PLATFORM DEVELOPER I Certification Maintenance - Work with the New Apex Security Settings (Spring '19)

You can complete this from the following trailhead link, https://trailhead.salesforce.com/help?article=Spring-19-Platform-Developer-I-Maintenance

What we need to achieve today

In this exercise, you’ll begin with a code that contains manual field- and object-level security checks before a SOQL query. You will then refactor the code into a simplified implementation that relies on WITH SECURITY_ENFORCED to handle field- and object-level security checks.

Create the Secret Key custom text field on the Contact object as specified in the Get Ready for the Hands-on Challenge section above.
Create a new Apex class named SecureApexRest.
Copy and paste the SecureApexRest code provided above. This code is already secured with the conventional field- and object-level access checks.
Add the WITH SECURITY_ENFORCED clause to the SOQL query on line 13 in the code provided. This will make the manual Schema.SObjectType checks are redundant.
Refactor the code to remove the redundant object and field level access checks.
Maintain existing behavior by ensuring that failing results are checked in a SecurityException, rather than any other type of exception. This will require catching the System.QueryException that WITH SECURITY_ENFORCED throws and throwing a new SecurityException.

Step 1. Create the Secret Key custom field on Contact Object.

Setup -> Object Manager -> Contact -> Fields & Relationships -> New

Create a Custom Field, Name -> Secret Key and Length of 255

Click Next and Uncheck the visible for Standard Users.

Uncheck the option to make it visible for Standard Users.

Step 2. Create a new Apex Class -> SecureApexRest

Copy the following code into the class then Save and Check the challenge!

@RestResource(urlMapping='/secureApexRest')
global with sharing class SecureApexRest {
    @HttpGet
    global static Contact doGet(){
        Id recordId = RestContext.request.params.get('id');
        Contact result;
        if (recordId == null){
            throw new FunctionalException('Id parameter is required');
        }
        
        try{
            List&lt;Contact> results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];
        	if (!results.isEmpty()) {
            result = results[0];
         }
        }catch (QueryException e){
            throw new SecurityException('You don\'t have access to all contact fields required to use this API');
        }
        
        return result;
    }
    public class FunctionalException extends Exception{}
    public class SecurityException extends Exception{}
}

@RestResource(urlMapping='/secureApexRest')

global with sharing class SecureApexRest {

@HttpGet

global static Contact doGet(){

Id recordId = RestContext.request.params.get('id');

Contact result;

if (recordId == null){

throw new FunctionalException('Id parameter is required');

}

try{

List<Contact> results = [SELECT id, Name, Secret_Key__c FROM Contact WHERE Id = :recordId WITH SECURITY_ENFORCED];

if (!results.isEmpty()) {

result = results[0];

}

}catch (QueryException e){

throw new SecurityException('You don\'t have access to all contact fields required to use this API');

}

return result;

}

public class FunctionalException extends Exception{}

public class SecurityException extends Exception{}

}

For the previous challenge, check the following link

LEARN WHAT’S NEW FOR PLATFORM DEVELOPERS IN SPRING ’19

CodeCodeCode.Ninja

PLATFORM DEVELOPER I Certification Maintenance – Work with the New Apex Security Settings (Spring ’19)

Leave a Reply Cancel reply