Team, Role, and User Criterion defined access to Account feature

I have a private feature VF page on an Account. Our Account sharing model is Public Read with Edit rights given via Account Teams.

I want to display this VF page only to:

  • Account Team Members
  • ‘Global Access People’ defined on their User record
  • People up the Role hierarchy from the Account Team

I wanted to check the user’s AccountShare access thinking if it was Edit it would show all those people but Role superiors only show READ access even when they actually CAN EDIT (odd).

Is there a simpler way to accomplish my goal? So far it eludes me.

I can get the first two checks (thanks people who have helped) but am not sure how to integrate the Role check:

  public class AccountRoleChecker {

  private ApexPages.StandardController sc;
    public AccountRoleChecker(ApexPages.StandardController sc) {
        this.sc = sc;
    }


private Boolean checkUser(){
    if ([select count() from User
            where Id = :UserInfo.getUserId() and Admin_Team__c = true] > 0) {
        return true;
    }
    if ([select count() from AccountTeamMember
            where UserId = :UserInfo.getUserId() and AccountId = :sc.getId()] > 0) {
        return true;
    }


    return false;
}


private static Set<ID> getAllSubRoleIds(Set<ID> roleIds) {

    Set<ID> currentRoleIds = new Set<ID>();

    // get all of the roles underneath the passed roles
    for(UserRole userRole :[select Id from UserRole where ParentRoleId 
         IN :roleIds AND ParentRoleID != null]) {
        currentRoleIds.add(userRole.Id);
    }

    // go fetch some more rolls!
    if(currentRoleIds.size() > 0) {
        currentRoleIds.addAll(getAllSubRoleIds(currentRoleIds));
    }

    return currentRoleIds;
}



}

Here trying to use UserRecordAccess:

public class AccountUserRecordAccessChecker2{

   public ApexPages.StandardController sc;
    public AccountUserRecordAccessChecker2(ApexPages.StandardController sc) {
        this.sc = sc;
    }


public boolean getrenderELEMENT(){
    if ([select count() from User
            where Id = :UserInfo.getUserId() and Admin_Team__c = true] > 0) {
        return true;
    }
    if ([select count() from AccountTeamMember
            where UserId = :UserInfo.getUserId() and AccountId = :sc.getId()] > 0) {
        return true;
    }
    if([
  SELECT
    MaxAccessLevel,
    RecordId
  FROM
    UserRecordAccess
  WHERE
    UserId = :UserInfo.getUserId() AND
    RecordId = :sc.getId()
  LIMIT 1
  ].size() > 0)
{
    return true;
}
    else {
    return false;
    }

}

}

VF Page:

<apex:page standardController="Account" extensions="AccountUserRecordAccessChecker2"  rendered="{AccountUserRecordAccessChecker.renderELEMENT}" >


    <analytics:reportChart reportId="00OU0000001rGcq" 

    hideonerror="true"

    filter="{column:'Revenue__c.Account__c.Id', operator:'equals', value:'{!Account.Id}'}  " 

    ></analytics:reportChart>



</apex:page>

Answer

You should be able to calculate a given user’s “true” access level by running this query:

SELECT RecordId, HasEditAccess
FROM UserRecordAccess 
WHERE UserId = <some user id> AND
    RecordId = <some record id>

This only allows you to check a single user at a time, so it may not always be appropriate, but determining access for the current user is trivial using this pseudo-table.

HasEditAccess will be true if the selected user can edit the record. I’d also look at the UserRecordAccess documentation for more details.

Attribution
Source : Link , Question Author : jaw999 , Answer Author : sfdcfox

Leave a Comment