updated challenge code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
@RestResource(urlMapping='/secureApexRest') global with sharing class SecureApexRest { @HttpGet global static Contact doGet(){ Id recordId = RestContext.request.params.get('id'); Contact result; if (recordId == null){ throw new FunctionalException('Id parameter is required'); } try { List<Contact> results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED]; if (!results.isEmpty()) { result = results[0]; } } catch(QueryException ex) { throw new SecurityException('You don\'t have access to all contact fields required to use this API'); } return result; } public class FunctionalException extends Exception{} public class SecurityException extends Exception{} } |