diff --git a/TODO.txt b/TODO.txt index 03ce5f14eb3..38f6a12bf49 100644 --- a/TODO.txt +++ b/TODO.txt @@ -14,14 +14,16 @@ Test: Look at: SobjectUtils.getSobjectName +Test Manually: + Implementation os SecureDml in general - does it actually work + Can I create a record that I can't update, even though I generally have rights - what happens? + Can I create a record that I can update, even though I generally don't have rights - what happens? + * To finalise the core architecture: * Decide on FLS standards * Do we need to have a non all-or-nothing version of commitWork? -Add reference to disabling individual trigger events in tests: - https://andyinthecloud.com/2016/04/13/disabling-trigger-events-in-apex-enterprise-patterns/ - Add to documentation * Wrapping exceptions on the way out of services * Query builder - add it to the architectural diagram - after more investigation @@ -34,24 +36,23 @@ Add to documentation * Do not do domain logic in them * Using the Mock Registarar - * Describe the Application Factories From Utilities, things that may be useful: -* getReferenceObjectAPIName -* getObjName - get the object name from an Id -* getLabel / getObjectLabel - get the label for an sobject -* getFieldLabel -* delimitedStringToSet and reverse - * escaping single quotes - in both directions? -* unitsBetweenDateTime -* emailAddressIsValid / emailAddressListIsValid -* sObjectIsCustom / sObjectIsCustomfromAPIName -* IsfieldFilterable -* isFieldCustom -* idIsValid -* getCrossObjectAPIName -* objectFieldExist -* sortSelectOptions - complete re-write + * getReferenceObjectAPIName + * getObjName - get the object name from an Id + * getLabel / getObjectLabel - get the label for an sobject + * getFieldLabel + * delimitedStringToSet and reverse + * escaping single quotes - in both directions? + * unitsBetweenDateTime + * emailAddressIsValid / emailAddressListIsValid + * sObjectIsCustom / sObjectIsCustomfromAPIName + * IsfieldFilterable + * isFieldCustom + * idIsValid + * getCrossObjectAPIName + * objectFieldExist + * sortSelectOptions - complete re-write Write tests for the SOQL generation in the criteria library diff --git a/framework/default/ortoo-core/default/classes/fflib-extension/SecureDml.cls b/framework/default/ortoo-core/default/classes/fflib-extension/SecureDml.cls index 0a3727d2ce9..f2ee5f9f803 100644 --- a/framework/default/ortoo-core/default/classes/fflib-extension/SecureDml.cls +++ b/framework/default/ortoo-core/default/classes/fflib-extension/SecureDml.cls @@ -11,7 +11,7 @@ * CUD checking for a given SObject Type * CUD checking for all SObjects */ -public inherited sharing class SecureDml extends fflib_SobjectUnitOfWork.SimpleDML implements fflib_SobjectUnitOfWork.IDml +public inherited sharing virtual class SecureDml extends fflib_SobjectUnitOfWork.SimpleDML implements fflib_SobjectUnitOfWork.IDml { public inherited sharing class SecureDmlException extends ortoo_Exception { @@ -167,7 +167,7 @@ public inherited sharing class SecureDml extends fflib_SobjectUnitOfWork.SimpleD SobjectType type = SobjectUtils.getSobjectType( objList[0] ); - if ( shouldCheckCud( type ) && ! SobjectUtils.isCreateable( objList[0] ) ) + if ( shouldCheckCud( type ) && ! userCanCreate( objList[0] ) ) { cudViolationHandler.handleUnableToInsertRecords( objList ); return; @@ -195,7 +195,7 @@ public inherited sharing class SecureDml extends fflib_SobjectUnitOfWork.SimpleD SobjectType type = SobjectUtils.getSobjectType( objList[0] ); - if ( shouldCheckCud( type ) && ! SobjectUtils.isUpdateable( objList[0] ) ) + if ( shouldCheckCud( type ) && ! userCanUpdate( objList[0] ) ) { cudViolationHandler.handleUnableToUpdateRecords( objList ); return; @@ -222,7 +222,7 @@ public inherited sharing class SecureDml extends fflib_SobjectUnitOfWork.SimpleD SobjectType type = SobjectUtils.getSobjectType( objList[0] ); - if ( shouldCheckCud( type ) && ! SobjectUtils.isDeletable( objList[0] ) ) + if ( shouldCheckCud( type ) && ! userCanDelete( objList[0] ) ) { cudViolationHandler.handleUnableToDeleteRecords( objList ); return; @@ -244,7 +244,7 @@ public inherited sharing class SecureDml extends fflib_SobjectUnitOfWork.SimpleD SobjectType type = SobjectUtils.getSobjectType( objList[0] ); - if ( shouldCheckCud( type ) && ! SobjectUtils.isCreateable( objList[0] ) ) + if ( shouldCheckCud( type ) && ! userCanCreate( objList[0] ) ) { cudViolationHandler.handleUnableToPublishEvents( objList ); return; @@ -296,6 +296,7 @@ public inherited sharing class SecureDml extends fflib_SobjectUnitOfWork.SimpleD * @param List The new list of records, after the field values were stripped * @return Set The new, potentially reduced list of 'removed fields */ + @testVisible private Set unstripAccessible( Set removedFields, List originalRecords, List strippedRecords ) { SobjectType type = SobjectUtils.getSobjectType( originalRecords[0] ); @@ -419,6 +420,21 @@ public inherited sharing class SecureDml extends fflib_SobjectUnitOfWork.SimpleD } } + private virtual Boolean userCanCreate( Sobject record ) + { + return SobjectUtils.isCreateable( record ); + } + + private virtual Boolean userCanUpdate( Sobject record ) + { + return SobjectUtils.isUpdateable( record ); + } + + private virtual Boolean userCanDelete( Sobject record ) + { + return SobjectUtils.isUpdateable( record ); + } + /** * CudViolationHandler that ensures that exceptions are thrown when CUD violations occur */ diff --git a/framework/default/ortoo-core/default/classes/fflib-extension/tests/SecureDmlTest.cls b/framework/default/ortoo-core/default/classes/fflib-extension/tests/SecureDmlTest.cls new file mode 100644 index 00000000000..e2a54d0b98d --- /dev/null +++ b/framework/default/ortoo-core/default/classes/fflib-extension/tests/SecureDmlTest.cls @@ -0,0 +1,5 @@ + +@isTest +private without sharing class SecureDmlTest +{ +} \ No newline at end of file diff --git a/framework/default/ortoo-core/default/classes/fflib-extension/tests/SecureDmlTest.cls-meta.xml b/framework/default/ortoo-core/default/classes/fflib-extension/tests/SecureDmlTest.cls-meta.xml new file mode 100644 index 00000000000..dd61d1f917e --- /dev/null +++ b/framework/default/ortoo-core/default/classes/fflib-extension/tests/SecureDmlTest.cls-meta.xml @@ -0,0 +1,5 @@ + + + 52.0 + Active +