+ Start a Discussion
dnakonidnakoni 

Record access in Apex

Does anyone know how I can check whether the current user has some kind of access to a particular record?

 

Let's say I have a custom VF page with an Account standard controller, and an extension. In the extension, I want to check whether the current user has UPDATE access to the current Account record on the VF page. I found the isAccessible/isUpdateable methods, but those are on a field/object level, they do not look at particular records.

 

Thanks!!

bob_buzzardbob_buzzard

You can check if the current user has access to the record by executing a method inside a class that has the "with sharing" keywords - this will respect sharing rules.   However, I'm not sure how easy it will be to determine the level of access that is available to the user via sharing rules.  

 

One way that might work is to set a savepoint, try to update the record and catch the exception if the user cannot update the record.  If they can, roll back to the savepoint and continue with the processing.  If they can't, propagate the exception back to the page.

dnakonidnakoni

Hi Bob, 

 

I tried something similar. However, I need to know the access level when the page loads, so I need the method in the action attribute on the apex:page tag. However, if I try to update a record in there, I get the DML not allowed error. Any ideas?

 

Thanks!

bob_buzzardbob_buzzard

I thought DML was allowed in the page action method.  The Visualforce Developer's Guide says that you shouldn't use this for initialisation, so its not recommended, but I'm sure I've used it in the past (although the route I was trying to go didn't pan out so I didn't proceed with that mechanism).

 

If DML isn't allowed in the page action, you could put some javascript in the page to execute an action function.  The action method could then determine the level of the user's access and set some properties to change the page behaviour.  Its not a great user experience though, as the page is drawn and then refreshed.  

 

One lateral though - a standard controller will respect the permissions of the currently logged in user.  Is there any way that you can leverage that?