+ Start a Discussion
dev_forcedev_force 

Override edit button, loss of salesforce security check

Here is the scenario:

 

- I have a custom object called Car

- The default organization security on the Car object is 'Private'

> When a user tries to edit a Car record that has been manually shared with him/her as read-only, salesforce displays the "insufficient access" page

 

 

- After I override the 'Edit' button on the Car object with a visualforce page

> When a user tries to edit a Car record that has been manually shared with him/her as read-only, salesforce displays the Edit screen

 

 

QUESTION: Shouldn't salesforce always display the "insufficent access" screen?

Message Edited by dev_force on 03-17-2009 01:41 PM
dmsx2oddmsx2od

Apex runs (by default) without respect to sharing rules.

 

You may need to add "with sharing" to the appropriate classes.

 

I don't know if it is possible, but you could also put an action="{!...}" in the page tag to do something that would make the entire page refresh to an error message for those users, and to the edit page for others.

 

Sorry for being so vague - I'm not sure exactly how to help, but these are two things people have done to help with security problems.

 

Also, don't forget to put a try/catch in the Apex code whenever updating the record.

dev_forcedev_force

Thanks for the reply.

 

The use of an action method is a good idea, but I don't believe salesforce provides a utility call that checks the user's permission a given record.