Skip to main content
Topics#TrailheadShruthi GM の質問
Shruthi GM が「#Trailhead」で質問
2019年5月22日 6:09

I am facing this error in Platform developer 1 Spring 19 maintenance exam

"Your Apex code contains field level access checks that are redundant now that you've added 'WITH SECURITY_ENFORCED'. Please check your code again."

Code is:-

@RestResource(urlMapping='/secureApexRest')

global with sharing class SecureApexRest {

    @HttpGet

    global static Contact doGet(){

        Id recordId = RestContext.request.params.get('id');

        Contact result;

        if (recordId == null){

            throw new FunctionalException('Id parameter is required');

        }

        if (Schema.SObjectType.Contact.isAccessible()

            && Schema.SObjectType.Contact.fields.Name.isAccessible()

            && Schema.SObjectType.Contact.fields.Secret_Key__c.isAccessible()){

            List<Contact> results = [SELECT id FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];

            if (!results.isEmpty()) {

                result = results[0];

            }

        } else{

            throw new SecurityException('You don\'t have access to all contact fields required to use this API');

        }

        return result;

    }

    public class FunctionalException extends Exception{}

    public class SecurityException extends Exception{}

}

Kindly suggest me what exactly I need to change in the code.

Thanks inadvance.
12 件の回答
  1. Rajamohan Vakati (Amazon)
    2019年5月22日 6:26
    Refer this link 

    https://success.salesforce.com/answers?id=9063A000000lSPsQAM

    You dont have to provide access to any fields. If you read the challenge, you just have to edit the query to include the new WITH SECURITY_ENFORCED attribute, and remove other field level security checks. 

    You need to put the query in a try/catch statement, and catch the System.Query Exception.

    Use this code

     

    @RestResource(urlMapping='/secureApexRest')
    global with sharing class SecureApexRest {
        @HttpGet
        global static Contact doGet(){
            Id recordId = RestContext.request.params.get('id');
            Contact result;
            if (recordId == null){
                throw new FunctionalException('Id parameter is required');
            }
            List<Contact> results;
            try{
                results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
            }catch(QueryException e){}
            if (!results.isEmpty()) {
                    result = results[0];
            }
            return result;
        }
        public class FunctionalException extends Exception{}
        public class SecurityException extends Exception{}
    }

     
回答を記入...
0/9000