+ Start a Discussion
chris.noechris.noe 

Apex Class "with sharing" Question

Greetings,

If I understand the "with sharing" correctly, it takes the org wide sharing model into account when retrieving data in a SOQL query.  I have a situation with a customer portal user that is not aligning with what I would expect.  Here is the scenario.

 

+ Private org-wide sharing model for Cases.

 

+ Customer portal profile is NOT set up as a super user profile, meaning the user who is logged in only sees their cases and no one elses from their organization.

 

+ I have enabled one account and one contact with access to my customer portal in a developer org.

 

+ I have logged 3 cases in an open status under this account.  Each case has a different contact from the account associated with it.  One of those cases is associated to my customer portal contact user.

 

+ When I log into the portal as the contact associated with one of the open cases and go to the Cases tab, I see just one Case under the "All Open Cases" list view that I created.  Same behavior when I run an "all open cases report" as the portal user.  This is what I expect to see based on the org wide defaults and customer portal profile that I have created.

 

+I have created a Visualforce homepage component with a section for "All Open Cases".  This should display all the open cases that the logged in user has access to.  Here is my controller code that is used to retrieve the open case records:

public with sharing class custPortalHomepageController {
    public List<Case> openCases {get; set;}

    public custPortalHomepageController() {
        openCases = [select Id, CaseNumber, Subject, Status, Contact.Name, CreatedDate from Case where IsClosed=false order by CreatedDate desc];
    }
}

 

+When I log into the portal, the homepage component shows me all 3 open cases for the portal user's account.  I would expect it to only show the 1 case where the portal user is the contact on the case.  It appears that the "with sharing" is being ignored by this SOQL query.

 

I realize that I can just add a filter to the query that only returns open cases where the ContactId is equal to the portal users ContactId but I am curious as to why all cases are being returned when "with sharing" was declared as part of the class.  Has anyone seen this issue before?

Saikishore Reddy AengareddySaikishore Reddy Aengareddy

Check if this is an issue with salesforce....

 

http://success.salesforce.com/issues_index

chris.noechris.noe

Thanks Sam, I checked there first but didn't see anything under the Apex section or when I did a search for "with sharing".  I think I am going to log a case with Salesforce to see if they have any thoughts.

Saikishore Reddy AengareddySaikishore Reddy Aengareddy

Chris,

 

Let us know once you find out the issue.. this would help us.

chris.noechris.noe

Here is the response I received from Salesforce support:

 

"I would like to inform you that "With sharing" and "Without Sharing" apply for those classes where you have set sharing rules for an sObject(here in your case its "Case" sObject) on which you have written the class. So, as you have not set sharing rules for the Case sObject, the "with sharing" keyword would not have any effect on the class.

I checked the class as well and would like to inform you that you need to modify your query such that you would be able to see only those cases related to that particular contact and This is not a Salesforce Bug."

G!R!G!R!

Hi Chris and SAM,

 

I am totally confused with this topic....could you please explain in detail......

 

ok here, after reading docs and forums...what i understand is

 

Apex runs in "system context or mode" so ,will not consider any user permissions like object level, field level permissions and sharing rules. So, apex has full access to all objects,fields and records which is good thing for triggers and webservices, as they need that full access.

 

Here

we have two key words "with sharing" and "without sharing" in apex which are only used in the context of sharing rules but not object and field level permissions.

 

1. If we want to consider current user sharing rules i.e for a particular apex class if wee think that we need this class to consider sharing rules set by current user then we use "with sharing" key word in apex progremmes

 

eg:

public with sharing class student {

// All code in this class operates with enforced sharing rules.

}

 

2. if we dont want that class to consider sharing rules set by current user then we use " without sharing" keyword

 

public without sharing class student{

// All code in this class operates without enforcing sharing rules.

}

 

and by some forums.i understand..we use" without sharing" keyword only when an apex class is written with "with sharing" keyword

 

And what is if we dont give any key word to apex class?


will it consider that apex is in system mode and enforce all sharing rules?