Experience Cloud Developer Guide

Get Up to Speed with Experience Builder Sites
Develop Experience Builder Sites: The Basics
Using the Developer Console
Configure Drag-and-Drop Aura Components for Experience Builder
Expose Component Attributes in Experience Builder
Tips and Considerations for Configuring Aura Components for Experience Builder
Supported Aura Components, Interfaces, and Events
Personalization Target Developer and Group Names
Comply with a User’s Personal Information Visibility Settings
Customize the Look and Feel of an Experience Builder Template
Develop Secure Sites: Authenticated and Guest Users
Develop Secure Sites: Lightning Locker and CSP
Analyze and Improve Experience Builder Site Performance
Add Pardot Tracking to Your Experience Builder Site
Use a CMS with Your Experience Builder Site
Report on Deflections: The Deflection Signals Framework
Deploy an Experience Cloud Site from Sandbox to Production
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Comply with a User’s Personal Information Visibility Settings

Orgs with portals and sites provide specific settings to hide a user’s personally identifiable and contact information from other users. These settings aren’t enforced in Apex, even with Apex security features such as the WITH SECURITY_ENFORCED clause or the stripInaccessible method. To hide specific fields from a guest or external user, follow the sample code outlined below.

To hide a user’s personal information in the User object:

1public User[] fetchUserDetail(Set userIds) { 
2    // Query all the fields of user which we are expected in user record to show that on UI or to 
3    // perform some business logic. 
4    User[] userRecords = [SELECT id, username, communitynickname, firstname, lastname, title 
5    FROM User WHERE id IN :userIds]; 
6 
7    for (User userRecord : userRecords) { 
8        // User is not fetching his own record and is not standard user. 
9        if(userRecord.id != UserInfo.getUserId() && !Auth.CommunitiesUtil.isInternalUser()) { 
10            // clear-out all PII fields form user record which we have queried above. 
11            userRecord.username = ''; 
12            userRecord.title = ''; 
13        } 
14    } 
15    return userRecords;
16}

To comply with a user’s contact information visibility settings within a community or portal, we check the preferences associated with specific fields and show or hide the data accordingly. For a user’s contact visibility settings within a community:

1public User[] fetchUserRecordRespectingFLVPreferences(Set<Id> userIds) {
2
3    //Fetch users records along with fields specific user preferences.
4    User[] userRecords = [SELECT email, UserPreferencesShowEmailToExternalUsers, UserPreferencesShowEmailToGuestUsers FROM User WHERE id IN :userIds];
5
6    // If context user is internal user then return result without any restriction.
7    if (Auth.CommunitiesUtil.isInternalUser()) {
8        return userRecords;
9    }
10
11    // If user is guest user then return result as per the user's UserPreference for the fields related to the Guest user visibility.
12    if (Auth.CommunitiesUtil.isGuestUser()){
13        return fetchUserRecordForGuestUser(userRecords);
14    }
15
16    // Return result as per the user's UserPreference for the fields related to the External user visibility 
17    return fetchUserRecordForExternalUser(userRecords);
18
19}
20
21// Apply Field level visibilty logic by checking user's UserPreferences for the fields related to the External user visibility.
22public User[] fetchUserRecordForExternalUser(User[] userRecords) {
23
24    for(User userRecord : userRecords) {
25
26        //Clear field of user record when context user fetching other user's record and Field Level Visibility for that field is set to Restricted.
27        if(userRecord.id != UserInfo.getUserId() && !userRecord.UserPreferencesShowEmailToExternalUsers)
28        {
29            userRecord.email = '';
30        }
31
32    }   
33
34    return userRecords;         
35}
36
37// Apply Field level visibilty logic by checking user's UserPreferences for the fields related to the Guest user visibility.
38public User[] fetchUserRecordForGuestUser(User[] userRecords) {
39
40    for(User userRecord : userRecords) {
41
42        //Clear field of user record when context user fetching other user's record and user preference for that field is NOT set to public.
43        if(!userRecord.UserPreferencesShowEmailToGuestUsers)
44        {
45            userRecord.email = '';
46        }
47
48    }   
49
50    return userRecords;       
51
52}