当用户配置文件拒绝访问子对象时,在 Visualforce 页面中使用 apex:relatedList [英] Using apex:relatedList in a Visualforce page when the user profile denies access to child objects
问题描述
我有两个自定义对象,约会和会话报告.会话报告是标准主从关系中约会的子项.此外,我有一个配置文件学生,它具有约会的读取-创建-编辑-删除权限,但没有会话报告的权限.用例是学生可以创建约会,但无法查看导师为此约会创建的会话报告.
I have two custom objects, Appointment and Session Report. Session Report is a child of Appointment in a standard Master-Detail relationship. Additionally, I have a profile, Student, which has Read-Create-Edit-Delete for Appointments and no rights for Session Reports. The use case is a Student can create an Appointment but cannot view the Session Reports created for this Appointment by a Tutor.
在查看约会时使用约会对象的标准布局按预期工作.即,学生可以看到约会字段,而不会显示会话报告的相关列表.观察到的所有其他用户配置文件都可以看到会话报告的相关列表.
Using a standard layout for the Appointment object works as expected when viewing Appointments. Namely, the Student can see the Appointment fields and the related list of Session Reports is not displayed. All other user profiles observe can see the related list of Session Reports.
但是,我在用 Visualforce 页面替换标准布局时遇到了一个问题:
However, I have encountered a problem when replacing the standard layout with a Visualforce page as such:
<apex:page standardController="Appointment__c">
<apex:sectionHeader title="{!$ObjectType.Appointment__c.label}" subtitle="{!Appointment__c.Name}"/>
<apex:pageBlock title="{!$ObjectType.Appointment__c.label} Detail">
<apex:pageBlockSection showHeader="false" columns="1">
<apex:outputField value="{!Appointment__c.Tutor_Name__c}"/>
<apex:outputField value="{!Appointment__c.Student_Name__c}"/>
</apex:pageBlockSection>
</apex:pageBlock>
<apex:relatedList list="Session_Reports__r"/>
对于至少具有会话报告对象的读取权限的所有用户来说,这个新页面按预期工作.学生用户无权访问此对象并收到此错误消息
This new page works as expected for all users with at least Read rights for the Session Report object. The Student user has no rights to this object and receives this error message
'Session_Reports__r' is not a valid child relationship name for entity Appointment
显然这种关系确实存在,因为页面可以为具有不同配置文件的用户正确显示.我一直无法解决标准布局和 VF 页面之间会导致此失败的差异.有人建议我可以在 VF 页面中识别用户配置文件并使用该信息来切换渲染.但是,这种方法违背了 Salesforce 安全模型的目的,我不会采用这种技术.
Clearly this relationship does exist as the page can be displayed properly for users with different profiles. I have been unable to resolve the difference between the standard layout and the VF page that would result in this failure. It has been suggested to me that I could identify the user profile in the VF page and use that information to toggle rendering. However, this type of approach defeats the purpose of the Salesforce security model and I won't be adopting such a technique.
我应该能够以这种方式使用 apex:relatedList 吗?或者我是否错误地认为 VF 渲染引擎可以确定何时可以和不可以显示相关列表?
Should I be able to use apex:relatedList in this fashion? Or have I wrongly assumed that the VF rendering engine could figure out when it can and cannot display related lists?
推荐答案
Salesforce 安全模型只会确保您不会显示特定用户无法访问的数据.它是如何通过抛出您看到的异常来做到这一点的.如果您正在构建自定义 vf 页面,则您有责任确保不显示用户不允许看到的内容.请注意,这与如果用户没有适当的字段级别安全性则不会显示的字段不同.
Salesforce security model is only going to ensure you don't show data that is not accessible to a particular user. How it does this is by throwing that exception you see. If you're building a custom vf page your responsible for making sure you don't display something the user isn't allowed to see. Note this is different than for fields which just don't show up if the user doesn't have the proper field level security.
您需要添加一个检查来验证用户可以查看该对象.幸运的是,他们在 描述对象结果 以便您确定当前用户对该对象的权限,而无需将配置文件硬编码到您的代码中.对于您的特定情况,如果对象不可访问,则您不会显示该相关列表的内容.
You'll need to add a check to verify a user can view that object. Fortunately they have a lot of "is" methods (isAccessible, isCreatable, isDeletable, etc.) on the Describe Object Result for you to determine what the current user's permissions are for that object without having to hard code profiles into your code. For your specific case you don't what to display that related list if it's object not accessible.
Visualforce 页面:
Visualforce Page:
<apex:relatedList list="Session_Reports__r"
rendered="{!$ObjectType.Session_Report__c.accessible}"/>
这篇关于当用户配置文件拒绝访问子对象时,在 Visualforce 页面中使用 apex:relatedList的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
