" } else { alert("You are not the owner of the related opportunity to this quote. As a result you can not edit this quote."); //go to the standard contact detail page this.parent.location.href = "{!URLFOR($Action.cmgtQuote__c.View, cmgtQuote__c.Id)}"; } } </script> </head> <body onload="init()"> <p>&nbsp;</p> </body> </html>

 


 

All Answers

MVJMVJ

I resolved this with a custom s-control to override the edit buton:

 

 

Here is the code:

 

 

<html> <head> <script src="/soap/ajax/13.0/connection.js"> </script> <script> function init() { var queryResult = sforce.connection.query("Select count() from cmgtQuote__c Where Id = '{!cmgtQuote__c.Id}' and opportunity__r.OwnerId = '{!$User.Id}' "); var size = queryResult.size; queryResult = sforce.connection.query("Select count() from cmgtQuote__c Where Id = '{!cmgtQuote__c.Id}' and cmgtQuote__c.OwnerId = '{!$User.Id}' "); size = size + queryResult.size; queryResult = sforce.connection.query("Select Count() from OpportunityTeamMember where OpportunityId = '{!cmgtQuote__c.opportunityId__c}' and UserId = '{!$User.Id}' "); size = size + queryResult.size; if (size > 0) { //go to the Edit Quote Page window.parent.location.href = "{!URLFOR($Action.cmgtQuote__c.Edit, cmgtQuote__c.Id, [retURL=URLFOR($Action.cmgtQuote__c.View, cmgtQuote__c.Id)], true)}" } else { alert("You are not the owner of the related opportunity to this quote. As a result you can not edit this quote."); //go to the standard contact detail page this.parent.location.href = "{!URLFOR($Action.cmgtQuote__c.View, cmgtQuote__c.Id)}"; } } </script> </head> <body onload="init()"> <p>&nbsp;</p> </body> </html>

 


 

This was selected as the best answer
werewolfwerewolf
You also could have done this by turning on sharing for the Quote object.
MVJMVJ

Could you eloborate a bit on how a sharing rule could have been created to restrict the edit of the quote to only team members of the related opportunity?

 

I took a quick look and the way I understood the sharing was that you would have to maintain groups and the group could not be dynamic.

 

Thanks

werewolfwerewolf
In a sharing rule you can choose which roles or groups have read or read/write access to objects.  The owner almost always gets read/write.  The groups and roles can be dynamic -- as you add people to those groups and roles, they will gain or lose access to the data depending on how you've set up the sharing rule.