Apex Code Development You need to sign in to do that
Don't have an account?
irlrobins Create Case on Unauthenticated Site VF page
Hey all, (apolgoies for cross posting but on reflection I think my question might be better placed here)
Anyway, here's a background to what I'd like to do. I have a custom object (Order) which has a status field. When this status field is changed to a certain value I want to sent an email to the Order customer. This is straight forward out of the box funcationality so that's not a problem.
Here's where I get stuck. In this email I'd like to include a link to a custom Visualforce page, including the Order Id as a query string. The recipent would click the link and be taken to this VF page. The requirement is that the receipent should not have to login to SFDC to view this page. This VF page will contain one or two fields (probably a datetime type) which the receipent completes and then presses a command button. This command button will trigger code in the controller that will create a case with predefined data as well as the data entered by the receipent.
That's it. Not too complex, but I'm not sure if I can do this all without authenticating the user. Can anyone advise please?
Thanks
Robin
In the configuration for the site, it needs to have the proper security allowances. I recommend the following ONLY if you're using a custom Visualforce controller that is not an extension (ie, the default structure of the StandardController, controller extensions is not secure enough for the unauthed approach)
Site > Public Access Settings
Case Field Level Security - All fields that are written from the page need to be checked as visible
Case - Create permission checked
Thanks for your reply Paul.
Just to confirm what you mean:
My controller should not extend a StandardController, but should be a complete custom "stand alone" controller that creates the Case?
you got it. that way, you control exposure of data, and you don't open it up to returning data you weren't expecting to, as well as ensuring you don't overexpose as you start to expand usage of Sites. it's not fool-proof, but it's effectively as safe as it gets when it comes to anonymous access. it's the approach we use for our custom web-to-case running on VF, and it works quite well.
Great, thanks. I appreciate the response.