+ Start a Discussion
jaw999jaw999 

Team, Role, And User Criterion defined access to Account feature

I have a private feature VF page on an Account. Our Account sharing model is Public Read with Edit rights given via Account Teams.

I want to display this VF page only to:

- Account Team Members
- 'Global Access People' defined on their User record
- People up the Role hierarchy from the Account Team

I wanted to check the user's AccountShare access thinking if it was Edit it would show all those people but Role superiors only show READ access even when they actually CAN EDIT (odd).

Is there a simpler way to accomplish my goal? So far it eludes me.

I can get the first two checks (thanks people who have helped) but am not sure how to integrate the Role check:


 
public class AccountRoleChecker {
   
      private ApexPages.StandardController sc;
        public AccountRoleChecker(ApexPages.StandardController sc) {
            this.sc = sc;
        }
   
       
    private Boolean checkUser(){
        if ([select count() from User
                where Id = :UserInfo.getUserId() and Admin_Team__c = true] > 0) {
            return true;
        }
        if ([select count() from AccountTeamMember
                where UserId = :UserInfo.getUserId() and AccountId = :sc.getId()] > 0) {
            return true;
        }
       
       
        return false;
    }
   
   
    private static Set<ID> getAllSubRoleIds(Set<ID> roleIds) {
   
        Set<ID> currentRoleIds = new Set<ID>();
   
        // get all of the roles underneath the passed roles
        for(UserRole userRole :[select Id from UserRole where ParentRoleId
             IN :roleIds AND ParentRoleID != null]) {
            currentRoleIds.add(userRole.Id);
        }
   
        // go fetch some more rolls!
        if(currentRoleIds.size() > 0) {
            currentRoleIds.addAll(getAllSubRoleIds(currentRoleIds));
        }
   
        return currentRoleIds;
    }
   
   
   
    }

nitesh gadkarinitesh gadkari
Hi,
If i have correctly interpreted your query,
First of all in your class definition you have to apply with sharing keyword to enforce sharing rules you applied.
for standard objects like you mentioned accounts you can't turn off Grant access using hierarchies option using security controls.

Regards
Nitesh
jaw999jaw999
Thanks, that is of some help. I am having issues getting the query on roles to collect.
nitesh gadkarinitesh gadkari
Hi,
I will suggest you to go to salesforce workbench and try there your query on roles and related objects.It will be of real help that you try yourself,else community is always their to help you.Also i am giving you the link to the data model section in salesforce soap api dev guide.Please go through it in its reference section>data model and understand your required data objects.i think this should satisfy your query.And if it does please mark it as best answer. 

Regards
Nitesh Gadkari