Power to allow/disallow the Object/Field Level Security checks

[vt89]

[HenryRLee]

Hi @vt89. By default Query.apex will only show a warning when seeing a missing permission on fields or objects, so that it will not break your code from running.

In addition, there are methods to turn the warning into an exception.

public Query enforceSecurity(Boolean);
public Query enforceSecurity();  // alias to enforceSecurity(true)

Calling the method enforceSecurity() on an instance will turn the exceptions on. For example:

new Query('Account').enforceSecurity().selectFields('Name').run();

If user has no read permission on the field 'Name', it would throws an exception.

Also, one can turn the exception back to warning by calling enforceSecurity(false).

Meantime, there is a global switch:

public static void enforceGlobalSecurity(Boolean enforce);
public static void enforceGlobalSecurity();

Once it's set, all Query instances will follow the global switch, unless the instance has defined its own instance switch.

Hope these will help.

[kratoon]

@HenryRLee

Regarding the enforceGlobalSecurity for every class, I would have to call it at the beggining of every AuraEnabled method, every trigger, batch, web service..., right? Or I could have static block with calling this function in every single class.

Will there be any option to enable/disable the security by default for the whole org? E.g. the query would load the default value from custom settings?

Thanks!

[HenryRLee]

Hi @kratoon3, calling enforceGlobalSecurity in a static block would suffice. The static block doesn't have to be in every class, as long as the class is loaded (the class is the entry point, or it's depended by any other classes), the static block would be executed.

Having a custom setting is something that I've had in mind. It's just introducing custom settings would increase complexity for user installation. Let me know if enforceGlobalSecurity doesn't work convenient to you, and I will consider using custom settings by then.