Apex Code Development You need to sign in to do that
Don't have an account?
Gab Silvermotion I cannot get a visualforce page to respect sharing rules - help!
Hello! i have a visual force page that list cases, that we use for massive ''submit for approval" requests.
I have sharing rules in place that allows only certain cases to be displayed to certain users, based on asset names
My case are set to private, since we have portal users.
I have replaced all the ''public class" with "public with sharing class" in the apex code of the corresponding apex classes.
however, when i access the visualforce page from a user that should only see certain cases, he sees them all.
here is a screenshot of my sharing rules, and the code for the 2 apex classes in question. Highlighted in yellow is the sharing rule where my user should only see cases from assets that contain "M9 Phase 4"
maybe someone can point out where i am doing something wrong? Many thanks!
I have sharing rules in place that allows only certain cases to be displayed to certain users, based on asset names
My case are set to private, since we have portal users.
I have replaced all the ''public class" with "public with sharing class" in the apex code of the corresponding apex classes.
however, when i access the visualforce page from a user that should only see certain cases, he sees them all.
here is a screenshot of my sharing rules, and the code for the 2 apex classes in question. Highlighted in yellow is the sharing rule where my user should only see cases from assets that contain "M9 Phase 4"
maybe someone can point out where i am doing something wrong? Many thanks!
public with sharing class FastSubmitAssetsClass {
public PageReference SubmitSelected()
{
string assetId = Apexpages.currentPage().getParameters().get('assetId');
String allIds = '';
for(assetContainer ac : assetContainers)
{
for(CaseContainer c : ac.cases)
{
if(c.isSelected)
{
allIds = allIds + c.kase.Id;
}
}
}
if(allIds == '')
{
return null;
//insert error message here}
}
else
{
return new PageReference('/apex/FastSubmitActionMultiplePage?allids=' + allIds);
}
}
public PageReference SubmitForApproval()
{
string assetId = Apexpages.currentPage().getParameters().get('assetId');
if(assetId != null && assetId != ''){
return new PageReference('/apex/FastSubmitActionPage?id=' + SelectedId + '&redirect=' + assetId + '&action=Submit');
}else{
return new PageReference('/apex/FastSubmitActionPage?id=' + SelectedId + '&action=Submit');
}
return null;
}
public string SelectedId {get;set;}
public with sharing class AssetContainer implements Comparable {
public Asset asset {get;set;}
public string name;
public List<CaseContainer> cases {get;set;}
public Boolean hasCases {
get {
return cases != null && !cases.isEmpty();
}
}
public AssetContainer(Asset a) {
asset = a;
name = a.Name;
cases = new List<CaseContainer>();
}
public Integer compareTo(Object compareTo){
AssetContainer assetToCom = (AssetContainer)compareTo;
if(name == assetToCom.asset.Name) return 0;
if(name > assetToCom.asset.Name) return 1;
return -1;
}
}
public with sharing class CaseContainer {
public Case kase {get;set;}
public boolean isSelected{get;set;}
public Boolean hasCase{
get {
return kase != null;
}
}
public CaseContainer(Case c) {
kase = c;
system.debug('====+++=='+kase);
isSelected=false;
}
}
public List<AssetContainer> assetContainers {get;set;}
public List<Asset> assetContainersOrd {get;set;}
public FastSubmitAssetsClass() {
// Pierre Dufour - 2012-12-14 - Gabriel and France need to see what need to be Submited by construction user.
//List<ProcessInstanceWorkitem> workItems = [SELECT ActorId,CreatedById,CreatedDate,Id,OriginalActorId,ProcessInstanceId FROM ProcessInstanceWorkitem where ActorId =: UserInfo.getUserId()] ;
List<ProcessInstanceWorkitem> workItems = [SELECT ActorId,CreatedById,CreatedDate,Id,OriginalActorId,ProcessInstanceId FROM ProcessInstanceWorkitem where ActorId =: Constants.constructionUserId] ;
List<Id> processInstanceId = new List<Id>();
for(ProcessInstanceWorkitem wi : workItems)
{
processInstanceId.add(wi.ProcessInstanceId);
}
Map<Id,ProcessInstance> processInstances = new Map<Id,ProcessInstance>([SELECT CreatedById,CreatedDate,Id,IsDeleted,LastModifiedById,LastModifiedDate,Status,SystemModstamp,TargetObjectId FROM ProcessInstance where Id in :processInstanceId ]);
List<Id> casesId=new List<id>();
for(ProcessInstance process:processInstances.values()){
casesId.add(process.TargetObjectId);
}
Map<Id,Case> cases =new Map<Id,Case>([Select Id,CaseNumber,Status, Subject,Asset.Name,Asset.CreatedDate,AssetId from Case where Id NOT in : casesId AND Status IN('New','Open','Reopened')]);
Map<Id,String> assets = new Map<Id,String>();
Map<Id,List<Case>> casesByAsset = new Map<Id,List<Case>>();
for(Case c : cases.values())
{
if(!casesByAsset.containsKey(c.AssetId))
{
casesByAsset.put(c.AssetId, new List<Case>());
}
casesByAsset.get(c.AssetId).add(c);
//assets.put(c.AssetId, c.Asset.Name);
assets.put(c.AssetId, c.Asset.Name);
//createdDate = c.Asset.CreatedDate;
}
assetContainers = new List<AssetContainer>();
Boolean passe = false;
for(string assId : assets.keySet())
{
Asset a = new Asset(Id = assId,Name=assets.get(assId));
AssetContainer ac = new AssetContainer(a);
//kevin C035536 11-04-2014
string assetId = Apexpages.currentPage().getParameters().get('assetId');
if(assetId != null && assetId != ''){
if(assetId == a.Id){
for(Case c : casesByAsset.get(a.Id))
{
ac.cases.add(new CaseContainer(c));
}
assetContainers.add(ac);
}
}else{
for(Case c : casesByAsset.get(a.Id))
{
ac.cases.add(new CaseContainer(c));
}
assetContainers.add(ac);
}
assetContainers.sort();
}
}
}
public with sharing class FastSubmitActionClass {
public string AssetName {get;set;}
public string CaseId {get;set;}
public list<String> caseIdList {get; set;}
public list<Case> caseList {get; set;}
public string CaseNumber {get;set;}
public string CaseSubject{get;set;}
public string SelectedAction {get;set;}
public string ProcessId {get;set;}
public boolean Reject {get;set;}
public string Reason {get;set;}
public boolean Reopen {get;set;}
public string StringForPage {get; set;}
public FastSubmitActionClass()
{
if(ApexPages.currentPage().getparameters().get('allids') != '' &&
ApexPages.currentPage().getparameters().get('allids') != null) // multiple cases to Submit
{
StringForPage = '';
String IDListString = ApexPages.currentPage().getparameters().get('allids');
list<String> caseIDs = new list<ID>();
while(IDListString.length() > 1)
{
caseIds.add(IDListString.substring(0,18));
IDListString = IDListString.substring(18);
}
caseIdList = caseIDs;
//Query should never be empty since method doesn't run if no cases are selected from the FastSubmitAssets page
list<Case> tempCaseList = [SELECT ID, CaseNumber, Subject, Status, Asset.Name FROM Case WHERE ID in : caseIds];
caseList = tempCaseList;
}
else
{
CaseId = ApexPages.currentPage().getparameters().get('id');
Case c = [ Select Id, CaseNumber, Subject, Asset.Name from Case where Id =:CaseId];
CaseNumber = c.CaseNumber;
AssetName = c.Asset.Name;
CaseSubject = c.Subject;
SelectedAction = ApexPages.currentPage().getparameters().get('action');
Reject = SelectedAction == 'Reject';
Reopen = true;
}
}
public PageReference YesMulti()
{
list<Case> listCases=[SELECT id, Subject, Status
FROM Case
WHERE id IN:CaseIdList];
List<Approval.ProcessSubmitRequest> listRequests =
new List<Approval.ProcessSubmitRequest>();
Approval.ProcessSubmitRequest req;
for(Case cse:listCases){
req = new Approval.ProcessSubmitRequest();
req.setComments('Submitting request for approval.');
req.setObjectId(cse.id);
listRequests.add(req);
}
try{
// Submit the approval request for the account
List<Approval.ProcessResult> results = Approval.process(listRequests);
// Verify the result
for(Approval.ProcessResult aPResult:results){
System.assert(aPResult.isSuccess());
System.assertEquals('Pending', aPResult.getInstanceStatus(), 'Instance Status'+aPResult.getInstanceStatus());
}
return new PageReference('/apex/FastSubmitAssetsPage');
}catch(Exception e){
ApexPages.Message errMsg = new ApexPages.Message(ApexPages.SEVERITY.ERROR, e.getMessage());
ApexPages.addMessages(e);
return Null;
}
return null;
}
public PageReference NoMulti()
{
return new PageReference('/apex/FastSubmitAssetsPage');
}
public PageReference Yes()
{
Case cse=[SELECT id, Subject, Status
FROM Case
WHERE id =:CaseId];
Approval.ProcessSubmitRequest req;
if(SelectedAction=='Submit'){
req = new Approval.ProcessSubmitRequest();
req.setComments('Submitting request for approval.');
req.setObjectId(cse.id);
}
try{
// Submit the approval request for the account
Approval.ProcessResult result = Approval.process(req);
string redirect = Apexpages.currentPage().getParameters().get('redirect');
//C030817 kevin ky 11-04-2014
if(redirect != null && redirect != ''){
return new PageReference('/apex/FastSubmitAssetsPage?assetId='+redirect);
}
return new PageReference('/apex/FastSubmitAssetsPage');
}catch(Exception e){
ApexPages.Message errMsg = new ApexPages.Message(ApexPages.SEVERITY.ERROR, e.getMessage());
ApexPages.addMessages(e);
return Null;
}
return null;
}
public PageReference No()
{
//C030817 kevin ky 11-04-2014
string redirect = Apexpages.currentPage().getParameters().get('redirect');
if(redirect != null && redirect != ''){
return new PageReference('/apex/FastSubmitAssetsPage?assetId='+redirect);
}
return new PageReference('/apex/FastSubmitAssetsPage');
}
}
You have set Sharing access for Case object is Private. Please check some of the following thing ,
1. If you checked Grant Access Using Hierarchies in sharing setting means check the user belongs to which role.
2. In that particular user profile if have have ModifyAll Permission for that particular object means still other user records accessible by the this profile. So uncheck it.
3. Always make sure Profile takes first priority than sharing setting.
All Answers
You have set Sharing access for Case object is Private. Please check some of the following thing ,
1. If you checked Grant Access Using Hierarchies in sharing setting means check the user belongs to which role.
2. In that particular user profile if have have ModifyAll Permission for that particular object means still other user records accessible by the this profile. So uncheck it.
3. Always make sure Profile takes first priority than sharing setting.
If u are the admin for ur organization taen if u run the vf code u will get all the records irrespective of the permission. tell me ur the admin or not,
thanks.