giannas / force-dot-com-esapi Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/force-dot-com-esapi
Automatically exported from code.google.com/p/force-dot-com-esapi
I have wizards that create multiple objects that have master/detail
(parent/child) relationships in one
go. So the child needs hooking up to the parent meaning the parent id must be
available. After an insert
an SObject's Id field is populated and so this sequence works:
Parent__c p = new Parent__c();
insert p;
Child__c c = new Child__c();
c.Parent__c = p.Id;
insert c;
But AccessControllerInterface.insertAsUser does not expose the resulting id of
the inserted object...
Given that the id value cannot be assigned, returning the created SObject would
allow the access control
to be introduced with the least code changes like this:
Parent__c p = new Parent__c();
p = (Parent__c) ESAPI.accessController().insertAsUser(p, ...);
Child__c c = new Child__c();
c.Parent__c = p.Id;
c = (Child__c) ESAPI.accessController().insertAsUser(c, ...);
But related list-based calls already return Database.SaveResult[]. I am unclear
why this approach is used
rather than throwing an exception. If an exception-based approach can be
accomplished then the natural
equivalent for the list-based case is obviously:
Parent__c[] ps = ...;
ps = (Parent__c[]) ESAPI.accessController().insertAsUser(ps, ...);
Original issue reported on code.google.com by [email protected]
on 27 May 2010 at 11:42
Currently getViewableFields, getCreateableFields, and getUpdateableFields
accept sObject as a parameter. If a developer want to check the permissions in
advance before they even have a specific sObject available this is not
intuitive. We should allow calling these functions with sObjectType instead.
Original issue reported on code.google.com by [email protected]
on 8 Nov 2011 at 2:09
[deleted issue]
Feature request:
Add new functions to allow the developer to check if the current user has the
permission needed for his application before actually calling
insertAsUser/UpdateAsUser/deleteAsUser.
Original issue reported on code.google.com by [email protected]
on 8 Nov 2011 at 2:06
Enhancement:
It would be useful if the ESAPI would provide methods for checking the record
level access (sharing rules). So these are methods that check whether the
current user has access to a given record (e.g. passed by the ID or passed as
an sObject).
Original issue reported on code.google.com by [email protected]
on 11 Feb 2013 at 4:27
escape single quote in JSINHTMLENCODE
Original issue reported on code.google.com by [email protected]
on 20 Sep 2014 at 3:33
Attachments:
Due to the use of the "fields" member variable in insertAsUser and
updateAsUser we limit the usage of these functions to 10 calls in a single
execution call.
Adding the insertAsUser and updateAsUser array functions, probably solved
this problem partially, because for array operations the library will only
call fields once. This means that only if you call these functions over
ten times it will hit the governor limit.
In addition we are going to introduce insertAsUser and updateAsUser
functions that will accept Schema.SObjectField[]. For these functions we
will not use the fields member variable at all. If you have an issue with
the limits you will be able to use these functions instead.
If anyone is still having issues with limit because of these functions,
please add a comment with a use case and we can reconsider the priority
for this issue.
Original issue reported on code.google.com by [email protected]
on 2 Jun 2010 at 12:05
Issue is not related to main code but test classes.
In the test classes methods (like testAccessController.testLimits) creates
contacts in a loop with exact Lastname. This is an extraordinary case for a
real life scenario.
In some orgs which has duplicate checking apps/codes (like Duplicate Check for
Salesforce 2.0 by Addressed World) this test class triggers lots of soql to run
and cause some test cases to fail.
What steps will reproduce the problem?
1. Install the Duplicate Check for Salesforce 2.0 and ESAPI managed in a org
2. run All tests
What is the expected output? What do you see instead?
In these type of test classes Last name string can be changed by adding the
iteration counter to string as follows
svn/ trunk/ src/ classes/ testAccessController.cls
Line 350: c.LastName = 'ESAPI Test Spu8UY&thuCrUzAPa2ASTaC7rA$Ra3 c limits'+i
What version of the product are you using? On what operating system?
LAtest Salesforce version
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 14 May 2015 at 6:33
Enhancement:
It would be useful if the ESAPI would provide a method for converting a string
that might contain HTML tags into a text-only string. That could be used to
sanitize a string in order to prevent XSS.
Original issue reported on code.google.com by [email protected]
on 11 Feb 2013 at 4:32
When working in a development org that has a namespace prefix defined (cvc in
this case) that prefix needs to be included
in the field name in calls like this:
ESAPI.accessController().insertAsUser(claim, new String[] {'cvc__Status__c'});
All other Apex code (e.g. SOQL) remains unpolluted with the prefix as that is
really a separate attribute and may change.
And more importantly, the code will not run in any other development org such
as the org that sf:deploy is used to do
continuous integration deploy/tests into. (See
http://force201.wordpress.com/category/continuous-integration/ for an
example of such a setup.)
So please consider one or both of these possibilities:
A) Adding the prefix internally in the implementation so the calling code
remains clean and people do not have to
implement their own code to do this and make the ESAPI calls even more verbose
by wrapping all the field names in the
resulting utility.
B) Given that you are already consuming the 10 describe calls limit to get
other information you need, provide methods
which do not require the field names to be supplied. (Or is there no way of
avoiding hitting "SObject row was retrieved
via SOQL without querying the requested field" errors in this case with your
design?) As the API stands you are adding
yet another case to the DRY principle violations that Apex imposes and also
potentially (if other steps have been taken)
stopping managed package code from working when custom fields are added.
Original issue reported on code.google.com by [email protected]
on 27 May 2010 at 12:06
Enhancement:
It would be useful if the ESAPI would provide methods for validating the format
of an email address, a domain or a host name. These are standard validation
situations that would come in handy for every developer.
Original issue reported on code.google.com by [email protected]
on 11 Feb 2013 at 4:29
I want to know if it is possible to insert object with relationship, because i
don't think it is doing it.
For my case, as we do not have full access to the inserted list of object, and
that i need the inserted list to be able to insert its child or dependent list.
So i opted to do it via relationship like this :
t.Notes__c = j.Notes__c
t.Description__c = j.Description__c
Customer_Information__c ci = new Customer_Information__c(TECH_External_ID__c =
j.id + uniqueKey);
t.Customer_Information__r = ci;
but then, i can't specify the relationship in the field list, because its not a
field, and if i do not specify it, then the relationship is not created. Hoe to
catter for this?
Original issue reported on code.google.com by [email protected]
on 11 Mar 2014 at 9:58
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.