[SalesForce] How to check if the current user in Public groups before insert new contact using trigger

I have been trying to check the current user is exists in public groups or not using trigger on Contact object before insert. I was wondering whether this is right way to check it or not? Exactly what I want to achieve is to check and prevent current user from creating new contact which is not in particular groups. Any kind of suggestions are highly appreciated. Here is my trigger:

  trigger ValidateUserToImport on Contact (before insert) {



public String Currentusergroup {get;set;}

   List<groupmember> lst = [select group.name,group.DeveloperName from groupmember where UserOrGroupid=:UserInfo.getUserId()];
   //List<Contact> contacts = [select Home_Company__c, Working_Host_Company__c from Contact];

  for( Contact c : trigger.new )
  {
     for(groupmember lst2: lst)
      {
        if(c.Working_Host_Company__c != lst[0].group.DeveloperName)
        {
            c.addError('Insufficient rights');
        }
        else
      {
        insert c;
      }
      }

  }

}

I tried like this, still wondering whether this is right way to do as follows:

trigger ValidateUserToImport on Contact (before insert) {

  public String Currentusergroup {get;set;}

   List<groupmember> lst = [select group.name,group.DeveloperName from groupmember where UserOrGroupid=:UserInfo.getUserId()];
   List<Contact> work_cmpny = [select Home_Company__c, Working_Host_Company__c from Contact];

  for( Contact c : trigger.new )
  {
     for(groupmember lst2: lst)
      {
        if(!c.Working_Host_Company__c.Contains(lst2.group.DeveloperName))
        c.addError('Insufficient rights');
      }
  }

}

Best Answer

You could do something like the following (untested) code. It is building a Set of all the groups the current user is in. It will then check each Working_Host_Company__c on the Contact, if the user is not in a group for that Contact then an error is added.

   Set<String> groupNames = new Set<String>();
   for (GroupMember gm : [select 
                             group.name,
                             group.DeveloperName 
                          from GroupMember 
                          where UserOrGroupId = :UserInfo.getUserId()]) {
       groupNames.add(gm.group.DeveloperName);
   }

   for(Contact c : trigger.new) {
      if (!groupNames.contains(c.Working_Host_Company__c)) {
           c.addError('Insufficient rights');
      }
   }

Related Solutions

[SalesForce] How to create required Master-Detail Records before insert

You thought on looking for appropriate contact in before trigger, create if not exist and assign to Registration record is in the right direction. That concept should work fine. However few issues with your code/question.

In the before insert trigger, you are already in the process of inserting Registration__c records. So no need to do this again.

listreg.add(reg); insert listreg;
Else block, is empty block. I think you intended to put above code in there, but it is not required. So you can remove this block altogether.

else {}
Try to query for contacts outside of the for loop so you will not run into Salesforce Limits.

[SalesForce] CaseShare – INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY

I have a similar problem getting the same error message as described above, first let me explain my case:

I have a visual force page with an extension "without sharing" that list cases that the current logged in customer community user has not access to.

I use a apex:dataTable with this column:

<apex:column>
  <apex:commandLink value="{!c.CaseNumber}" action="{!SetCaseSharing}">
    <apex:param name="setCaseSharing" value="{!c.Id}" assignTo="{!caseIdSelected}"/>
  </apex:commandLink>
</apex:column>

When the user selects a case clicking on the commandLink this method runs (a bit simplified):

public Id caseIdSelected {get; set;}

public SetCaseSharing()
{
  Case c = [SELECT Id FROM Case WHERE Id = :caseIdSelected];
  CaseShare caseShare = new CaseShare();
  caseShare.CaseId = c.Id;
  caseShare.UserOrGroupId = UserInfo.getUserId();
  caseShare.RowCause = 'Manual';
  caseShare.CaseAccessLevel = 'Edit';
  upsert(caseShare);
}

I know about the limitation that the current record owner cannot be added using manual apex sharing, and you cannot limit the access granted using sharing rules only add permission. These issues are not the problem in my case.

When logging in as a customer commmunity user using "Manage External Users" and then select a case from the list the problem occurs.

My code worked perfectly however when logging into the community as an administrator or "normal" user (instead of customer community user) and then adding a "normal" user (not a customer community user) to the manual sharing.

PROBLEM 1

I was not allowed to set manual sharing to a customer community user, even logged in as administrator, returning:

Upsert failed. First exception on row 0; first error: FIELD_INTEGRITY_EXCEPTION, field integrity exception: unknown (invalid user or group: 00511000002Hgs3): [unknown]

I guess the first problem might be solved using the more expensive "partner community license" or "customer community plus license" instead of "customer community license".

PROBLEM 2

I was not allowed to set manual sharing to a "normal" user when logged in as a customer community user, returning:

Upsert failed. First exception on row 0; first error: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []

Not sure if it is possible to add sharing rules from the community when the logged in user is a customer community user not having access to the case in the first place. Moving this to a trigger or a scheduled job running separate from the community might solve it.

Best Answer

Related Solutions

[SalesForce] How to create required Master-Detail Records before insert

[SalesForce] CaseShare – INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY

Related Topic