Skip to content

Instantly share code, notes, and snippets.

@brianmfear
Created November 22, 2023 02:12
Show Gist options
  • Save brianmfear/89b79cae9087fc5627c5ee63653c8de3 to your computer and use it in GitHub Desktop.
Save brianmfear/89b79cae9087fc5627c5ee63653c8de3 to your computer and use it in GitHub Desktop.
Adding Security.stripInaccessible to a flow
public class StripInaccessibleAction {
public class Input {
@InvocableVariable(
description='The record to clean up'
label='Record'
required=true
)
public sObject record;
@InvocableVariable(
description='The access type to use'
label='Access Type'
required=true
)
// CREATABLE, READABLE, UPDATABLE, UPSERTABLE
public String accessType;
}
public class Output {
@InvocableVariable(description='The cleaned record' label='Result Record')
public sObject record;
}
@InvocableMethod(
label='Strip Inaccessible Fields'
description='Removes fields that the the user cannot edit'
)
public static Output[] processRecords(Input[] requests) {
Output[] results = new Output[0];
Boolean hasPersonAccountsEnabled = sObjectType.Account.fields.getMap()
.containsKey('IsPersonAccount');
for (Input request : requests) {
sObject record = request.record.clone(true, false, false);
Boolean isPersonAccount =
request.record.getSObjectType() == Account.sObjectType &&
hasPersonAccountsEnabled &&
record.get('IsPersonAccount') == true;
AccessType recordAccessType = AccessType.valueOf(request.accessType);
SObjectAccessDecision decisions = Security.stripInaccessible(
recordAccessType,
new List<SObject>{ record }
);
Output result = new Output();
result.record = clearNullFields(
decisions.getRecords()[0],
recordAccessType,
isPersonAccount
);
results.add(result);
}
return results;
}
static Set<String> standardPersonFields = new Set<String>{
'FirstName',
'MiddleName',
'LastName',
'Suffix',
'Salutation'
};
static sObject clearNullFields(
sObject record,
AccessType recordAccessType,
Boolean isPersonAccount
) {
sObjectType newSObjectType = record.getSObjectType();
sObject result = newSObjectType.newSObject(record.Id);
Map<String, Object> values = record.getPopulatedFieldsAsMap();
Map<String, SObjectField> fields = newSObjectType.getDescribe()
.fields.getMap();
Boolean isInsert =
recordAccessType == AccessType.CREATABLE ||
recordAccessType == AccessType.UPSERTABLE;
Boolean isUpdate =
recordAccessType == AccessType.UPDATABLE ||
recordAccessType == AccessType.UPSERTABLE;
for (String field : values.keySet()) {
DescribeFieldResult describe = fields.get(field).getDescribe();
Boolean availableForInsert = isInsert && describe.isCreateable();
Boolean availableForUpdate = isUpdate && describe.isUpdateable();
Boolean skipPersonField =
!isPersonAccount &&
(field.endsWith('__pc') ||
field.endsWith('__ps') ||
standardPersonFields.contains(field));
if ((availableForInsert || availableForUpdate) && !skipPersonField) {
result.put(field, values.get(field));
}
}
return result;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment