+ Start a Discussion
Vidya DVidya D 

test class to test User Privileges doesn't work in sandbox

I have ControllerExtension for Account’s child Object. Obj1   Profile A  User UA has permission to CRUD for Account and OBJ1. Profile B  - User UB doesn’t have access to ControllerExtension as well as VF page.  When I login as user UB in developer sandbox, and test through UI, I get insufficient privileges for page using  ControllerExtension. This is as expected.
I have written test class to test this scenario. But it doesn’t give me this error.

But if I use Chatter Free profile to create runAs User , I get the exception in catch part.
Is there way to catch or debug insufficient privilages?

How to write test class to test User Privileges?
    public static void testUserAccess(){
        // create test user
         User runUsr =  [select name, id, profileId from User where id = '005j000034BMsou' limit 1];
//As this doesn’t work, I am directly retrieving user who as profileB
        System.debug(' runUsr ' + runUsr);
   // This prints me correct user         
            user rrU = [select name, id, profileId                             from user
                        where id = :UserInfo.getUserId()];
            System.debug('runUsr rru' + runUsr + ' ' + rrU); 
            System.assertEquals(runUsr,rrU) ;              
            //Both above users are matching
// Create Account        
            Account account = new Account(name='testAccount');
            insert account;
            // I expect error here but no error
            // Create the controllerExtension and click cancel
            ApexPages.StandardController std =  new ApexPages.StandardController(account);
            CCExtension ctrl;
            PageReference page;
                ctrl = new CCExtension (std);
                System.debug(' Created ctrl ' + ctrl );
                page = ctrl.save();
            } catch(Exception e){
                System.debug(' CTRL creation Exception e ' + e);
// No error message here too
             System.assertEquals(null, page);
// this passes - is this the way to write the test?
                System.debug('There are error messages');
                for(ApexPages.Message msg:ApexPages.getMessages()){
                    System.assert(true, ' Error messages ' +  msg );
Hi Vidya,
I think you want to test crud level permission. runAs method only restrict the accesiblity of records according to the users and does not check any crud level permissions.

you can use something like below
            Account a2 = new Account(name='Standard Account');
            INSERT a2;
The above code will test whether the running user has the create permission on account object OR Not , if the user has d create permission on account object then only the account is inserted.

schema.sObjectType.account.isCreateable() returns a boolean value based on whether the running user has create premission OR not.

you can also use other methods of Schema.DescribeSObjectResult class according to your need.

The Chatter Free profile user is getting an error because the user is not supposed to be the owner of any record.
Hope this helps you! let me know if you need anything else.

Vidya DVidya D