Querying at the System Level From Custom Visualforce page.

Friday, March 4, 2011

I'll detail a problem I ran into last week. I'm sure I'll be missing some details, but I'll do my best.

We have a custom Salesforce application in-house that we use for tracking projects and the tasks involved in accomplishing those projects. When a custom Task is assigned to me, I do the work specified in the Task description and mark it as resolved. With the wonder of Chatter on this custom object, I am able to give status updates regarding the task to everyone following the task. But sometimes, the person I want to notify is not following this task when I know they should be.

The solution to this problem was to create an "Add Followers" button on the Task. When clicked, a Visualforce page would pop up that would have a listbox of users on either side of two buttons. One button would push a user from the All Users list on the left into the Followers list on the right and the other button would do the opposite.



Simple, right? And it was simple. It only took me a few hours to add the button and create the Visualforce page and its controller. This button worked great in the sandbox, so we pushed it to production and it also worked there. But soon, I started to receive IMs wondering why the button displayed a Not Authorized message for them. Oh no! My beautiful solution wasn't working!

Now why, you're wondering, were they getting this Not Authorized message? Well, I figured that it was because we were using my ChatterHelper class to directly modify a user's Chatter objects, which belong to the system level. As an administrator in the sandbox, this is no problem, but as a standard user in production, this permission is denied. This confused me, as I had been using my ChatterHelper class with no problems when called from triggers, so what was different when called from a Visualforce page.

After some investigation into the Salesforce security model, I learned that a trigger is executed with system-level permissions, but a Visualforce page is executed with the permissions of the current user. This makes sense, no issues here. But what am I supposed to do to allow my TestHelper class system-level permissions to make modifications to the Chatter objects?

Here's the answer:
https://help.salesforce.com/apex/htviewhelpdoc?id=code_package_security.htm&language=en


I went to Develop > Apex Class and found the controller for my AddChatterFollowers page. There is a handy button there called "Security". Click it and select the profiles to allow. After making this change, I tried again as a standard user and found no problems.

Until next time, friends, here's to lackluster testing!

No comments:

Post a Comment