Apex Code Development You need to sign in to do that
Don't have an account?
dev_force Override edit button, loss of salesforce security check
Here is the scenario:
- I have a custom object called Car
- The default organization security on the Car object is 'Private'
> When a user tries to edit a Car record that has been manually shared with him/her as read-only, salesforce displays the "insufficient access" page
- After I override the 'Edit' button on the Car object with a visualforce page
> When a user tries to edit a Car record that has been manually shared with him/her as read-only, salesforce displays the Edit screen
QUESTION: Shouldn't salesforce always display the "insufficent access" screen?
Apex runs (by default) without respect to sharing rules.
You may need to add "with sharing" to the appropriate classes.
I don't know if it is possible, but you could also put an action="{!...}" in the page tag to do something that would make the entire page refresh to an error message for those users, and to the edit page for others.
Sorry for being so vague - I'm not sure exactly how to help, but these are two things people have done to help with security problems.
Also, don't forget to put a try/catch in the Apex code whenever updating the record.
Thanks for the reply.
The use of an action method is a good idea, but I don't believe salesforce provides a utility call that checks the user's permission a given record.