Practice simplifying object- and field-level security checks with new Spring ’19 in Apex code

updated challenge code

@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        try {
            List&lt;Contact> results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
            if (!results.isEmpty()) {
                result = results[0];
            }
        }
        catch(QueryException  ex) {
            throw new SecurityException('You don\'t have access to all contact fields required to use this API');
        }
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

@RestResource(urlMapping='/secureApexRest')

global with sharing class SecureApexRest {

@HttpGet

global static Contact doGet(){

Id recordId = RestContext.request.params.get('id');

Contact result;

if (recordId == null){

throw new FunctionalException('Id parameter is required');

}

try {

List<Contact> results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];

if (!results.isEmpty()) {

result = results[0];

}

catch(QueryException ex) {

throw new SecurityException('You don\'t have access to all contact fields required to use this API');

}

return result;

}

public class FunctionalException extends Exception{}

public class SecurityException extends Exception{}

}

S	M	T	W	T	F	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Leave a Reply Cancel reply