Apex Code Development You need to sign in to do that
Don't have an account?
ICBPI VF Pages - Opportunity don't respect sharing rules
Hi to everybody,
we use a Professional Edition of SalesForce.com and we have to develop new VF pages for Opportunty to our sales department.
After we "deploy" this pages it seems the sharing rules are no more respected,indeed every standard user could access and modify every opportunity.
I post the "detail page"
Thank you for support
Regards
Marco
<apex:page standardController="Opportunity" tabStyle="Opportunity" id="viewOpp" showHeader="true">
<script>
function confirmCancel() {
var isCancel = confirm("Sei sicuro di voler annullare?");
if (isCancel) return true;
return false;
}
</script>
<apex:sectionHeader title="Dettaglio Opportunità" help="Guida per questa pagina" />
<apex:form id="oppForm">
<apex:pageBlock title="Dettaglio Opportunità" mode="detail" id="oppFirstPage" >
<apex:pageBlockButtons >
<apex:commandButton action="{!edit}" value="Modifica" rendered="{!$ObjectType.opportunity.updateable}"/>
<apex:commandButton action="{!cancel}" value="Cancella" onclick="return confirmCancel()" immediate="true"/>
</apex:pageBlockButtons>
<apex:pageBlockSection title="Informazioni Opportunità" id="oppInfo">
<!-- Within a pageBlockSection, outputFields always display with their
corresponding output label. -->
<apex:outputField id="opportunityOwner" value="{!opportunity.ownerId}"/>
<apex:outputField id="opportunityCloseDate" value="{!opportunity.closeDate}"/>
<apex:outputField id="opportunityName" value="{!opportunity.name}"/>
<apex:outputField id="opportunityStageName" value="{!opportunity.stageName}" />
<apex:outputField id="opportunityAccount" value="{!opportunity.accountId}" />
<apex:outputField id="opportunityStageProbability" value="{!opportunity.probability}"/>
<apex:outputField id="opportunityType" value="{!opportunity.type}"/>
<apex:outputField id="opportunityAmount" value="{!opportunity.amount}"/>
<apex:outputField id="opportunityProduct" value="{!opportunity.Prodotto__c}" />
</apex:pageBlockSection>
<apex:pageBlockSection title="Informazioni Descrizione">
<apex:outputField id="opportunityDescription" value="{!opportunity.description}"/>
<apex:outputField id="opportunityCreator" value="{!opportunity.CreatedById}"/>
<apex:outputField id="opportunityLastModifier" value="{!opportunity.LastModifiedById}"/>
</apex:pageBlockSection>
<apex:pageBlockSection title="Informazioni Aggiuntive">
<apex:outputField id="opportunityNextStep" value="{!opportunity.nextStep}"/>
<apex:outputField id="opportunityLeadSource" value="{!opportunity.leadSource}"/>
</apex:pageBlockSection>
<apex:pageBlockSection id="FASTInvoiceSummary" title="Sommario FAST.Invoice" columns="2" rendered="{!opportunity.Prodotto__c = 'FAST.Invoice'}">
<apex:outputField id="opportunityAmmontarePotenziale" value="{!opportunity.Ammontare_a_Regime__c}"/>
<apex:outputField id="opportunityAmmontarePrevisto" value="{!opportunity.Ammontare_1_Anno__c}"/>
<apex:outputField id="opportunityFattureAttiveAmmPotenziale" value="{!opportunity.Ammontare_Fatture_Attive_a_Regime__c}"/>
<apex:outputField id="opportunityFattureAttiveAmmPrevisto" value="{!opportunity.Ammontare_Fatture_Attive_1_Anno__c}"/>
<apex:outputField id="opportunityFatturePassiveAmmPotenziale" value="{!opportunity.Ammontare_Fatture_Passive_a_Regime__c}"/>
<apex:outputField id="opportunityFatturePassiveAmmPrevisto" value="{!opportunity.Ammontare_Fatture_Passive_1_Anno__c}"/>
<apex:outputField id="opportunityFatturePostalizzateAmmPotenziale" value="{!opportunity.Ammontare_Posta_ne_a_Regime__c}"/>
<apex:outputField id="opportunityFatturePostalizzateAmmPrevisto" value="{!opportunity.Ammontare_Posta_ne_1_Anno__c}"/>
<apex:outputField id="opportunityFattureConservateAmmPotenziale" value="{!opportunity.Ammontare_Conservazione_a_Regime__c}"/>
<apex:outputField id="opportunityFattureConservateAmmPrevisto" value="{!opportunity.Ammontare_Conservazione_1_Anno__c}"/>
<apex:outputField id="opportunityDocumentiPregressoAmmPotenziale" value="{!opportunity.Ammontare_Potenziale_Pregresso__c}"/>
<apex:outputField id="opportunityDocumentiPregressoAmmPrevisto" value="{!opportunity.Ammontare_Pregresso__c}"/>
</apex:pageBlockSection>
<apex:pageBlockSection id="FASTInvoice" title="Informazioni FAST.Invoice" columns="2" rendered="{!opportunity.Prodotto__c = 'FAST.Invoice'}">
<apex:outputField id="opportunityUnaTantum" value="{!opportunity.Una_Tantum_Integrazione__c}"/>
<apex:outputField id="opportunityCanoneAnno" value="{!opportunity.Canone_Annuo__c}"/>
<apex:outputField id="opportunityFattureAttiveAnno" value="{!opportunity.Fatture_Attive_Anno__c}"/>
<apex:outputField id="opportunityFattureAttivePrevisteAnno" value="{!opportunity.Fatture_Attive_Previste_Anno__c}"/>
<apex:outputField id="opportunityFeeFatturaAttiva" value="{!opportunity.Fee_fattura_attiva__c}"/>
<apex:outputField id="opportunityFatturePassiveAnno" value="{!opportunity.Fatture_Passive_Anno__c}"/>
<apex:outputField id="opportunityFatturePassivePrevisteAnno" value="{!opportunity.Fatture_Passive_Previste_Anno__c}"/>
<apex:outputField id="opportunityFeeFatturaPassiva" value="{!opportunity.Fee_Fattura_Passiva__c}"/>
<apex:outputField id="opportunityFatturePostalizzateAnno" value="{!opportunity.Fatture_Postalizzate_Anno__c}"/>
<apex:outputField id="opportunityFatturePostalizzatePrevisteAnno" value="{!opportunity.Fatture_Postalizzate_Previste_Anno__c}"/>
<apex:outputField id="opportunityFeeFatturaPostalizzata" value="{!opportunity.Fee_Fattura_Postalizzata__c}"/>
<apex:outputField id="opportunityDocumentiPregressoAnno" value="{!opportunity.Numero_Documenti_Pregresso__c}"/>
<apex:outputField id="opportunityDocumentiPregressoPrevisteAnno" value="{!opportunity.Numero_Documenti_Pregresso_Previsti__c}"/>
<apex:outputField id="opportunityFeeDocumentiPregresso" value="{!opportunity.Fee_Documenti_Pregressi__c}"/>
<apex:outputField id="opportunityDocumentiConservazioneAnno" value="{!opportunity.Documenti_per_Conservazione_Anno__c}"/>
<apex:outputField id="opportunityDocumentiConservazionePrevisteAnno" value="{!opportunity.Documenti_Conservazione_Previsti_Anno__c}"/>
<apex:outputField id="opportunityFeeDocumentoConservazione" value="{!opportunity.Fee_Documenti_Conservati__c}"/>
</apex:pageBlockSection>
</apex:pageBlock>
</apex:form>
<apex:relatedList subject="{!opportunity}" id="actList" list="OpenActivities"/>
<apex:relatedList subject="{!opportunity}" id="actHistList" list="ActivityHistories" />
<apex:relatedList subject="{!opportunity}" id="contList" list="OpportunityContactRoles" />
<apex:relatedList subject="{!opportunity}" id="partList" list="OpportunityPartnersFrom" />
<apex:relatedList subject="{!opportunity}" id="compList" list="OpportunityCompetitors" />
<apex:relatedList subject="{!opportunity}" id="histList" list="OpportunityHistories" />
<apex:relatedList subject="{!opportunity}" id="notList" list="NotesAndAttachments" />
</apex:page>
Apex (in your controller) doesn't respect sharing rules (it runs in system mode) unless you tell it to do so. So changing your controller like this
public with sharing class customController { . . . }
Now it should work like you expected.
Cheers,
Andreas