Apex Code Development You need to sign in to do that
Don't have an account?
dfire processing DML on Sites
I have a multi-part form, which cycles from page to page, collecting info, and then on the last page saves the SObjects that have been created along the way.
This includes a Person Account, and severl custom objects. I have enabled read/create perms on Accounts, Contacts, and the relevant custom objs in the Site Public Access Settings.
When I do this inside SFDC it works fine, however when I try from the public site it navigates from page to page, but when I try to save I get a 401 - Authorization Required page. I know its not the Confirmation page that is supposed to appear after the save as I tried by-passing the save and going directly to the confirm page, and it worked.
I assume this is something to do with perms on doing DML. I am only inserting. I am currently running in a sandbox.
Yes I agree with you. But when you are developing the application for your own purpose, you can use without sharing token.
There is a reason why "without sharing" is available.
All Answers
For sites you have guest profile available.Check the CRUD settings (create - read - update -delete) for the object as well as the field level security : is the Guest Profile (Public Access Settings) allowed to create the object ?
Yes Ahmed is right, you have to give rights for objects on which you are performing DML on guest profile.
You can do this by following this path :
Setup > AppSetup > Develop > Sites > Click On your site > Public Access Setting > Give CRUD rights to your object.
Thanks
Ankit Arora
Blog | Facebook | Blog Page
User "without sharing" token in your controller class.
Hi,
Using "Without Sharing" is not the best practice to write a class. Security scan result will show error in class where we have used "Without Sharing" when we want to list the app on appExchange.
Best is to use security settings for conditional hide/display.
Thanks
Ankit Arora
Blog | Facebook | Blog Page
Yes I agree with you. But when you are developing the application for your own purpose, you can use without sharing token.
There is a reason why "without sharing" is available.
I took out the "with sharing" and it works! This is an internal application and won't be issued on the appExchange so this solution works.
btw, I had set the CRUD setting for the Sites guest profile but I think the issue was that some of the fields were hidden for this profile as they contain sensitive information. Since this form is a one-way submission, removing the sharing rules works best for our needs.
Thank you both for your help.