Thursday, April 12, 2012

Object sharing using email approval


This solution gives record access to a Salesforce user via email approval. Here we are providing access to the Accounts but this can be generalized for any standard or custom object.
 In order to grant access to the Account, an approval workflow request would be sent to the record owner and upon approval Apex code would be executed to add the requested user in the Account Team/Share objects.


1    1.    Provide a Request for Access button against each Account record on the Visual force page.
a.      Display a pop-up to the end user: A Request Email has been sent for Access.
b.      Create a Custom Object “Account Sharing Request” and add an Entry in this object:
AccountID, OwnerID, RequestedBy(UserID),IsApproved(False) for the request.
 
2.      Create an Approval process for Account Sharing Request in the controller class and send an approval request email to the record owner. 
 
3.      Enable email approval response so that the user can approve or reject the request by replying to the email: approve, approved, yes, reject, rejected, or no.
 
4.      Update IsApproved field to True upon approval: This is the Final approval action.
 
5.      Update trigger on the Account_Sharing_Request__c object would add the requested User to the Account Team and Account share Object.


Saturday, April 7, 2012

Query User access Level in Apex

     With API 24 salesforce has given access to UserRecordAccess table. This gives us more power in querying whether user have access and upto what level so that we can build our VF and apex accordingly.
http://www.salesforce.com/us/developer/docs/api/index_Left.htm#StartTopic=Content/sforce_api_objects_userrecordaccess.htm

I was writing a VF page in which i needed to have a table of sobject records with Edit and del links for each line item. I was using{!URL for} function which would take care of the link automatically. It would even prevent users who do not have permission to edit or delete the record to take it to the page 'you do not have sufficient permission'.

 I thought it would be nice to know if the loggedin user or profile permission can be queried based on which i could display or hide these links instead of user clicking the link and finding out. Thats when i searched i figured it could be handled with Api 24.0

SELECT RecordId, HasReadAccess, HasTransferAccess, MaxAccessLevel
     FROM UserRecordAccess
     WHERE UserId = [single ID]
     AND RecordId = [single ID]      //or Record IN [list of IDs]

so i needed to get info on hasEditAccess and hasDeleteAccess for loggedin user and based on which i displayed or hid the link. It worked like charm.