ABSYZ ABSYZ

  • Home

    Home

  • About us

    Who We Are

  • Our Expertise

    What we Do

  • Our Approach

    How We Do It

  • Products

    What We Made

  • Industries

    Who We Do It For

  • Clients

    Whom We Did It For.

  • Article & Blogs

    What Experts Think

  • Careers

    Join The Team

  • Get In Touch

    Let’s Get Started

ABSYZ

CRUD in Lightning

Home / Article & Blogs / Salesforce / Lightning / CRUD in Lightning
By Ashutosh Mishra inLightning, Salesforce

In one of our previous blogs displaying account list in a Modal Dialogue box using Lightning Components was discussed.In this blog I will extend Creating a Modal Dialog box using Lightning Design System – Lightning Component by implementing security to it.

Client is always under the control of attacker hence all access control enforcement must happen at server-side.When a lightning component invokes a server-side controller, it must be ensured that server-side read/write operations do not undermine the security policy as set by user’s profile and sharing permissions.

CRUD Permissions are not automatically enforced by Lightning components while referencing objects or retrieving objects from an Apex controller.This means users can access records and fields for which they do not have CRUD.

Example – Created a profile which does not has any CRUD permission on Account and assigned this profile to an User.Screen Shot 2016-03-21 at 6.05.11 pm

But still the user has access to the account records and fields.

AccountList

This is a major security lapse. Hence CRUD must be enforced manually in Apex controllers.

Here I will be discussing on how to enforce CRUD permissions by extending apex controller (AccountListController.apxc) of Creating a Modal Dialog box using Lightning Design System – Lightning Component blog (For full code please refer the link).

Example of checking accessibility by using isAccessible

[sourcecode language=”java”]

public with sharing class AccountListController {

@AuraEnabled
public static list <Account> getAccountlist() {

String[] AccountFields = new String[] {
‘Id’,
‘Name’,
‘Industry’,
‘Phone’
};

Map <String, Schema.SObjectField> m = Schema.SObjectType.Account.fields.getMap();
for (String fieldToCheck: AccountFields) {
// Check if the user has access to view field
if (!m.get(fieldToCheck).getDescribe().isAccessible()) {
// if(!Schema.SObject.Account.isAccessible()){
// Pass error to client
throw new System.NoAccessException();
// Suppress editor logs
return null;
}
}
return [Select id, Name, Industry, Phone from Account Order by CreatedDate desc limit 10];
}
@AuraEnabled
public static void getAccountupdatedlist(Account newAcc) {

insert newAcc;
}

}

[/sourcecode]

Now the User will not have access to the Account records.

Screen Shot 2016-03-21 at 7.02.26 pm

Please note that calling isAccessible() or any field-level access checks on a field automatically checks that the user has corresponding CRUD access to the object type.

Similarly isUpdateable, isCreateable and isDeletable can be used to enforce other CRUD permissions.

For more information on CRUD permissions and other Lightning Security kindly refer the this link: Lightning Security.

CRUDModal DialogSecuritySharing
109
Like this post
2 Posts
Ashutosh Mishra

Search Posts

Archives

Categories

Recent posts

Meet OmniStudio – Revolutionize Your Creative Work

Meet OmniStudio – Revolutionize Your Creative Work

BioAsia 2023 in Hyderabad: An Annual International Event

BioAsia 2023 in Hyderabad: An Annual International Event

The Role Of Marketing in Small & Medium Enterprises

The Role Of Marketing in Small & Medium Enterprises

Salesforce For Retail: How Salesforce CRM Can Help Retailers

Salesforce For Retail: How Salesforce CRM Can Help Retailers

What is ChatGPT & How Does It Work?

What is ChatGPT & How Does It Work?

  • Previous PostToo Many Verification Code requests on Salesforce login
  • Next PostEmail Services : Apex Class to unsubscribe Email

Related Posts

Meet OmniStudio – Revolutionize Your Creative Work
Salesforce

Meet OmniStudio – Revolutionize Your Creative Work

Salesforce For Retail: How Salesforce CRM Can Help Retailers
Salesforce

Salesforce For Retail: How Salesforce CRM Can Help Retailers

Introduction To Copado Devops Tool
Salesforce

Introduction To Copado Devops Tool

What is Salesforce Code Builder?
Salesforce

What is Salesforce Code Builder?

1 Comment

  1. CRUD in Lightning — ForceOlympus | SutoCom Solutions
    Reply
    31 March 2016
    Reply

Leave a Reply (Cancel reply)

Your email address will not be published. Required fields are marked *

*
*

ABSYZ Logo

INDIA | USA | UAE

  • About us
  • Article & Blogs
  • Careers
  • Get In Touch
  • Our Expertise
  • Our Approach
  • Products
  • Industries
  • Clients
  • White Papers

Copyright ©2022 Absyz Inc. All Rights Reserved.

youngsoft
Copy
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “ACCEPT ALL”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent. Privacy Policy
Cookie SettingsREJECT ALLACCEPT ALL
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisement

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

SAVE & ACCEPT