How can I validate CRUD permission before execution of the SOQL queries or DML operation?
I am currently engaged in a particular task that is related to developing a Salesforce application where users have different levels of access based on their roles. How can I validate CRUD permission before implementation of the SOQL queries or DML operations to ensure that users can only perform actions they are authorized for?
In the context of Salesforce, you can validate the CRUD permission before the implementation of SOQL queries or DML operation in Salesforce by using the several steps which are given below:-
Checking CRUD permission by using the apex:-
In Salesforce, you can use the Apex code to check the CRUD permission for an object before performing any SOQL queries or DML operation:-
Public class PermissionChecker {
// Method to check if the current user has Read access to a specific object
Public static Boolean hasReadAccess(String objectApiName) {
Schema.DescribeSObjectResult objectDescribe = Schema.getGlobalDescribe().get(objectApiName).getDescribe();
Return objectDescribe.isQueryable();
}
// Method to check if the current user has Create access to a specific object
Public static Boolean hasCreateAccess(String objectApiName) {
Schema.DescribeSObjectResult objectDescribe = Schema.getGlobalDescribe().get(objectApiName).getDescribe();
Return objectDescribe.isCreateable();
}
// Method to check if the current user has Update access to a specific object
Public static Boolean hasUpdateAccess(String objectApiName) {
Schema.DescribeSObjectResult objectDescribe = Schema.getGlobalDescribe().get(objectApiName).getDescribe();
Return objectDescribe.isUpdateable();
}
// Method to check if the current user has Delete access to a specific object
Public static Boolean hasDeleteAccess(String objectApiName) {
Schema.DescribeSObjectResult objectDescribe = Schema.getGlobalDescribe().get(objectApiName).getDescribe();
Return objectDescribe.isDeleteable();
}
}
Validation of the permission before SOQL queries
You can use the “PermissionChecker” before the time of implementation of a SOQL query for the purpose of validating that the current users have the necessary Crud Permission for the object being queried:-
Public class MyController {
Public List getAccounts() {
If (PermissionChecker.hasReadAccess(‘Account’)) {
// Perform SOQL query to fetch accounts
Return [SELECT Id, Name FROM Account LIMIT 10];
} else {
// Handle permission denied scenario
Throw new System.NoAccessException(‘You do not have permission to read Account records.’);
}
}
}
Validation of the permission before DML operations
Similarly, before the time of performing w DML operation you can validate that the current user has the required CRUD permission by using the “PermissionChecker” class:-
Public class MyController {
Public void createAccount(Account newAccount) {
If (PermissionChecker.hasCreateAccess(‘Account’)) {
// Perform DML operation to insert the new account
Insert newAccount;
} else {
// Handle permission denied scenario
Throw new System.NoAccessException(‘You do not have permission to create Account records.’);
}
}
Public void updateAccount(Account updatedAccount) {
If (PermissionChecker.hasUpdateAccess(‘Account’)) {
// Perform DML operation to update the account
Update updatedAccount;
} else {
// Handle permission denied scenario
Throw new System.NoAccessException(‘You do not have permission to update Account records.’);
}
}
Public void deleteAccount(Account accountToDelete) {
If (PermissionChecker.hasDeleteAccess(‘Account’)) {
// Perform DML operation to delete the account
Delete accountToDelete;
} else {
// Handle permission denied scenario
Throw new System.NoAccessException(‘You do not have permission to delete Account records.’);
}
}
}