Hello everyone
For one of our customers we implement a calendar similar to the one they already have in standard Salesforce. However, we stumbled across a big problem. Since certain records are marked as private events, they are only loaded into our events model for the current user. Not if they belong to someone else.
However, the time and the owner of such an event should be visible to anyone, regardless of their permissions.
Thanks to this restriction we are not able to mark space in someones calendar as busy because we can’t retrieve data from private events. Does someone have an idea how we can bypass this?
(I assume it will have to do something with sf security settings, but since mostly anyone encountering a similar problem might use skuid i post it here.)
Hi Matthias
I have simulated your issue and found the following:
This I tested in a Dev Org.
The standard Salesforce Calendar displays private events StartDateTime & EndDateTime and OwnerId.
No matter what sharing settings are applied either by groups or Security Controls and Sharing Settings it would seem that Salesforce automatically grant view capabilities to all internal users by default. The only way to restrict the user from seeing other calendars is to change the page layout view. The users can share their calendar with 4 defaults in calendar sharing Hide Details - Hide Details & Add Events - Show…etc
Salesforce goes on to say that the use of groups and sharing is not to restrict access but extend access to data and file rights.
If you use system admin and login to a Skuid Calendar page you see everything.
If you login as a standard user you can still see private events StartDateTime fields in the Salesforce default Calendar but NOT in a Skuid calendar page.
It looks to me that there is a security bridge underlying Skuid that needs to be built to allow the exposure of Private Events according to the security and sharing setting available on Salesforce.
Any help would be appreciated as this is a show stopper for our customer after replacing their entire calendar system with Skuid this was noticed after deployment as it was not scoped as a requirement but is NOW!
Hi All.
We have discovered that the Salesforce calendar displays all private events by default to all users because it invokes a Class which places all events data in Admin Mode and NOT only User Mode.
This explains why all users can see private events as they all of a sudden become a system admin power calendar user.
We have also found out that this is a general problem with all 3rd party applications that processes events data in Salesforce.
We have thus written a Class to place the events data in Admin Mode making the private data available to all users.
However we have an issue invoking our class.
We have created the Class with the following code:
global class EventsRetreiveClass {
@InvocableMethod(label=‘Fetch All Relevant Events’)
global static List fetchAllEvents(List userIds) {
List eventList = new List();
String SobjectApiName = ‘Event’;
Map<String, Schema.SObjectType> schemaMap = Schema.getGlobalDescribe();
Map<String, Schema.SObjectField> fieldMap = schemaMap.get(SobjectApiName).getDescribe().fields.getMap();
String commaSepratedFields = '';
for(String fieldName : fieldMap.keyset()){
if(commaSepratedFields == null || commaSepratedFields == ''){
commaSepratedFields = fieldName;
}else{
commaSepratedFields = commaSepratedFields + ', ' + fieldName;
}
}
//String query = 'select ' + commaSepratedFields + ' from ' + SobjectApiName + ' where OwnerId=: userIds';
String query = 'select ' + commaSepratedFields + ' from ' + SobjectApiName;
system.debug('>>>>>>>'+query);
eventList = Database.query(query);
system.debug('>>>>>>> eventList Size'+eventList);
return eventList;
}
}
We have created a VF Page with the following scripting:
<apex:page readonly=“true” showHeader=“false” sidebar=“false” docType=“html-5.0” standardController=“Event” extensions="EventsRetreiveClass "> <skuid:page page=“Agenda-Overview” />
</apex:page>
Can someone please help us to execute the Class from a Snippet in a Skuid page. We have followed all tutorials and researched the Community but have no solution.
Thanks in advance.
After some digging and trying we managed to call the apex class from a snippet:
var $ = skuid.$, request = '{"inputs":[{"paramName":"Value"}]}'; $.ajax('/services/data/v34.0/actions/custom/apex/THENAMEOFYOURAPEXCLASS', { data: request, type: 'POST', beforeSend: function(xhr) { xhr.setRequestHeader('Authorization', 'Bearer ' + sforce.connection.sessionId); xhr.setRequestHeader('Content-Type', 'application/json'); }, success: function(response) { // Your Code on success belongs here }, error: function(jqXHR, textStatus, errorThrown) { // Your code on failure belongs here } });<br>
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.