+ Start a Discussion
Max Friel.ax1251Max Friel.ax1251 

With sharing??


I believe I am missing something here.  I have a class that starts out with this...

public with sharing class Lilly_QR_PDF {

 And contains this function...

//Get all the accessible fields for a given object
    public static String getAccessibleFields(String objName){
        String fields = '';        
        Map<String,Schema.SObjectField> fieldMap = Schema.getGlobalDescribe().get(objName.toLowerCase()).getDescribe().Fields.getMap();         
        if(fieldMap != null){
            for(Schema.Sobjectfield ft : fieldMap.values()){
                Schema.DescribeFieldResult fd = ft.getDescribe();
                    fields = fields + fd.getName() + ',';
            if(fields.length() > 0){
                fields = fields.subString(0,fields.length()-1);
                fields = 'id';
            System.debug('FieldMap was null');
        return fields;

 As you can see that should only return the fields that come back with isAccessible equal to true. 

When I call the page with this heading...

<apex:page controller="Lilly_QR_PDF" renderAs="PDF" showHeader="false" sidebar="false" standardStyleSheets="false">

 It grabs fields that the user I am currently logged in with does not have access to.  I am sure I am just missing something or misunderstanding some basic security rules here, but I have looked at can not figure out what is going on.  Any help would be appreciated. 



Sharing Clause works on the data and allows to extract the data which the user has access to and not the metadata. Are you using the metadata info to run a query later ?



Max Friel.ax1251Max Friel.ax1251

Sorry ignore the bit in that previous post its been a long morning.  This is the VF that pulls the field info...

<apex:repeat value="{!IF(vp,$ObjectType.Call2_vod__c.FieldSets.LILLY_QR_VP_Interaction,IF(team== 'OL',IF(call['RecordTypeId'] == addId,$ObjectType.Call2_vod__c.FieldSets.LILLY_QR_OL_INTERACTION_ADDENDUM,$ObjectType.Call2_vod__c.FieldSets.LILLY_QR_OL_INTERACTION),IF(call['RecordTypeId'] == addId,$ObjectType.Call2_vod__c.FieldSets.LILLY_QR_ML_INTERACTION_ADDENDUM,$ObjectType.Call2_vod__c.FieldSets.LILLY_QR_ML_INTERACTION)))}" var="f"> 
                <tr><td class="label"><apex:outputText value="{!f.label}" /></td>
                <td><apex:outputField value="{!call[f]}" label="{!call[f].label}"/></td></tr>

 Why would the field be showing up in the field set if the user had no access to the field? 

Anup JadhavAnup Jadhav

Hi Max,


When you say that the user has no accesss to the field, do you mean that the field is not "visible" to the user's profile or it is "visible" but "Read Only".


- A