+ Start a Discussion
kyle.tkyle.t 

Determining Record Accesibility with Apex

I am working on a visualforce tool that displays all of the open opportunities a user is involved with.  At our company, that may mean they own the opportunity or they are the Sales Manager or Account Manager on the opportunity.  In the controller I am querying the opportunities for anything that is open that the current user is the owner of OR they are listed as the account manager or the sales manager.

 

We have sharing rules set up to share opportunities owned by someone in a district with everyone else in the district.

 

The visualforce tool is displaying all of the opportunities in a pageblocktable using inputFields to allow for quick updates to multiple opportunities at once.

 

The issue is that the query to get the opportunities may bring back opportunities that the user cannot actually edit, but because the visualforce page uses inputfields the user could try to edit the record, click save and get an error.  This happens when the opportunitiy is created by somebody outside of the users district and the owner is not changed to within the district.  (This is not something I designed and I know that this could be reimplemented in a differnent way, but that is not a battle I can fight right now).

 

I tried to alleviate this problem by querying the OpportunityShare table to determine the proper access, however, since some of the access is granted by the role hierarchy, I am unsure how to determine if a user has edit access on the opportunity.  If the users ID shows up in the UserOrGroupId Column this is easy, but if they are part of a group whose ID is in the UserOrGroupId column then I am not sure how to proceed.

 

My question boils down to: How can I determine if a user has access to a record so that I can exclude those that can't be edited from being displayed?

Best Answer chosen by Admin (Salesforce Developers) 
kyle.tkyle.t

So, after much research I am going to have to call it quits on this one... I was unable to find a way to determine, in advance, if a user has update access to a record.  What I decided to do was "Fail Gracefully" by implementing the Database.update(<list>,false) method which allows you to update records even with other in the list fail.

 

See this post for information: http://community.salesforce.com/t5/Apex-Code-Development/Database-SaveResult-results-Database-Update-opps-false/m-p/194472

 

I then just loop through the save result and post page messages for any records which the system was not able to save.

All Answers

jhenningjhenning

kyle:

 

Have you tried using the "WITH SHARING" optional keywords on the controller class declaration?

kyle.tkyle.t

Hi John, thank you for taking the time to respond.  the class does leverage the "with sharing" however the problem is that while they may have read access, they do not necessarily have write access.  This issue is that I am querying data they can see and displaying it with inputFields which allows them to change the value.  It isn't until they click the Save button that salesforce evaluates the edit access and throws an error.

 

Due to that, I need to figure out a way to limit the records to only those that the current user can Edit.

kyle.tkyle.t

So, after much research I am going to have to call it quits on this one... I was unable to find a way to determine, in advance, if a user has update access to a record.  What I decided to do was "Fail Gracefully" by implementing the Database.update(<list>,false) method which allows you to update records even with other in the list fail.

 

See this post for information: http://community.salesforce.com/t5/Apex-Code-Development/Database-SaveResult-results-Database-Update-opps-false/m-p/194472

 

I then just loop through the save result and post page messages for any records which the system was not able to save.

This was selected as the best answer