+ Start a Discussion
Anuj Joshi 42Anuj Joshi 42 

checking FLS and CRUD permissions for upsert

Hi All,

I have run a checkmarx report and have been reported with FLS create issue. In my class I am writing upsert statements. I dont know how to check upsert condition. For insert i am checking if each field isCreateable() and for update i am checking if field is isUpdateable().
I also need a optimised solution. I am checking FLS like this for each field. 
Contact contact = [Select c.Phone, c.OtherPhone, c.MobilePhone, c.MailingStreet, c.MailingState, 
            	       c.MailingPostalCode, c.MailingCountry, c.MailingCity, c.LastName, c.Id, c.HomePhone, 
            	       c.FirstName, c.Fax, c.Email_Alt_2__c, c.Email_Alt_1__c, c.Email, c.Country__c, 
            	       c.Cisco_com_Login__c, c.Cisco_ID_CSCO__c, c.AssistantPhone, c.Country_Code__c, c.Area_Code__c From Contact c
            	       where c.Id =: user.ContactId];	
            	   if (contact != null) {
                       if(Schema.SObjectType.contact.fields.FirstName.isUpdateable() &&
                         Schema.SObjectType.contact.fields.LastName.isUpdateable() &&
                         Schema.SObjectType.contact.fields.Email.isUpdateable() &&
                         Schema.SObjectType.contact.fields.Email_Alt_1__c.isUpdateable() &&
                         Schema.SObjectType.contact.fields.Email_Alt_2__c.isUpdateable() &&
                         Schema.SObjectType.contact.fields.MailingStreet.isUpdateable() &&
                         Schema.SObjectType.contact.fields.MailingCity.isUpdateable() &&
                         Schema.SObjectType.contact.fields.MailingPostalCode.isUpdateable() &&
                         Schema.SObjectType.contact.fields.MailingState.isUpdateable() &&
                          Schema.SObjectType.contact.fields.MailingCountry.isUpdateable() &&
                          Schema.SObjectType.contact.fields.Country__c.isUpdateable() &&
                          Schema.SObjectType.contact.fields.Cisco_com_Login__c.isUpdateable() &&
                          Schema.SObjectType.contact.fields.Testing_ID__c.isUpdateable() &&
                          Schema.SObjectType.contact.fields.Cisco_ID_CSCO__c.isUpdateable() &&
                         Schema.SObjectType.contact.fields.Area_Code__c.isUpdateable() &&
                         Schema.SObjectType.contact.fields.Country_Code__c.isUpdateable() &&
                         Schema.SObjectType.contact.fields.Phone.isUpdateable() &&
                         Schema.SObjectType.contact.fields.Fax.isUpdateable() &&
            	   	   contact.FirstName = firstname;
            	   	   contact.LastName = lastname;
            	   	   contact.Email = emailaddress;
            	   	   contact.Email_Alt_1__c = altemail1;
            	       contact.Email_Alt_2__c = altemail2;
            	       contact.MailingStreet = street;
            	       contact.MailingCity = city;
            	       contact.MailingPostalCode = postalCode;
            	       if (country == 'United States') {
            	           contact.MailingState = stateprovince;
            	       } else {
            	       	   contact.MailingState = '';
            	       contact.MailingCountry = country;
            	       contact.Country__c = regioncountry;
            	       //contact.Audience__c = audience;
            	       contact.Cisco_com_Login__c = ciscocomlogin;
            	       contact.Testing_ID__c = testingid;
            	       contact.Cisco_ID_CSCO__c = ciscoid;
            	       contact.Area_Code__c = Integer.valueOf(areaCode.trim());
            	       contact.Country_Code__c = countryCode;
            	       contact.Phone = phonenumber;
            	       contact.Fax = faxPhone;
            	       contact.HomePhone = homePhone;
            	       upsert contact;

Is there any shorter approach rather than checking each field. I checked each field but its not going away in checkmarx report.

SandhyaSandhya (Salesforce Developers) 

You need to check both isCreateable() and isUpdateable() for upsert.Also refer below link for sample code.

Please mark it as solved if my reply was helpful. It will make it available for other as the proper solution.
Best Regards
Anuj Joshi 42Anuj Joshi 42
Hi Sandhya,

Instead of checking for each field can I check it once. And also test class should be run as user?

Om PrakashOm Prakash
Hi Anuj,
Modify your code according to bellow sample which we used for clear checkmarx.
Instead of checking for each field, you can create an arry of each filed and check once for each.
Boolean isCreateAccess = true;
String[] contactFields = new String [] {'LastName','Email'};
Map<String,Schema.SObjectField> mapSchema = Schema.SObjectType.Contact.fields.getMap();
for(String fieldToCheck : contactFields) {
    // Check if the user has create access on the each field
	if(mapSchema.get(fieldToCheck) != null && (!mapSchema.get(fieldToCheck).getDescribe().isCreateable())) {
		isCreateAccess = false;
if(isCreateAccess == false)
	// You don't have write permission on specific field
	//insert lstContact;

Anuj Joshi 42Anuj Joshi 42
Hi Om Prakash,

I am getting an error on line 3. The error is "Expecting '}' but was: 'for'".

Om PrakashOm Prakash
Hi Anuj,
I just verified above code in anonymous window of developer console and its executing.
Please share your code near line number 3 and 4 so that I can check if any thing wrong during modification.