+ Start a Discussion
Shruthi GM 6Shruthi GM 6 

I am facing this error in Platform developer 1 Spring 19 maintenance exam

"Your Apex code contains field level access checks that are redundant now that you've added 'WITH SECURITY_ENFORCED'. Please check your code again."

Code is:-

@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        if (Schema.SObjectType.Contact.isAccessible()
            && Schema.SObjectType.Contact.fields.Name.isAccessible()
            && Schema.SObjectType.Contact.fields.Secret_Key__c.isAccessible()){
            List<Contact> results = [SELECT id FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
            if (!results.isEmpty()) {
                result = results[0];
            }
        } else{
            throw new SecurityException('You don\'t have access to all contact fields required to use this API');
        }
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

Kindly suggest me what exactly I need to change in the code.
Thanks inadvance.
Best Answer chosen by Shruthi GM 6
Raj VakatiRaj Vakati
Refer this link 
https://success.salesforce.com/answers?id=9063A000000lSPsQAM

You dont have to provide access to any fields. If you read the challenge, you just have to edit the query to include the new WITH SECURITY_ENFORCED attribute, and remove other field level security checks. 

You need to put the query in a try/catch statement, and catch the System.Query Exception.

Use this code
 
@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        List<Contact> results;
        try{
            results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
        }catch(QueryException e){}
        
        if (!results.isEmpty()) {
                result = results[0];
        }
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

 

All Answers

Raj VakatiRaj Vakati
Refer this link 
https://success.salesforce.com/answers?id=9063A000000lSPsQAM

You dont have to provide access to any fields. If you read the challenge, you just have to edit the query to include the new WITH SECURITY_ENFORCED attribute, and remove other field level security checks. 

You need to put the query in a try/catch statement, and catch the System.Query Exception.

Use this code
 
@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        List<Contact> results;
        try{
            results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
        }catch(QueryException e){}
        
        if (!results.isEmpty()) {
                result = results[0];
        }
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

 
This was selected as the best answer
Team  CodEngine.inTeam CodEngine.in
FYI.. in case if required.
https://www.codengine.in/2019/05/Salesforce-platform-developer-1-certification-maintenance-Spring-19-hands-on-challenge.html

- Naveen K N
Deepak Srivastava 10Deepak Srivastava 10
Hi Sruthi ,

Here is your answer-
Read this line in the challenge "Add the WITH SECURITY_ENFORCED clause to the SOQL query on line 13 in the code provided. This will make the manual Schema.SObjectType checks redundant." which means when you are adding SECURITY_ENFORCED  in your SOQL it automatically checks for the Object level permission and field level permission but If you see the sample code provided, then in line# 10, 11 and 12 deleloper is already checking the same thing which is redundant in this case. 

Solution for this problem is simply remove this If condition with all three checks and save the code. It would work. I hope this will help you out. If this resolves your query, please let me know. If you still don't get, will share the code then.

Cheers,
Deepak