Enforce FLS & CRUD in Lightning Component Manually.

Kapil June 20, 2019


How to Enforce CRUD & FLS in Lightning Component Manually ?


If you are a lightning component developer so you might already know that aura component does not support automatically CRUD & FLS in an apex controller.

This means the framework continues to display the records & fields for which user does not have CRUD access and FLS visibility.

For this we have to enforce the CRUD & FLS manually.

To get this done first you need to include with sharing keyword in your class name as shown below :


1
2
3
public with sharing class  myController{

}


After that we have to ensure in our apex controller that user see only those records on which he has access. We could check this using following functions :

  • isAccessible()
  • isCreateable()
  • isDeletable()
  • isUpdateable()
In below example I have used these function to check FLS manually : 


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
@AuraEnabled
    public static Boolean isFLS(){
        
        // Check if the user has read access on the Account.Name field
        if (Schema.sObjectType.Account.fields.Name.isAccessible()){
            return true;
        }
        
        String [] accountUpdateFields = new String [] {'AnnualRevenue',
                                                     'Name',
                                                     'Phone',
                                                     'Description'};

        // Check if the user has create access on each field
        // Get all fields of Account Object
        Map<String,Schema.SObjectField> acc = Schema.SObjectType.Account.fields.getMap();
        for (String fieldToCheck : accountUpdateFields) {
            // Check if the user has create access on the each field
            if (acc.get(fieldToCheck).getDescribe().isCreateable()) {
                return true;
            }
            else{
                return false;
            }
        }
                
        // Check if the user has delete access on the Account object
        if (Account.sObjectType.getDescribe().isDeletable()){
            return true;
        }
        
        // Check if the user has update access on the Name field
        if (Schema.sObjectType.Account.fields.Name.isUpdateable()){
            return true;
        }
        return false;

    }

If you have any question please leave a comment below.
If you would like to add something to this post please leave a comment below.
Share this blog with your friends if you find it helpful somehow !

Thanks
Keep Coding 😊
Tags:

Post a Comment

0 Comments