Trailhead

Security.stripInaccessible

Akhil Kulkarni

When working on DML operation in salesforce from Apex class developer might miss the security permissions that are assigned to different users through profiles, permission sets, sharing rules etc. This can lead to an exception. In this blog we will just see the solution for trailhead module for PD-1 certification. I will cover more details about stripInaccessible feature in a separate blog.

Get Hands-on With Field- and Object-Level Security and Safe Navigation Operator

@RestResource(urlMapping='/apexSecurityRest')
global with sharing class ApexSecurityRest {
    @HttpGet
    global static Contact doGet() {
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null) {
            throw new FunctionalException('Id parameter is required');
        }
        //Refactored
        
        List<Contact> results = [SELECT id, Name, Title, Account.Name FROM Contact WHERE Id = :recordId];
        SObjectAccessDecision securityDecision = Security.stripInaccessible(AccessType.READABLE, results);
        if(!results.isEmpty()){
            result = (Contact)securityDecision?.getRecords()[0];
        	result.Description = result?.Account?.Name;
        }else{
            throw new SecurityException('You don\'t have access to all contact fields required to use this API');
        }
        
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

2 thoughts on “Security.stripInaccessible

  1. The solution looks wrong. PFB probably the better one that the above mentioned.

    @RestResource(urlMapping=’/apexSecurityRest’)
    global with sharing class ApexSecurityRest {
    @HttpGet
    global static Contact doGet() {
    Id recordId = RestContext.request.params.get(‘id’);
    Contact result;
    if (recordId == null) {
    throw new FunctionalException(‘Id parameter is required’);
    }

    SObjectAccessDecision securityDecision = Security.stripInaccessible(AccessType.READABLE,[SELECT id, Name, Title, Top_Secret__c, Account.Name FROM Contact WHERE Id = :recordId]);
    List results = securityDecision.getRecords();
    if (!results.isEmpty()) {
    result = results[0];
    if (Schema.sObjectType.Contact.fields.Description.isUpdateable()){
    result.Description = result.Account?.Name;
    }
    }
    return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
    }

    Liked by 1 person

    Reply

    1. The above solution which I have posted is a tested one. I tried the solution. Once it worked i have created the post.

      User can also check your solution as well.
      Happy Coding. 🙂

      Thank you,

      Like

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s