From ea55a62f50a6ff6fa5c25570a5ee16e4f02fc0db Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 28 Jun 2022 12:20:31 -0500 Subject: [PATCH 01/33] Small change to allow PR creation. --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index af15c07..44f79ba 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -6,4 +6,4 @@ # New Metadata -# Deleted Metadata +# Removed Metadata From 2eb1201d6214f34b6523c83ec1eea2f9bdd57a6e Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 28 Jun 2022 12:24:04 -0500 Subject: [PATCH 02/33] Undo small change to allow PR creation. --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 44f79ba..af15c07 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -6,4 +6,4 @@ # New Metadata -# Removed Metadata +# Deleted Metadata From 01acb1663817527173c749fe7a5471fe34b61ec2 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 29 Jun 2022 13:32:09 -0500 Subject: [PATCH 03/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/DatabaseDml.cls | 5 + src/classes/VOL_Access.cls | 16 ++- src/classes/VOL_CTRL_JobCalendar.cls | 80 +++++++++---- .../VOL_CTRL_PersonalSiteContactInfo.cls | 110 ++++++++++++------ .../VOL_CTRL_PersonalSiteContactLookup.cls | 7 +- 5 files changed, 158 insertions(+), 60 deletions(-) diff --git a/src/classes/DatabaseDml.cls b/src/classes/DatabaseDml.cls index 74fdcb6..e8a1ba1 100644 --- a/src/classes/DatabaseDml.cls +++ b/src/classes/DatabaseDml.cls @@ -27,6 +27,11 @@ ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + This file was created for situations where we need to run in system + mode. +*/ +/* sfca-disable ApexFlsViolationRule */ public without sharing virtual class DatabaseDml { protected DatabaseDml() {} diff --git a/src/classes/VOL_Access.cls b/src/classes/VOL_Access.cls index 3824a70..57431d5 100644 --- a/src/classes/VOL_Access.cls +++ b/src/classes/VOL_Access.cls @@ -83,7 +83,9 @@ public with sharing virtual class VOL_Access { return; } - update sObjects; + // When a guest user does not have elevated access we strip inaccessible + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.UPDATABLE, sObjects); + update accessDecision.getRecords(); } /******************************************************************************************************* @@ -97,7 +99,9 @@ public with sharing virtual class VOL_Access { return; } - Database.update(sObjects, dmlDuplicateOptions); + // When a guest user does not have elevated access we strip inaccessible + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.UPDATABLE, sObjects); + Database.update(accessDecision.getRecords(), dmlDuplicateOptions); } /******************************************************************************************************* @@ -110,7 +114,9 @@ public with sharing virtual class VOL_Access { return; } - insert sObjects; + // When a guest user does not have elevated access we strip inaccessible + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.CREATABLE, sObjects); + insert accessDecision.getRecords(); } /******************************************************************************************************* @@ -124,6 +130,8 @@ public with sharing virtual class VOL_Access { return; } - Database.insert(sObjects, dmlDuplicateOptions); + // When a guest user does not have elevated access we strip inaccessible + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.CREATABLE, sObjects); + Database.insert(accessDecision.getRecords(), dmlDuplicateOptions); } } diff --git a/src/classes/VOL_CTRL_JobCalendar.cls b/src/classes/VOL_CTRL_JobCalendar.cls index 5fb1b72..e024172 100644 --- a/src/classes/VOL_CTRL_JobCalendar.cls +++ b/src/classes/VOL_CTRL_JobCalendar.cls @@ -49,7 +49,8 @@ global with sharing class VOL_CTRL_JobCalendar { if (p != null && p != '') { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Campaign', new Set{'Id', 'StartDate'}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listCampaign = [select Id, StartDate from Campaign where Id = :p]; if (listCampaign.size() > 0) { initialDate = Date.valueOf(listCampaign[0].StartDate); @@ -70,7 +71,8 @@ global with sharing class VOL_CTRL_JobCalendar { new Set{'Id', UTIL_Describe.StrTokenNSPrefix('First_Shift__c'), UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listJob = [select Id, First_Shift__c, Campaign__c from Volunteer_Job__c where Id = :p]; if (listJob.size() > 0) { @@ -91,7 +93,10 @@ global with sharing class VOL_CTRL_JobCalendar { new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); - + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set{UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listShift = [select Id, Start_Date_Time__c, Volunteer_Job__c, Volunteer_Job__r.Campaign__c from Volunteer_Shift__c where Id = :p]; @@ -157,6 +162,8 @@ global with sharing class VOL_CTRL_JobCalendar { // only specify the css file if in the web page scenario. if (strURLtoCSSFile == null && fWeb) { + // System query to find the css doc if the admin has added it for custom css + /* sfca-disable-next-line ApexFlsViolationRule */ list listDocs = [SELECT Name, Id From Document WHERE Name = 'JobCalendarCSS.css' LIMIT 1 ]; if (listDocs.size() > 0) { Document doc = listDocs[0]; @@ -193,11 +200,21 @@ global with sharing class VOL_CTRL_JobCalendar { get { list listSO = new list(); listSO.add(new SelectOption('', system.label.labelChoiceAllActiveCampaigns)); - for (Campaign c : [select Name, Id, StartDate from Campaign - where RecordTypeId = :VOL_SharedCode.recordtypeIdVolunteersCampaign - and IsActive = true order by Name asc limit 999]) { - listSO.add(new SelectOption(c.id, c.name)); - } + try { + UTIL_Describe.checkReadAccess('Campaign', + new Set{'Id', 'Name', 'StartDate'}); + // Using a dynamic describe access check in the method called above. Campaign.IsActive and + // Campaing.RecordTypeId are required by the system. + /* sfca-disable-next-line ApexFlsViolationRule */ + for (Campaign c : [select Name, Id, StartDate from Campaign + where RecordTypeId = :VOL_SharedCode.recordtypeIdVolunteersCampaign + and IsActive = true order by Name asc limit 999]) { + listSO.add(new SelectOption(c.id, c.name)); + } + } catch(Exception ex) { + // Allow the page to load without options. + } + return listSO; } set; @@ -223,17 +240,29 @@ global with sharing class VOL_CTRL_JobCalendar { get { list listSO = new list(); listSO.add(new SelectOption('', system.label.labelChoiceAllJobs)); - if (campaignId == null) { - for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c - where Campaign__r.IsActive = true order by name limit 999]) { - listSO.add(new SelectOption(vj.id, vj.name)); - } - } else { - for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c - where Campaign__c = :campaignId order by name limit 999]) { - listSO.add(new SelectOption(vj.id, vj.name)); - } - } + try { + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set{'Id', 'Name', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); + if (campaignId == null) { + // Using a dynamic describe access check in the method called above. Campaign.IsActive is + // required by the system. + /* sfca-disable-next-line ApexFlsViolationRule */ + for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c + where Campaign__r.IsActive = true order by name limit 999]) { + listSO.add(new SelectOption(vj.id, vj.name)); + } + } else { + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ + for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c + where Campaign__c = :campaignId order by name limit 999]) { + listSO.add(new SelectOption(vj.id, vj.name)); + } + } + } catch(Exception ex) { + // Allow the page to load without options + } + return listSO; } @@ -368,7 +397,10 @@ global with sharing class VOL_CTRL_JobCalendar { UTIL_Describe.StrTokenNSPrefix('Number_of_Volunteers_Still_Needed__c'), UTIL_Describe.StrTokenNSPrefix('Description__c')}); - if (!fAllJob) { + if (!fAllJob) { + // Using a dynamic describe access check in the method called above. + // Display on Website and Volunteer Website Time Zone fields are required by the system. + /* sfca-disable-next-line ApexFlsViolationRule */ listShifts = [select Id, Name, Volunteer_Job__c, Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__c, Start_Date_Time__c, Duration__c, Total_Volunteers__c, Number_of_Volunteers_Still_Needed__c, Description__c @@ -378,6 +410,9 @@ global with sharing class VOL_CTRL_JobCalendar { and (Volunteer_Job__r.Display_On_Website__c = true or Volunteer_Job__r.Display_On_Website__c = :fWeb) order by Start_Date_Time__c asc]; } else if (fAllCampaign && fAllJob) { + // Using a dynamic describe access check in the method called above. Campaign.IsActive is + // required by the system. + /* sfca-disable-next-line ApexFlsViolationRule */ listShifts = [select Id, Name, Volunteer_Job__c, Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c,Volunteer_Job__r.Campaign__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__c, Start_Date_Time__c, Duration__c, Total_Volunteers__c, Number_of_Volunteers_Still_Needed__c, Description__c @@ -391,7 +426,8 @@ global with sharing class VOL_CTRL_JobCalendar { if (fShowCampaignHierarchy) { listCampaignIds = VOL_SharedCode.listIdsCampaignsInHierarchy(strCampaignId); } - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ listShifts = [select Id, Name, Volunteer_Job__c, Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c,Volunteer_Job__r.Campaign__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__c, Start_Date_Time__c, Duration__c, Total_Volunteers__c, Number_of_Volunteers_Still_Needed__c, Description__c @@ -405,6 +441,8 @@ global with sharing class VOL_CTRL_JobCalendar { // to avoid FullCalendar from displaying shifts based on the user's machine time zone, // we translate it to the desired time zone, then say it is GMT. // get default time zone for site guest user + // This is a field required by the system. + /* sfca-disable-next-line ApexFlsViolationRule */ User u = [Select TimeZoneSidKey From User where id =: Userinfo.getUserId()]; for (Volunteer_Shift__c shift : listShifts) { diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index f3b119f..cc85532 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -179,7 +179,9 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { strSoql += ' and Status__c = \'Completed\' '; strSoql += ' order by Start_Date__c DESC '; strSoql += ' limit ' + cRowsCompleted; - listCompletedVolunteerHours = Database.Query(strSoql); + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.READABLE, Database.Query(strSoql)); + listCompletedVolunteerHours = (List) accessDecision.getRecords(); + // store friendly datetime string in system field for display only dateTimeFixup(listCompletedVolunteerHours); } @@ -220,6 +222,8 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { strSoql += ' and Shift_Start_Date_Time__c >= :dtToday '; strSoql += ' order by Shift_Start_Date_Time__c ASC '; strSoql += ' limit ' + cRowsUpcoming; + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ listUpcomingVolunteerHours = Database.Query(strSoql); // store friendly datetime string in system field for display only dateTimeFixup(listUpcomingVolunteerHours); @@ -241,6 +245,8 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { // Note that it stores the formatted Date in the Hours' Comment field (in memory only). private void dateTimeFixup(list listHours) { // get default time zone for site guest user + // This is a field required by the system. + /* sfca-disable-next-line ApexFlsViolationRule */ User u = [Select TimeZoneSidKey From User where id =: Userinfo.getUserId()]; // javascript formatting used 'tt' for am/pm, whereas apex formatting uses 'a'. @@ -316,7 +322,9 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { global PageReference cancelShift() { try { - if (hoursId != null) { + if (hoursId != null) { + // We are dynamically check update access below, the query result is not being returned to the user. + /* sfca-disable-next-line ApexFlsViolationRule */ Volunteer_Hours__c hr = [select Id, Status__c, Hours_Worked__c from Volunteer_Hours__c where Id = :hoursId]; hr.Status__c = 'Canceled'; hr.Hours_Worked__c = 0; @@ -324,6 +332,8 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { new Set{ UTIL_Describe.StrTokenNSPrefix('Status__c'), UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c')}); + // We are dynamically check update access above. + /* sfca-disable-next-line ApexFlsViolationRule */ access.updateRecords(new List{hr}); hoursId = null; @@ -352,29 +362,41 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { global list getChartData() { integer cMonths = 12; Date dtStart = date.today().addMonths(-cMonths + 1).toStartOfMonth(); - - list listAG = [select CALENDAR_YEAR(Start_Date__c) theYear, CALENDAR_MONTH(Start_Date__c) theMonth, SUM(Hours_Worked__c) sumHours - from Volunteer_Hours__c - where Contact__c = :contactId and Status__c = 'Completed' and Start_Date__c >= :dtStart - group by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) - order by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) ]; - list listCD = new list(); - - Date dtNext = dtStart; - Time timeT = Time.newInstance(1, 0, 0, 0); - for (AggregateResult ag : listAG) { - Date dt = date.newInstance(integer.valueOf(ag.get('theYear')), integer.valueOf(ag.get('theMonth')), 1); + + try { + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), + new Set{'Id', + UTIL_Describe.StrTokenNSPrefix('Start_Date__c'), + UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c'), + UTIL_Describe.StrTokenNSPrefix('Contact__c'), + UTIL_Describe.StrTokenNSPrefix('Status__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ + list listAG = [select CALENDAR_YEAR(Start_Date__c) theYear, CALENDAR_MONTH(Start_Date__c) theMonth, SUM(Hours_Worked__c) sumHours + from Volunteer_Hours__c + where Contact__c = :contactId and Status__c = 'Completed' and Start_Date__c >= :dtStart + group by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) + order by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) ]; - // handle months with no data - while (dtNext < dt) { - listCD.add(new ChartData(datetime.newInstance(dtNext,timeT).format(strChartDateFormat), 0)); - dtNext = dtNext.addMonths(1); + Date dtNext = dtStart; + Time timeT = Time.newInstance(1, 0, 0, 0); + for (AggregateResult ag : listAG) { + Date dt = date.newInstance(integer.valueOf(ag.get('theYear')), integer.valueOf(ag.get('theMonth')), 1); + + // handle months with no data + while (dtNext < dt) { + listCD.add(new ChartData(datetime.newInstance(dtNext,timeT).format(strChartDateFormat), 0)); + dtNext = dtNext.addMonths(1); + } + + listCD.add(new ChartData(datetime.newInstance(dt,timeT).format(strChartDateFormat), integer.valueOf(ag.get('sumHours')))); + dtNext = dt.addMonths(1); } - - listCD.add(new ChartData(datetime.newInstance(dt,timeT).format(strChartDateFormat), integer.valueOf(ag.get('sumHours')))); - dtNext = dt.addMonths(1); + } catch (Exception ex) { + // Allow the page to load without the chart data. } + return listCD; } @@ -408,20 +430,33 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { integer iVol = 0; integer iCurrent = 0; - for (list listAG : [select Contact__c cId, SUM(Hours_Worked__c) sumHours - from Volunteer_Hours__c - where Status__c = 'Completed' and Start_Date__c >= :dtStart - group by Contact__c - having SUM(Hours_Worked__c) > 0 - order by SUM(Hours_Worked__c) desc ]) { - - for (AggregateResult ag : listAG) { - if (ag.get('cId') == contactId) { - iCurrent = iVol; + try { + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), + new Set{'Id', + UTIL_Describe.StrTokenNSPrefix('Start_Date__c'), + UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c'), + UTIL_Describe.StrTokenNSPrefix('Contact__c'), + UTIL_Describe.StrTokenNSPrefix('Status__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ + for (list listAG : [select Contact__c cId, SUM(Hours_Worked__c) sumHours + from Volunteer_Hours__c + where Status__c = 'Completed' and Start_Date__c >= :dtStart + group by Contact__c + having SUM(Hours_Worked__c) > 0 + order by SUM(Hours_Worked__c) desc ]) { + + for (AggregateResult ag : listAG) { + if (ag.get('cId') == contactId) { + iCurrent = iVol; + } + iVol++; } - iVol++; - } + } + } catch (Exception ex) { + // Allow the page to load without the ranking } + if (iVol > 2) { integer irank = integer.valueOf(100 * (decimal.valueOf(iCurrent)/decimal.valueOf(iVol - 1))); if (irank == 0) irank = 1; @@ -434,6 +469,10 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { @TestVisible private String strRankLifetime() { try { + UTIL_Describe.checkReadAccess('Contact', + new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Decimal contactTotalHours = [SELECT Id, Volunteer_Hours__c FROM Contact WHERE Id = :contactId LIMIT 1].Volunteer_Hours__c; if (contactTotalHours == null || contactTotalHours == 0) { @@ -443,12 +482,15 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { String hoursField = String.valueOf(Contact.Volunteer_Hours__c); String totalVolunteersQuery = 'SELECT count() FROM Contact WHERE ' + hoursField + ' > 0'; String totalVolunteersWithMoreHoursQuery = totalVolunteersQuery + ' AND ' + hoursField + ' > ' + contactTotalHours; + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Integer totalVolunteers = Database.countQuery(totalVolunteersQuery); if (totalVolunteers <= 2) { return ''; } - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Integer totalVolunteersWithMoreHours = Database.countQuery(totalVolunteersWithMoreHoursQuery); Integer rank = Integer.valueOf( diff --git a/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls b/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls index 0d0ef2f..33e5f86 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls @@ -129,6 +129,10 @@ global with sharing class VOL_CTRL_PersonalSiteContactLookup { if (listSER[0].isSuccess()) { strResult = System.Label.labelContactLookupAmbiguous; Task taskRecord = toTask(mail); + + // We are generating a task record as a system user to log for + // the admin when users are requesting their volunteer information + /* sfca-disable-next-line ApexFlsViolationRule */ access.insertRecords(new List{ taskRecord }); } else { @@ -146,7 +150,8 @@ global with sharing class VOL_CTRL_PersonalSiteContactLookup { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Contact', new Set{'Id', 'Name', 'Email'}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listCon = [select Name, Email from Contact where Id =: objId]; string strDetails = ''; if (listCon.size() > 0) From 7db1e99cac39537186c365f610008a5a8089131a Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 29 Jun 2022 15:32:22 -0500 Subject: [PATCH 04/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/VOL_CTRL_SendBulkEmail.cls | 81 +++++++++++++++++++++----- 1 file changed, 68 insertions(+), 13 deletions(-) diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index 8374fa1..032a947 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -58,8 +58,9 @@ public with sharing class VOL_CTRL_SendBulkEmail { if (shiftId != null) { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), - new Set{'Id', 'Name'}); - + new Set{'Id', 'Name', UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c shift = [select Name, Volunteer_Job__r.Name from Volunteer_Shift__c where Id = :shiftId]; strJobName = shift.Volunteer_Job__r.Name + ' - ' + shift.Name; templateObject = 'Shift'; @@ -67,14 +68,16 @@ public with sharing class VOL_CTRL_SendBulkEmail { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set{'Id','Name'}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Volunteer_Job__c job = [select Name from Volunteer_Job__c where Id = :jobId]; strJobName = job.Name; templateObject = 'Job'; } else if (campaignId != null) { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Campaign', new Set{'Id','Name'}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Campaign cmp = [select Name from Campaign where Id = :campaignId]; strJobName = cmp.Name; templateObject = 'Campaign'; @@ -89,6 +92,8 @@ public with sharing class VOL_CTRL_SendBulkEmail { UTIL_Describe.checkReadAccess('Folder', new Set{'Id','DeveloperName'}); // get the folderId for our Volunteer email templates + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listf = [select Id from Folder where DeveloperName='Volunteers_Email_Templates']; if (listf.size() > 0) folderId = listf[0].Id; } catch (Exception e) { @@ -100,21 +105,43 @@ public with sharing class VOL_CTRL_SendBulkEmail { public list getlistSOTemplates() { list listSO = new list(); listSO.add(new SelectOption('', '')); - for (EmailTemplate et : [select Id, Name, Subject, Body from EmailTemplate + + try { + UTIL_Describe.checkReadAccess('EmailTemplate', new Set{'Id','Name', 'Subject', 'Body'}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ + for (EmailTemplate et : [select Id, Name, Subject, Body from EmailTemplate where isActive=true and FolderId=:folderId order by name limit 999]) { - listSO.add(new SelectOption(et.id, et.name)); - } + listSO.add(new SelectOption(et.id, et.name)); + } + } catch(Exception ex) { + // Allow page to load without options + } + return listSO; } // the list of Org Wide Email Addresses public list getlistSOFromEmails() { list listSO = new list(); + + // Getting current users email address to allow sending via there own email + // access check not necessary + /* sfca-disable-next-line ApexFlsViolationRule */ User thisUser = [Select Name, Email from User where id = :UserInfo.getUserId()]; listSO.add(new SelectOption('', thisUser.Name + ' <' + thisUser.Email + '>')); - for (OrgWideEmailAddress owa : [select id, Address, DisplayName from OrgWideEmailAddress]) { - listSO.add(new SelectOption(owa.id, owa.DisplayName + ' <' + owa.Address + '>')); - } + + try { + UTIL_Describe.checkReadAccess('User', new Set{'Id','Name', 'Email'}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ + for (OrgWideEmailAddress owa : [select id, Address, DisplayName from OrgWideEmailAddress]) { + listSO.add(new SelectOption(owa.id, owa.DisplayName + ' <' + owa.Address + '>')); + } + } catch(Exception ex) { + // allow page to load with only current users email option + } + return listSO; } @@ -210,7 +237,10 @@ public with sharing class VOL_CTRL_SendBulkEmail { try { job.Description__c = htmlValue; + // We are using Salesforce to sanitize the field then reverting the save. + /* sfca-disable-next-line ApexFlsViolationRule */ upsert job; + /* sfca-disable-next-line ApexFlsViolationRule */ escapedHtml = [SELECT Description__c FROM Volunteer_Job__c WHERE Id = :job.Id LIMIT 1].Description__c; } catch (Exception ex) { @@ -231,6 +261,10 @@ public with sharing class VOL_CTRL_SendBulkEmail { Volunteer_Job__c relatedJob = new Volunteer_Job__c(); if (shiftId != null) { + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), + new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ relatedJob.Id = [SELECT Volunteer_Job__c FROM Volunteer_Shift__c WHERE Id = :shiftId LIMIT 1].Volunteer_Job__c; return relatedJob; } @@ -241,6 +275,10 @@ public with sharing class VOL_CTRL_SendBulkEmail { } if (campaignId != null) { + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ List jobs = [SELECT Id FROM Volunteer_Job__c WHERE Campaign__c = :campaignId LIMIT 1]; if (jobs.isEmpty()) { relatedJob.Campaign__c = campaignId; @@ -266,13 +304,19 @@ public with sharing class VOL_CTRL_SendBulkEmail { UTIL_Describe.StrTokenNSPrefix('Status__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set{UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); if (shiftId != null) { + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ listHr = [select contact__c from Volunteer_Hours__c where Status__c = :hourStatus.Status__c and Volunteer_Shift__c = :shiftId]; } else if (jobId != null){ + /* sfca-disable-next-line ApexFlsViolationRule */ listHr = [select contact__c from Volunteer_Hours__c where Status__c = :hourStatus.Status__c and Volunteer_Job__c = :jobId]; } else if (campaignId != null) { // Salesforce failed to match our campaignId against the formula field which is text, so use full reference. + /* sfca-disable-next-line ApexFlsViolationRule */ listHr = [select contact__c from Volunteer_Hours__c where Status__c = :hourStatus.Status__c and Volunteer_Job__r.Campaign__c = :campaignId ]; } @@ -314,7 +358,16 @@ public with sharing class VOL_CTRL_SendBulkEmail { // specific shift // specific job with or without shifts (or mixture) // specific campaign, with or without jobs, with or without shifts - + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), + new Set{ + UTIL_Describe.StrTokenNSPrefix('Contact__c'), + UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), + UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c') + }); + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set{ + UTIL_Describe.StrTokenNSPrefix('Campaign__c') + }); string strSoql = 'select Contact__c, Volunteer_Shift__c, Volunteer_Job__c, Volunteer_Job__r.Campaign__c from Volunteer_Hours__c ' + ' where Status__c = \'' + VOL_SharedCode.StrEscape(hourStatus.Status__c) + '\' and ' + ' Contact__r.Email != null '; @@ -330,7 +383,8 @@ public with sharing class VOL_CTRL_SendBulkEmail { // to keep track of unique contacts set setContactId = new set(); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ for (Volunteer_Hours__c hr : database.query(strSoql)) { if (!fEmailContactsOnlyOnce || setContactId.add(hr.Contact__c)) { Messaging.SingleEmailMessage mail = new Messaging.SingleEmailMessage(); @@ -388,7 +442,8 @@ public with sharing class VOL_CTRL_SendBulkEmail { } // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Contact', new Set{'Id', 'Name', 'Email'}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listCon = [select Name, Email from Contact where Id =: objId]; string strDetails = ''; if (listCon.size() > 0) From ba078a309d5579c4e2431ffec25707ec8de9b4a0 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 5 Jul 2022 08:49:12 -0500 Subject: [PATCH 05/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/DatabaseDml.cls | 2 +- src/classes/VOL_Access.cls | 2 +- .../VOL_CTRL_VolunteersBulkEnterHours.cls | 18 +++++++++++++----- .../VOL_CTRL_VolunteersCampaignWizard.cls | 15 ++++++++++----- src/classes/VOL_CTRL_VolunteersFind.cls | 11 ++++++++--- src/classes/VOL_CTRL_VolunteersJobListing.cls | 9 +++++++-- .../VOL_CTRL_VolunteersJobListingFS.cls | 6 ++++++ src/classes/VOL_SharedCode.cls | 18 ++++++++---------- 8 files changed, 54 insertions(+), 27 deletions(-) diff --git a/src/classes/DatabaseDml.cls b/src/classes/DatabaseDml.cls index e8a1ba1..164d160 100644 --- a/src/classes/DatabaseDml.cls +++ b/src/classes/DatabaseDml.cls @@ -28,7 +28,7 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - This file was created for situations where we need to run in system + This class was created for situations where we need to run in system mode. */ /* sfca-disable ApexFlsViolationRule */ diff --git a/src/classes/VOL_Access.cls b/src/classes/VOL_Access.cls index 57431d5..af072eb 100644 --- a/src/classes/VOL_Access.cls +++ b/src/classes/VOL_Access.cls @@ -55,7 +55,7 @@ public with sharing virtual class VOL_Access { } /** - * @description Calls the update check to verify the users create access + * @description Calls the create check to verify the users create access */ public void checkCreateAccess(String objectName, Set fieldNames) { UTIL_Describe.checkCreateAccess(objectName, fieldNames); diff --git a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls index 9660645..6d5fa2d 100644 --- a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls +++ b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls @@ -122,6 +122,10 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { // initial date range +- 1 month around passed in Shift or today (if no shift) Date dt; if (volunteerShiftId != null) { + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), + new Set{UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c shift = [select Start_Date_Time__c from Volunteer_Shift__c where Id = :volunteerShiftId]; dt = shift.Start_Date_Time__c.date(); } else { @@ -209,8 +213,9 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { strSoql += ' and Start_Date__c <= :dtEnd '; } strSoql += ' order by Full_Name__c, Start_Date__c '; - - listVolunteerHours = Database.Query(strSoql); + + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.READABLE, Database.Query(strSoql)); + listVolunteerHours = (List) accessDecision.getRecords(); AddMoreEmptyRowsToVolunteerHours(); } @@ -235,6 +240,8 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { UTIL_Describe.StrTokenNSPrefix('Duration__c'), UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c vs = [select Id, Duration__c, Start_Date_Time__c from Volunteer_Shift__c where Id = :volunteerShiftId]; hoursWorked = vs.Duration__c; dateStart = vs.Start_Date_Time__c.date(); @@ -308,12 +315,13 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { listVolunteerHoursCreate.add(vh); } } - - update listVolunteerHoursUpdate; + SObjectAccessDecision updateDecision = Security.stripInaccessible(AccessType.UPDATABLE, listVolunteerHoursUpdate); + update updateDecision.getRecords(); // Ensure the user can create the object UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c')); - insert listVolunteerHoursCreate; + SObjectAccessDecision insertDecision = Security.stripInaccessible(AccessType.CREATABLE, listVolunteerHoursCreate); + insert insertDecision.getRecords(); strSaveResults = String.valueOf(listVolunteerHoursCreate.size() + listVolunteerHoursUpdate.size()) + ' ' + Label.labelMassEditSaveSuccess; ApexPages.addMessage(new ApexPages.message(ApexPages.Severity.CONFIRM, strSaveResults)); diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index 83391c7..d2eb607 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -104,8 +104,9 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { try { // Ensure the user can create the object - UTIL_Describe.checkObjectCreateAccess('Campaign'); - insert cmpVols; + UTIL_Describe.checkObjectCreateAccess('Campaign'); + SObjectAccessDecision campaignAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, new List{ cmpVols }); + insert campaignAccessDecision.getRecords(); if (campaignIdClone != null) { CloneExistingJobsAndShifts(); @@ -143,7 +144,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')); - insert listJobs; + SObjectAccessDecision jobAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, listJobs); + insert jobAccessDecision.getRecords(); // create the sample shifts for (Integer iJob = 0; iJob < cSampleJobs; iJob++) { @@ -159,7 +161,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { } // Ensure the user has access to the object and fields before querying UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c')); - insert listShifts; + SObjectAccessDecision shiftAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, listShifts); + insert shiftAccessDecision.getRecords(); } /******************************************************************************************************* @@ -496,7 +499,9 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { new Set{'Id', UTIL_Describe.StrTokenNSPrefix('First_Shift__c'), UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); - + + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listJobs = [select Id, First_Shift__c from Volunteer_Job__c where Campaign__c = :campaignIdClone order by First_Shift__c]; diff --git a/src/classes/VOL_CTRL_VolunteersFind.cls b/src/classes/VOL_CTRL_VolunteersFind.cls index f7f3033..953a408 100644 --- a/src/classes/VOL_CTRL_VolunteersFind.cls +++ b/src/classes/VOL_CTRL_VolunteersFind.cls @@ -273,7 +273,8 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c vs = [select Start_Date_Time__c from Volunteer_Shift__c where Id = :volunteerShiftId]; dtStart = date.valueOf(vs.Start_Date_Time__c); } @@ -286,7 +287,8 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { new Set{ UTIL_Describe.StrTokenNSPrefix('Contact__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ listVHExisting = [select Contact__c from Volunteer_Hours__c where Volunteer_Job__c = :volunteerJobId]; } else { // Ensure the user has access to the object and fields before querying @@ -294,7 +296,8 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { new Set{ UTIL_Describe.StrTokenNSPrefix('Contact__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c')}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ listVHExisting = [select Contact__c from Volunteer_Hours__c where Volunteer_Shift__c = :volunteerShiftId]; } set setContactId = new set(); @@ -334,6 +337,8 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { UTIL_Describe.StrTokenNSPrefix('Status__c'), UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c'), UTIL_Describe.StrTokenNSPrefix('Number_of_Volunteers__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ insert listHours; // if shift was specified, force its picklist to update with new numbers diff --git a/src/classes/VOL_CTRL_VolunteersJobListing.cls b/src/classes/VOL_CTRL_VolunteersJobListing.cls index 31b8703..6f2211d 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListing.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListing.cls @@ -79,6 +79,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListing { global string strURLtoCSSFile { get { if (strURLtoCSSFile == null) { + // System query to find the css doc if the admin has added it for custom css + /* sfca-disable-next-line ApexFlsViolationRule */ list listDocs = [SELECT Name, Id From Document WHERE Name = 'VolunteersJobListingCSS.css' LIMIT 1 ]; if (listDocs.size() > 0) { Document doc = listDocs[0]; @@ -172,6 +174,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListing { } } + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.READABLE, listVolunteerJobs); + listVolunteerJobs = (List) accessDecision.getRecords(); return sortVolunteerJobs(listVolunteerJobs); } @@ -253,13 +257,14 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListing { vh.Start_Date__c = system.today(); VolunteerHoursBeforeInsert(vh); - // Ensure the user has access to the object and fields before querying + // Ensure the user has access to the object and fields before inserting access.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), new Set{ UTIL_Describe.StrTokenNSPrefix('Number_of_Volunteers__c'), UTIL_Describe.StrTokenNSPrefix('Status__c'), UTIL_Describe.StrTokenNSPrefix('Start_Date__c')}); - + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ access.insertRecords(new List{ vh }); volunteerHoursIdSignUp = vh.Id; } diff --git a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls index 16e60fb..50c9dab 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls @@ -121,6 +121,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { if (fPersonalSite) return null; // just use whatever CSS the Site Template includes. if (strURLtoCSSFile == null) { + // System query to find the css doc if the admin has added it for custom css + /* sfca-disable-next-line ApexFlsViolationRule */ list listDocs = [SELECT Name, Id From Document WHERE Name = 'VolunteersJobListingCSS.css' LIMIT 1 ]; if (listDocs.size() > 0) { Document doc = listDocs[0]; @@ -345,6 +347,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { } + SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.READABLE, listVolunteerJobs); + listVolunteerJobs = (List) accessDecision.getRecords(); VOL_SharedCode.dateTimeFixup(listVolunteerJobs, strDateFormat, strTimeFormat); return sortVolunteerJobs(listVolunteerJobs); } @@ -439,6 +443,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { UTIL_Describe.StrTokenNSPrefix('Duration__c')}); // make sure we don't go over the number of volunteers still needed on the shift. + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ list listShift = [select Number_of_Volunteers_Still_Needed__c, Start_Date_Time__c, Duration__c from Volunteer_Shift__c where Id = :shiftIdSignUp]; if (listShift != null) { if (vhours.Number_of_Volunteers__c > listShift[0].Number_of_Volunteers_Still_Needed__c) { diff --git a/src/classes/VOL_SharedCode.cls b/src/classes/VOL_SharedCode.cls index 64578bc..d523c89 100644 --- a/src/classes/VOL_SharedCode.cls +++ b/src/classes/VOL_SharedCode.cls @@ -39,17 +39,15 @@ global with sharing class VOL_SharedCode { listSO.add(new SelectOption('', '')); // Ensure the user has access to the object before querying - try { - UTIL_Describe.checkObjectReadAccess(String.valueOf(Campaign.SObjectType)); - } catch (Exception ex) { - // we will return an empty list vs throwing an error - return listSO; - } - - for (Campaign c : [select Name, Id from Campaign where RecordTypeId = :recordtypeIdVolunteersCampaign - and IsActive = true order by StartDate desc, Name asc limit 999]) { - listSO.add(new SelectOption(c.id, c.name)); + if (Campaign.SObjectType.getDescribe().isAccessible() && Campaign.Name.getDescribe().isAccessible() && + Campaign.IsActive.getDescribe().isAccessible() && Campaign.StartDate.getDescribe().isAccessible() && + Campaign.RecordTypeId.getDescribe().isAccessible()) { + for (Campaign c : [select Name, Id from Campaign where RecordTypeId = :recordtypeIdVolunteersCampaign + and IsActive = true order by StartDate desc, Name asc limit 999]) { + listSO.add(new SelectOption(c.id, c.name)); + } } + return listSO; } } From 76921307d73b101297c0469bf00d20175a02b9cf Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 5 Jul 2022 10:13:27 -0500 Subject: [PATCH 06/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/VOL_CTRL_JobCalendar.cls | 4 ++++ src/classes/VOL_CTRL_PersonalSiteContactInfo.cls | 16 ++++++++++++++-- src/classes/VOL_CTRL_SendBulkEmail.cls | 2 ++ .../VOL_CTRL_VolunteersBulkEnterHours.cls | 6 ++++++ src/classes/VOL_CTRL_VolunteersJobListing.cls | 2 ++ src/classes/VOL_CTRL_VolunteersJobListingFS.cls | 6 ++++++ src/classes/VOL_CTRL_VolunteersReportHours.cls | 2 ++ 7 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/classes/VOL_CTRL_JobCalendar.cls b/src/classes/VOL_CTRL_JobCalendar.cls index e024172..125884e 100644 --- a/src/classes/VOL_CTRL_JobCalendar.cls +++ b/src/classes/VOL_CTRL_JobCalendar.cls @@ -221,6 +221,8 @@ global with sharing class VOL_CTRL_JobCalendar { } // the user has changed the Campaign dropdown + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference ChangeCampaign() { // clear out all state that is specific to the campaign listSOVolunteerJobs = null; @@ -270,6 +272,8 @@ global with sharing class VOL_CTRL_JobCalendar { } // the user has changed the Volunteer Job dropdown + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference ChangeVolunteerJob() { // clear out all state that is specific to the Job return null; diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index cc85532..f40e208 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -280,12 +280,16 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { } } } - + + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global PageReference edit() { isEditing = true; return null; } + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global PageReference save() { try { if (contactReadOnly != null) { @@ -315,11 +319,15 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { return null; } + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global PageReference cancel() { isEditing = false; return null; } - + + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global PageReference cancelShift() { try { if (hoursId != null) { @@ -346,12 +354,16 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { } } + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global PageReference showMoreRowsCompleted() { cRowsCompleted += 10; listCompletedVolunteerHours = null; return null; } + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global PageReference showMoreRowsUpcoming() { cRowsUpcoming += 10; listUpcomingVolunteerHours = null; diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index 032a947..15ecb35 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -337,6 +337,8 @@ public with sharing class VOL_CTRL_SendBulkEmail { } // action method to send the email + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ public PageReference SendMail() { // do our validation diff --git a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls index 6d5fa2d..4243436 100644 --- a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls +++ b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls @@ -294,6 +294,8 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { } //save the Volunteer Hours created or modified + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference SaveVolunteerHours() { if (listVolunteerHours == null) return null; @@ -336,6 +338,8 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { } //save the Volunteer Hours created or modified, and then close the page. + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference SaveAndCloseVolunteerHours() { SaveVolunteerHours(); if (ApexPages.hasMessages(ApexPages.Severity.ERROR) || @@ -362,6 +366,8 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { } // user wants to add more empty rows to the Volunteer Hours table + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global PageReference AddMoreEmptyRows() { AddMoreEmptyRowsToVolunteerHours(); return null; diff --git a/src/classes/VOL_CTRL_VolunteersJobListing.cls b/src/classes/VOL_CTRL_VolunteersJobListing.cls index 6f2211d..08b34d2 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListing.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListing.cls @@ -238,6 +238,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListing { } + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference VolunteerShiftSignUp() { Savepoint sp = Database.setSavepoint(); diff --git a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls index 50c9dab..77fc786 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls @@ -401,6 +401,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { // action method to allow the javascript to clear this variable. // used when the confirmation dialog is closed. + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference ClearVolunteerHoursIdSignUp() { volunteerHoursIdSignUp = null; return null; @@ -408,6 +410,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { // action method to cancel the signup dialog, // clearing any cached state. + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference CancelSignUp() { volunteerHoursIdSignUp = null; strSaveResult = null; @@ -421,6 +425,8 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { private class MyException extends Exception {} + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference VolunteerShiftSignUp() { Savepoint sp = Database.setSavepoint(); diff --git a/src/classes/VOL_CTRL_VolunteersReportHours.cls b/src/classes/VOL_CTRL_VolunteersReportHours.cls index c5632e6..6ab4abb 100644 --- a/src/classes/VOL_CTRL_VolunteersReportHours.cls +++ b/src/classes/VOL_CTRL_VolunteersReportHours.cls @@ -257,6 +257,8 @@ global virtual with sharing class VOL_CTRL_VolunteersReportHours { // action method for saving the the volunteer's hours. + // Scanner is timing out on the path evaluation, verified we are secure + /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference Save() { Savepoint sp = Database.setSavepoint(); try { From 990757e2ac8af827fcd193209b0d804ff65c2071 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 5 Jul 2022 13:41:51 -0500 Subject: [PATCH 07/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/VOL_CTRL_JobCalendar.cls | 4 ---- src/classes/VOL_CTRL_PersonalSiteContactInfo.cls | 12 ------------ src/classes/VOL_CTRL_SendBulkEmail.cls | 2 -- src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls | 6 ------ src/classes/VOL_CTRL_VolunteersJobListing.cls | 2 -- src/classes/VOL_CTRL_VolunteersJobListingFS.cls | 6 ------ src/classes/VOL_CTRL_VolunteersReportHours.cls | 2 -- 7 files changed, 34 deletions(-) diff --git a/src/classes/VOL_CTRL_JobCalendar.cls b/src/classes/VOL_CTRL_JobCalendar.cls index 125884e..e024172 100644 --- a/src/classes/VOL_CTRL_JobCalendar.cls +++ b/src/classes/VOL_CTRL_JobCalendar.cls @@ -221,8 +221,6 @@ global with sharing class VOL_CTRL_JobCalendar { } // the user has changed the Campaign dropdown - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference ChangeCampaign() { // clear out all state that is specific to the campaign listSOVolunteerJobs = null; @@ -272,8 +270,6 @@ global with sharing class VOL_CTRL_JobCalendar { } // the user has changed the Volunteer Job dropdown - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference ChangeVolunteerJob() { // clear out all state that is specific to the Job return null; diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index f40e208..d1dd415 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -281,15 +281,11 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { } } - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global PageReference edit() { isEditing = true; return null; } - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global PageReference save() { try { if (contactReadOnly != null) { @@ -319,15 +315,11 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { return null; } - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global PageReference cancel() { isEditing = false; return null; } - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global PageReference cancelShift() { try { if (hoursId != null) { @@ -354,16 +346,12 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { } } - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global PageReference showMoreRowsCompleted() { cRowsCompleted += 10; listCompletedVolunteerHours = null; return null; } - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global PageReference showMoreRowsUpcoming() { cRowsUpcoming += 10; listUpcomingVolunteerHours = null; diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index 15ecb35..032a947 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -337,8 +337,6 @@ public with sharing class VOL_CTRL_SendBulkEmail { } // action method to send the email - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ public PageReference SendMail() { // do our validation diff --git a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls index 4243436..6d5fa2d 100644 --- a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls +++ b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls @@ -294,8 +294,6 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { } //save the Volunteer Hours created or modified - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference SaveVolunteerHours() { if (listVolunteerHours == null) return null; @@ -338,8 +336,6 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { } //save the Volunteer Hours created or modified, and then close the page. - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference SaveAndCloseVolunteerHours() { SaveVolunteerHours(); if (ApexPages.hasMessages(ApexPages.Severity.ERROR) || @@ -366,8 +362,6 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { } // user wants to add more empty rows to the Volunteer Hours table - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global PageReference AddMoreEmptyRows() { AddMoreEmptyRowsToVolunteerHours(); return null; diff --git a/src/classes/VOL_CTRL_VolunteersJobListing.cls b/src/classes/VOL_CTRL_VolunteersJobListing.cls index 08b34d2..6f2211d 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListing.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListing.cls @@ -238,8 +238,6 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListing { } - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference VolunteerShiftSignUp() { Savepoint sp = Database.setSavepoint(); diff --git a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls index 77fc786..50c9dab 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls @@ -401,8 +401,6 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { // action method to allow the javascript to clear this variable. // used when the confirmation dialog is closed. - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference ClearVolunteerHoursIdSignUp() { volunteerHoursIdSignUp = null; return null; @@ -410,8 +408,6 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { // action method to cancel the signup dialog, // clearing any cached state. - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference CancelSignUp() { volunteerHoursIdSignUp = null; strSaveResult = null; @@ -425,8 +421,6 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { private class MyException extends Exception {} - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference VolunteerShiftSignUp() { Savepoint sp = Database.setSavepoint(); diff --git a/src/classes/VOL_CTRL_VolunteersReportHours.cls b/src/classes/VOL_CTRL_VolunteersReportHours.cls index 6ab4abb..c5632e6 100644 --- a/src/classes/VOL_CTRL_VolunteersReportHours.cls +++ b/src/classes/VOL_CTRL_VolunteersReportHours.cls @@ -257,8 +257,6 @@ global virtual with sharing class VOL_CTRL_VolunteersReportHours { // action method for saving the the volunteer's hours. - // Scanner is timing out on the path evaluation, verified we are secure - /* sfca-disable-stack ApexFlsViolationRule */ global virtual PageReference Save() { Savepoint sp = Database.setSavepoint(); try { From ca0648c8ab112764f938be0677fd558f40123ab8 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 6 Jul 2022 10:42:15 -0500 Subject: [PATCH 08/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/VOL_Access.cls | 51 +++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 12 deletions(-) diff --git a/src/classes/VOL_Access.cls b/src/classes/VOL_Access.cls index af072eb..09f5cd7 100644 --- a/src/classes/VOL_Access.cls +++ b/src/classes/VOL_Access.cls @@ -1,3 +1,38 @@ +/* + Copyright (c) 2022, Salesforce.org + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of Salesforce.org nor the names of + its contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + This class checks to see if the current user is a guest site user and + whether or not the admin has elevated the guest site user access. All + permission checks are expected to be done by the caller. +*/ +/* sfca-disable ApexFlsViolationRule */ public with sharing virtual class VOL_Access { protected VOL_Access() {} @@ -83,9 +118,7 @@ public with sharing virtual class VOL_Access { return; } - // When a guest user does not have elevated access we strip inaccessible - SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.UPDATABLE, sObjects); - update accessDecision.getRecords(); + update sObjects; } /******************************************************************************************************* @@ -99,9 +132,7 @@ public with sharing virtual class VOL_Access { return; } - // When a guest user does not have elevated access we strip inaccessible - SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.UPDATABLE, sObjects); - Database.update(accessDecision.getRecords(), dmlDuplicateOptions); + Database.update(sObjects, dmlDuplicateOptions); } /******************************************************************************************************* @@ -114,9 +145,7 @@ public with sharing virtual class VOL_Access { return; } - // When a guest user does not have elevated access we strip inaccessible - SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.CREATABLE, sObjects); - insert accessDecision.getRecords(); + Database.insert(sObjects); } /******************************************************************************************************* @@ -130,8 +159,6 @@ public with sharing virtual class VOL_Access { return; } - // When a guest user does not have elevated access we strip inaccessible - SObjectAccessDecision accessDecision = Security.stripInaccessible(AccessType.CREATABLE, sObjects); - Database.insert(accessDecision.getRecords(), dmlDuplicateOptions); + Database.insert(sObjects, dmlDuplicateOptions); } } From c154c2d4a798b9a307adbb0c2b9a606611564b95 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Thu, 7 Jul 2022 08:47:26 -0500 Subject: [PATCH 09/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/VOL_CTRL_JobCalendar.cls | 44 +++++++---------- .../VOL_CTRL_PersonalSiteContactInfo.cls | 48 +++++++------------ src/classes/VOL_CTRL_SendBulkEmail.cls | 19 +------- 3 files changed, 38 insertions(+), 73 deletions(-) diff --git a/src/classes/VOL_CTRL_JobCalendar.cls b/src/classes/VOL_CTRL_JobCalendar.cls index e024172..47936d3 100644 --- a/src/classes/VOL_CTRL_JobCalendar.cls +++ b/src/classes/VOL_CTRL_JobCalendar.cls @@ -200,21 +200,17 @@ global with sharing class VOL_CTRL_JobCalendar { get { list listSO = new list(); listSO.add(new SelectOption('', system.label.labelChoiceAllActiveCampaigns)); - try { - UTIL_Describe.checkReadAccess('Campaign', - new Set{'Id', 'Name', 'StartDate'}); - // Using a dynamic describe access check in the method called above. Campaign.IsActive and - // Campaing.RecordTypeId are required by the system. - /* sfca-disable-next-line ApexFlsViolationRule */ + if (Campaign.SObjectType.getDescribe().isAccessible() && Campaign.Name.getDescribe().isAccessible() && + Campaign.IsActive.getDescribe().isAccessible() && Campaign.StartDate.getDescribe().isAccessible() && + Campaign.RecordTypeId.getDescribe().isAccessible()) { for (Campaign c : [select Name, Id, StartDate from Campaign where RecordTypeId = :VOL_SharedCode.recordtypeIdVolunteersCampaign and IsActive = true order by Name asc limit 999]) { listSO.add(new SelectOption(c.id, c.name)); } - } catch(Exception ex) { - // Allow the page to load without options. } - + + // Allow the page to load without options. return listSO; } set; @@ -240,12 +236,10 @@ global with sharing class VOL_CTRL_JobCalendar { get { list listSO = new list(); listSO.add(new SelectOption('', system.label.labelChoiceAllJobs)); - try { - UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), - new Set{'Id', 'Name', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); + if (Volunteer_Job__c.SObjectType.getDescribe().isAccessible() && Volunteer_Job__c.Campaign__c.getDescribe().isAccessible() + && Campaign.SObjectType.getDescribe().isAccessible() && Campaign.IsActive.getDescribe().isAccessible()) { if (campaignId == null) { - // Using a dynamic describe access check in the method called above. Campaign.IsActive is - // required by the system. + // Using a dynamic describe access check in the method called above. /* sfca-disable-next-line ApexFlsViolationRule */ for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c where Campaign__r.IsActive = true order by name limit 999]) { @@ -259,10 +253,8 @@ global with sharing class VOL_CTRL_JobCalendar { listSO.add(new SelectOption(vj.id, vj.name)); } } - } catch(Exception ex) { - // Allow the page to load without options - } - + } // Allow the page to load without options + return listSO; } @@ -396,11 +388,15 @@ global with sharing class VOL_CTRL_JobCalendar { UTIL_Describe.StrTokenNSPrefix('Total_Volunteers__c'), UTIL_Describe.StrTokenNSPrefix('Number_of_Volunteers_Still_Needed__c'), UTIL_Describe.StrTokenNSPrefix('Description__c')}); + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set{'Name', + UTIL_Describe.StrTokenNSPrefix('Campaign__c'), + UTIL_Describe.StrTokenNSPrefix('Display_On_Website__c'), + UTIL_Describe.StrTokenNSPrefix('Volunteer_Website_Time_Zone__c')}); + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Campaign'), + new Set{UTIL_Describe.StrTokenNSPrefix('Volunteer_Website_Time_Zone__c')}); if (!fAllJob) { - // Using a dynamic describe access check in the method called above. - // Display on Website and Volunteer Website Time Zone fields are required by the system. - /* sfca-disable-next-line ApexFlsViolationRule */ listShifts = [select Id, Name, Volunteer_Job__c, Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__c, Start_Date_Time__c, Duration__c, Total_Volunteers__c, Number_of_Volunteers_Still_Needed__c, Description__c @@ -410,9 +406,7 @@ global with sharing class VOL_CTRL_JobCalendar { and (Volunteer_Job__r.Display_On_Website__c = true or Volunteer_Job__r.Display_On_Website__c = :fWeb) order by Start_Date_Time__c asc]; } else if (fAllCampaign && fAllJob) { - // Using a dynamic describe access check in the method called above. Campaign.IsActive is - // required by the system. - /* sfca-disable-next-line ApexFlsViolationRule */ + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Campaign'), new Set{'IsActive'}); listShifts = [select Id, Name, Volunteer_Job__c, Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c,Volunteer_Job__r.Campaign__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__c, Start_Date_Time__c, Duration__c, Total_Volunteers__c, Number_of_Volunteers_Still_Needed__c, Description__c @@ -426,8 +420,6 @@ global with sharing class VOL_CTRL_JobCalendar { if (fShowCampaignHierarchy) { listCampaignIds = VOL_SharedCode.listIdsCampaignsInHierarchy(strCampaignId); } - // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ listShifts = [select Id, Name, Volunteer_Job__c, Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c,Volunteer_Job__r.Campaign__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__c, Start_Date_Time__c, Duration__c, Total_Volunteers__c, Number_of_Volunteers_Still_Needed__c, Description__c diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index d1dd415..4fa8e32 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -364,21 +364,18 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { Date dtStart = date.today().addMonths(-cMonths + 1).toStartOfMonth(); list listCD = new list(); - try { - UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), - new Set{'Id', - UTIL_Describe.StrTokenNSPrefix('Start_Date__c'), - UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c'), - UTIL_Describe.StrTokenNSPrefix('Contact__c'), - UTIL_Describe.StrTokenNSPrefix('Status__c')}); - // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + if (Volunteer_Hours__c.SObjectType.getDescribe().isAccessible() + && Volunteer_Hours__c.Start_Date__c.getDescribe().isAccessible() + && Volunteer_Hours__c.Hours_Worked__c.getDescribe().isAccessible() + && Volunteer_Hours__c.Contact__c.getDescribe().isAccessible() + && Volunteer_Hours__c.Status__c.getDescribe().isAccessible()) { + list listAG = [select CALENDAR_YEAR(Start_Date__c) theYear, CALENDAR_MONTH(Start_Date__c) theMonth, SUM(Hours_Worked__c) sumHours - from Volunteer_Hours__c - where Contact__c = :contactId and Status__c = 'Completed' and Start_Date__c >= :dtStart - group by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) - order by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) ]; - + from Volunteer_Hours__c + where Contact__c = :contactId and Status__c = 'Completed' and Start_Date__c >= :dtStart + group by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) + order by CALENDAR_YEAR(Start_Date__c), CALENDAR_MONTH(Start_Date__c) ]; + Date dtNext = dtStart; Time timeT = Time.newInstance(1, 0, 0, 0); for (AggregateResult ag : listAG) { @@ -393,9 +390,7 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { listCD.add(new ChartData(datetime.newInstance(dt,timeT).format(strChartDateFormat), integer.valueOf(ag.get('sumHours')))); dtNext = dt.addMonths(1); } - } catch (Exception ex) { - // Allow the page to load without the chart data. - } + } // Allow the page to load without the chart data. return listCD; } @@ -430,15 +425,11 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { integer iVol = 0; integer iCurrent = 0; - try { - UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), - new Set{'Id', - UTIL_Describe.StrTokenNSPrefix('Start_Date__c'), - UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c'), - UTIL_Describe.StrTokenNSPrefix('Contact__c'), - UTIL_Describe.StrTokenNSPrefix('Status__c')}); - // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + if (Volunteer_Hours__c.SObjectType.getDescribe().isAccessible() + && Volunteer_Hours__c.Start_Date__c.getDescribe().isAccessible() + && Volunteer_Hours__c.Hours_Worked__c.getDescribe().isAccessible() + && Volunteer_Hours__c.Contact__c.getDescribe().isAccessible() + && Volunteer_Hours__c.Status__c.getDescribe().isAccessible()) { for (list listAG : [select Contact__c cId, SUM(Hours_Worked__c) sumHours from Volunteer_Hours__c where Status__c = 'Completed' and Start_Date__c >= :dtStart @@ -452,11 +443,8 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { } iVol++; } - } - } catch (Exception ex) { - // Allow the page to load without the ranking + } // Allow the page to load without the ranking } - if (iVol > 2) { integer irank = integer.valueOf(100 * (decimal.valueOf(iCurrent)/decimal.valueOf(iVol - 1))); if (irank == 0) irank = 1; diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index 032a947..bad83ea 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -108,8 +108,6 @@ public with sharing class VOL_CTRL_SendBulkEmail { try { UTIL_Describe.checkReadAccess('EmailTemplate', new Set{'Id','Name', 'Subject', 'Body'}); - // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ for (EmailTemplate et : [select Id, Name, Subject, Body from EmailTemplate where isActive=true and FolderId=:folderId order by name limit 999]) { listSO.add(new SelectOption(et.id, et.name)); @@ -124,24 +122,11 @@ public with sharing class VOL_CTRL_SendBulkEmail { // the list of Org Wide Email Addresses public list getlistSOFromEmails() { list listSO = new list(); - - // Getting current users email address to allow sending via there own email - // access check not necessary - /* sfca-disable-next-line ApexFlsViolationRule */ User thisUser = [Select Name, Email from User where id = :UserInfo.getUserId()]; listSO.add(new SelectOption('', thisUser.Name + ' <' + thisUser.Email + '>')); - - try { - UTIL_Describe.checkReadAccess('User', new Set{'Id','Name', 'Email'}); - // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ - for (OrgWideEmailAddress owa : [select id, Address, DisplayName from OrgWideEmailAddress]) { - listSO.add(new SelectOption(owa.id, owa.DisplayName + ' <' + owa.Address + '>')); - } - } catch(Exception ex) { - // allow page to load with only current users email option + for (OrgWideEmailAddress owa : [select id, Address, DisplayName from OrgWideEmailAddress]) { + listSO.add(new SelectOption(owa.id, owa.DisplayName + ' <' + owa.Address + '>')); } - return listSO; } From d2c38110212d902aa5671226ac9f886af3a0647f Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Thu, 7 Jul 2022 12:07:54 -0500 Subject: [PATCH 10/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/VOL_CTRL_JobCalendar.cls | 2 -- src/classes/VOL_CTRL_PersonalSiteContactInfo.cls | 2 -- 2 files changed, 4 deletions(-) diff --git a/src/classes/VOL_CTRL_JobCalendar.cls b/src/classes/VOL_CTRL_JobCalendar.cls index 47936d3..10bd6fd 100644 --- a/src/classes/VOL_CTRL_JobCalendar.cls +++ b/src/classes/VOL_CTRL_JobCalendar.cls @@ -433,8 +433,6 @@ global with sharing class VOL_CTRL_JobCalendar { // to avoid FullCalendar from displaying shifts based on the user's machine time zone, // we translate it to the desired time zone, then say it is GMT. // get default time zone for site guest user - // This is a field required by the system. - /* sfca-disable-next-line ApexFlsViolationRule */ User u = [Select TimeZoneSidKey From User where id =: Userinfo.getUserId()]; for (Volunteer_Shift__c shift : listShifts) { diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index 4fa8e32..32af897 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -245,8 +245,6 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { // Note that it stores the formatted Date in the Hours' Comment field (in memory only). private void dateTimeFixup(list listHours) { // get default time zone for site guest user - // This is a field required by the system. - /* sfca-disable-next-line ApexFlsViolationRule */ User u = [Select TimeZoneSidKey From User where id =: Userinfo.getUserId()]; // javascript formatting used 'tt' for am/pm, whereas apex formatting uses 'a'. From 1bf81888768cece15d42dcd30e5bd57ac08837cd Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Thu, 7 Jul 2022 14:18:49 -0500 Subject: [PATCH 11/33] WIP: Update access checks when needed, bypass scanner when verified. --- .../VOL_CTRL_VolunteersCampaignWizard.cls | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index d2eb607..adc7e3e 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -106,7 +106,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { // Ensure the user can create the object UTIL_Describe.checkObjectCreateAccess('Campaign'); SObjectAccessDecision campaignAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, new List{ cmpVols }); - insert campaignAccessDecision.getRecords(); + cmpVols = (Campaign) campaignAccessDecision.getRecords()[0]; + insert cmpVols; if (campaignIdClone != null) { CloneExistingJobsAndShifts(); @@ -142,11 +143,18 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { listJobs.add(job); } - // Ensure the user has access to the object and fields before querying - UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')); - SObjectAccessDecision jobAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, listJobs); - insert jobAccessDecision.getRecords(); + // Ensure the user has access to create the object and fields + UTIL_Describe.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set {'Name', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); + insert listJobs; + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), + new Set{'Name', + UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c'), + UTIL_Describe.StrTokenNSPrefix('Duration__c'), + UTIL_Describe.StrTokenNSPrefix('Description__c') + }); // create the sample shifts for (Integer iJob = 0; iJob < cSampleJobs; iJob++) { for (Integer iShift = 0; iShift < cSampleShifts; iShift++) { @@ -159,10 +167,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { listShifts.add(shift); } } - // Ensure the user has access to the object and fields before querying - UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c')); - SObjectAccessDecision shiftAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, listShifts); - insert shiftAccessDecision.getRecords(); + insert listShifts; } /******************************************************************************************************* From b74729162aa2dccde26ef885f46588d82b080313 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Thu, 7 Jul 2022 14:23:29 -0500 Subject: [PATCH 12/33] WIP: Update access checks when needed, bypass scanner when verified. --- src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls index 6d5fa2d..c2f0461 100644 --- a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls +++ b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls @@ -316,12 +316,14 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { } } SObjectAccessDecision updateDecision = Security.stripInaccessible(AccessType.UPDATABLE, listVolunteerHoursUpdate); - update updateDecision.getRecords(); + listVolunteerHoursUpdate = (List) updateDecision.getRecords(); + update listVolunteerHoursUpdate; // Ensure the user can create the object UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c')); SObjectAccessDecision insertDecision = Security.stripInaccessible(AccessType.CREATABLE, listVolunteerHoursCreate); - insert insertDecision.getRecords(); + listVolunteerHoursCreate = (List) insertDecision.getRecords(); + insert listVolunteerHoursCreate; strSaveResults = String.valueOf(listVolunteerHoursCreate.size() + listVolunteerHoursUpdate.size()) + ' ' + Label.labelMassEditSaveSuccess; ApexPages.addMessage(new ApexPages.message(ApexPages.Severity.CONFIRM, strSaveResults)); From 4c043ca7d1465773ac1600d7a36c5b90b9bb9262 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Fri, 8 Jul 2022 09:04:18 -0500 Subject: [PATCH 13/33] Remove namespacing on Campaign object. --- src/classes/VOL_CTRL_JobCalendar.cls | 4 ++-- src/classes/VOL_CTRL_VolunteersCampaignWizard.cls | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/classes/VOL_CTRL_JobCalendar.cls b/src/classes/VOL_CTRL_JobCalendar.cls index 10bd6fd..385ec61 100644 --- a/src/classes/VOL_CTRL_JobCalendar.cls +++ b/src/classes/VOL_CTRL_JobCalendar.cls @@ -393,7 +393,7 @@ global with sharing class VOL_CTRL_JobCalendar { UTIL_Describe.StrTokenNSPrefix('Campaign__c'), UTIL_Describe.StrTokenNSPrefix('Display_On_Website__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Website_Time_Zone__c')}); - UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Campaign'), + UTIL_Describe.checkReadAccess('Campaign', new Set{UTIL_Describe.StrTokenNSPrefix('Volunteer_Website_Time_Zone__c')}); if (!fAllJob) { @@ -406,7 +406,7 @@ global with sharing class VOL_CTRL_JobCalendar { and (Volunteer_Job__r.Display_On_Website__c = true or Volunteer_Job__r.Display_On_Website__c = :fWeb) order by Start_Date_Time__c asc]; } else if (fAllCampaign && fAllJob) { - UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Campaign'), new Set{'IsActive'}); + UTIL_Describe.checkReadAccess('Campaign', new Set{'IsActive'}); listShifts = [select Id, Name, Volunteer_Job__c, Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c,Volunteer_Job__r.Campaign__r.Volunteer_Website_Time_Zone__c, Volunteer_Job__r.Campaign__c, Start_Date_Time__c, Duration__c, Total_Volunteers__c, Number_of_Volunteers_Still_Needed__c, Description__c diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index adc7e3e..4ba570b 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -148,7 +148,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { new Set {'Name', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); insert listJobs; - UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), + UTIL_Describe.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), new Set{'Name', UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c'), From 0caa404e6c4bcdd26824a068fca6be0ccba746f5 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Fri, 8 Jul 2022 09:25:42 -0500 Subject: [PATCH 14/33] Volunteer shift name is an auto number field and cannot be set. --- src/classes/VOL_CTRL_VolunteersCampaignWizard.cls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index 4ba570b..514c629 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -149,7 +149,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { insert listJobs; UTIL_Describe.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), - new Set{'Name', + new Set{ UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c'), UTIL_Describe.StrTokenNSPrefix('Duration__c'), From 291ce742c407bf3d213c77905fe3c81fb3ceac23 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Fri, 8 Jul 2022 14:54:35 -0500 Subject: [PATCH 15/33] Fix failing test when a 2gp org is created without tabs. --- .../VOL_CTRL_VolunteersCampaignWizard.cls | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index 514c629..b5e74cf 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -33,6 +33,8 @@ * @description Page Controller class for the Volunteers Wizard visualforce page. ********************************************************************************************************/ public with sharing class VOL_CTRL_VolunteersCampaignWizard { + private static final String LAST_VIEWED_DATE = 'LastViewedDate'; + private static final String LAST_REFERENCED_DATE = 'LastReferencedDate'; // the new campaign we will create public Campaign cmpVols { @@ -231,7 +233,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { if (listStrFieldsShift == null) { listStrFieldsShift = new List(); Map mapS = Schema.SObjectType.Volunteer_Shift__c.fields.getMap(); - listStrFieldsShift.addAll(mapS.keySet()); + Set fieldNames = removeTabSpecificFields(mapS.keySet()); + listStrFieldsShift.addAll(fieldNames); } return listStrFieldsShift; } @@ -246,13 +249,24 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { if (listStrFieldsHours == null) { listStrFieldsHours = new List(); Map mapS = Schema.SObjectType.Volunteer_Hours__c.fields.getMap(); - listStrFieldsHours.addAll(mapS.keySet()); + Set fieldNames = removeTabSpecificFields(mapS.keySet()); + listStrFieldsHours.addAll(fieldNames); } return listStrFieldsHours; } set; } + /******************************************************************************************************* + * @description removes fields that only exist when a tab for the object has been created + * https://help.salesforce.com/s/articleView?id=000315500&type=1 + * @param Set Set of fields that might contain the fields to be returned. + */ + private Set removeTabSpecificFields(Set fieldNames) { + fieldNames.removeAll(new Set{ LAST_REFERENCED_DATE, LAST_VIEWED_DATE }); + return fieldNames; + } + /******************************************************************************************************* * @description queries for all of the Volunteer Jobs for the specified Campaign * @param campaignId the Id of the Campaign From 23d87a50a805b18153ba49dec89a29690fb3cf87 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Fri, 8 Jul 2022 15:48:19 -0500 Subject: [PATCH 16/33] Fix failing test when a 2gp org is created without tabs. --- src/classes/VOL_CTRL_VolunteersCampaignWizard.cls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index b5e74cf..bac3da0 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -263,7 +263,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { * @param Set Set of fields that might contain the fields to be returned. */ private Set removeTabSpecificFields(Set fieldNames) { - fieldNames.removeAll(new Set{ LAST_REFERENCED_DATE, LAST_VIEWED_DATE }); + fieldNames.removeAll(new Set{ LAST_REFERENCED_DATE.toLowerCase(), LAST_VIEWED_DATE.toLowerCase() }); return fieldNames; } From d9829e5b8fd4859df9d187d3957cb4f5a516dcb1 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Fri, 8 Jul 2022 17:08:55 -0500 Subject: [PATCH 17/33] Update cci api version. --- cumulusci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cumulusci.yml b/cumulusci.yml index 2be1078..47d3002 100644 --- a/cumulusci.yml +++ b/cumulusci.yml @@ -4,7 +4,7 @@ project: package: name: Volunteers for Salesforce namespace: GW_Volunteers - api_version: '40.0' + api_version: '44.0' install_class: InstallScript git: prefix_release: rel/ From 4239738196592841518f8584d221ab54b72dafba Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Fri, 8 Jul 2022 17:15:36 -0500 Subject: [PATCH 18/33] Undo update cci api version causes other builds to fail. --- cumulusci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cumulusci.yml b/cumulusci.yml index 47d3002..2be1078 100644 --- a/cumulusci.yml +++ b/cumulusci.yml @@ -4,7 +4,7 @@ project: package: name: Volunteers for Salesforce namespace: GW_Volunteers - api_version: '44.0' + api_version: '40.0' install_class: InstallScript git: prefix_release: rel/ From 0649dae8597e573dbc7538692e3b349d87db1d52 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 12 Jul 2022 10:33:23 -0500 Subject: [PATCH 19/33] Fix perms and change access check. --- .../VOL_CTRL_PersonalSiteContactInfo.cls | 37 ++++++++++--------- .../V4S_Site_Minimum.permissionset | 4 +- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index 32af897..342b8ed 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -423,25 +423,26 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { integer iVol = 0; integer iCurrent = 0; - if (Volunteer_Hours__c.SObjectType.getDescribe().isAccessible() - && Volunteer_Hours__c.Start_Date__c.getDescribe().isAccessible() - && Volunteer_Hours__c.Hours_Worked__c.getDescribe().isAccessible() - && Volunteer_Hours__c.Contact__c.getDescribe().isAccessible() - && Volunteer_Hours__c.Status__c.getDescribe().isAccessible()) { - for (list listAG : [select Contact__c cId, SUM(Hours_Worked__c) sumHours - from Volunteer_Hours__c - where Status__c = 'Completed' and Start_Date__c >= :dtStart - group by Contact__c - having SUM(Hours_Worked__c) > 0 - order by SUM(Hours_Worked__c) desc ]) { - - for (AggregateResult ag : listAG) { - if (ag.get('cId') == contactId) { - iCurrent = iVol; - } - iVol++; + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), + new Set{'Id', + UTIL_Describe.StrTokenNSPrefix('Start_Date__c'), + UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c'), + UTIL_Describe.StrTokenNSPrefix('Contact__c'), + UTIL_Describe.StrTokenNSPrefix('Status__c')}); + + for (list listAG : [select Contact__c cId, SUM(Hours_Worked__c) sumHours + from Volunteer_Hours__c + where Status__c = 'Completed' and Start_Date__c >= :dtStart + group by Contact__c + having SUM(Hours_Worked__c) > 0 + order by SUM(Hours_Worked__c) desc ]) { + + for (AggregateResult ag : listAG) { + if (ag.get('cId') == contactId) { + iCurrent = iVol; } - } // Allow the page to load without the ranking + iVol++; + } } if (iVol > 2) { integer irank = integer.valueOf(100 * (decimal.valueOf(iCurrent)/decimal.valueOf(iVol - 1))); diff --git a/unpackaged/config/dev/permissionsets/V4S_Site_Minimum.permissionset b/unpackaged/config/dev/permissionsets/V4S_Site_Minimum.permissionset index cbef35b..b14ae07 100755 --- a/unpackaged/config/dev/permissionsets/V4S_Site_Minimum.permissionset +++ b/unpackaged/config/dev/permissionsets/V4S_Site_Minimum.permissionset @@ -896,7 +896,7 @@ true false - true + false true false %%%NAMESPACE%%%Volunteer_Hours__c @@ -923,7 +923,7 @@ true false - true + false true false %%%NAMESPACE%%%Volunteer_Shift__c From 5ded9d7ba9f34de62b83ff9e725ff309c74a6418 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 13 Jul 2022 13:11:29 -0500 Subject: [PATCH 20/33] Add missing access checks and undo copy and paste error on vol_access. --- src/classes/VOL_Access.cls | 2 +- src/classes/VOL_CTRL_PersonalSiteContactInfo.cls | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/classes/VOL_Access.cls b/src/classes/VOL_Access.cls index 09f5cd7..970d084 100644 --- a/src/classes/VOL_Access.cls +++ b/src/classes/VOL_Access.cls @@ -145,7 +145,7 @@ public with sharing virtual class VOL_Access { return; } - Database.insert(sObjects); + insert sObjects; } /******************************************************************************************************* diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index 342b8ed..6ba7150 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -206,7 +206,15 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c'), new Set{ UTIL_Describe.StrTokenNSPrefix('Status__c'), - UTIL_Describe.StrTokenNSPrefix('Shift_Start_Date_Time__c')}); + UTIL_Describe.StrTokenNSPrefix('Shift_Start_Date_Time__c'), + UTIL_Describe.StrTokenNSPrefix('Contact__c')}); + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + new Set{'Name', + UTIL_Describe.StrTokenNSPrefix('Volunteer_Website_Time_Zone__c')}); + UTIL_Describe.checkReadAccess('Campaign', + new Set{UTIL_Describe.StrTokenNSPrefix('Volunteer_Website_Time_Zone__c')}); + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), + new Set{UTIL_Describe.StrTokenNSPrefix('Duration__c')}); if (listUpcomingVolunteerHours == null) { string strSoql = 'select Volunteer_Job__r.Name, Volunteer_Job__r.Volunteer_Website_Time_Zone__c, ' + From 554b050348bfabb5d63fa550e0a472fa5ca4a702 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 13 Jul 2022 16:43:49 -0500 Subject: [PATCH 21/33] Remove access check on email templates not available to modify access levels, add checks on fields in where clauses. --- src/classes/VOL_CTRL_SendBulkEmail.cls | 16 +++++----------- .../VOL_CTRL_VolunteersBulkEnterHours.cls | 2 +- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index bad83ea..0b4bc36 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -105,17 +105,10 @@ public with sharing class VOL_CTRL_SendBulkEmail { public list getlistSOTemplates() { list listSO = new list(); listSO.add(new SelectOption('', '')); - - try { - UTIL_Describe.checkReadAccess('EmailTemplate', new Set{'Id','Name', 'Subject', 'Body'}); - for (EmailTemplate et : [select Id, Name, Subject, Body from EmailTemplate - where isActive=true and FolderId=:folderId order by name limit 999]) { - listSO.add(new SelectOption(et.id, et.name)); - } - } catch(Exception ex) { - // Allow page to load without options + for (EmailTemplate et : [select Id, Name, Subject, Body from EmailTemplate + where isActive=true and FolderId=:folderId order by name limit 999]) { + listSO.add(new SelectOption(et.id, et.name)); } - return listSO; } @@ -347,7 +340,8 @@ public with sharing class VOL_CTRL_SendBulkEmail { new Set{ UTIL_Describe.StrTokenNSPrefix('Contact__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), - UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c') + UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), + UTIL_Describe.StrTokenNSPrefix('Status__c') }); UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set{ diff --git a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls index c2f0461..92339f9 100644 --- a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls +++ b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls @@ -123,7 +123,7 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { Date dt; if (volunteerShiftId != null) { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), - new Set{UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); + new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); // Using a dynamic describe access check in the method called above. /* sfca-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c shift = [select Start_Date_Time__c from Volunteer_Shift__c where Id = :volunteerShiftId]; From 3fe9e3d8cab2295560811e0ae8cc492ea6a91df3 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 13 Jul 2022 16:47:15 -0500 Subject: [PATCH 22/33] Add checks on fields in where clauses. --- src/classes/VOL_CTRL_SendBulkEmail.cls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index 0b4bc36..836bdb2 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -344,9 +344,9 @@ public with sharing class VOL_CTRL_SendBulkEmail { UTIL_Describe.StrTokenNSPrefix('Status__c') }); UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), - new Set{ - UTIL_Describe.StrTokenNSPrefix('Campaign__c') - }); + new Set{ UTIL_Describe.StrTokenNSPrefix('Campaign__c') }); + UTIL_Describe.checkReadAccess('Contact', + new Set{ UTIL_Describe.StrTokenNSPrefix('Email') }); string strSoql = 'select Contact__c, Volunteer_Shift__c, Volunteer_Job__c, Volunteer_Job__r.Campaign__c from Volunteer_Hours__c ' + ' where Status__c = \'' + VOL_SharedCode.StrEscape(hourStatus.Status__c) + '\' and ' + ' Contact__r.Email != null '; From 5946f6b0880195a3ce2e44b161f0d6c21c307d14 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 13 Jul 2022 16:54:16 -0500 Subject: [PATCH 23/33] Remove namespacing from the standard field. --- src/classes/VOL_CTRL_SendBulkEmail.cls | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index 836bdb2..382deff 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -345,8 +345,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { }); UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set{ UTIL_Describe.StrTokenNSPrefix('Campaign__c') }); - UTIL_Describe.checkReadAccess('Contact', - new Set{ UTIL_Describe.StrTokenNSPrefix('Email') }); + UTIL_Describe.checkReadAccess('Contact', new Set{ 'Email' }); string strSoql = 'select Contact__c, Volunteer_Shift__c, Volunteer_Job__c, Volunteer_Job__r.Campaign__c from Volunteer_Hours__c ' + ' where Status__c = \'' + VOL_SharedCode.StrEscape(hourStatus.Status__c) + '\' and ' + ' Contact__r.Email != null '; From d6c639b6831f1aba3951223a653b743b6445f1a9 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Fri, 15 Jul 2022 08:49:21 -0500 Subject: [PATCH 24/33] Disable scanner, access checks and strip inaccessible are being done. --- src/classes/VOL_CTRL_VolunteersCampaignWizard.cls | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index bac3da0..169e5dc 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -109,6 +109,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { UTIL_Describe.checkObjectCreateAccess('Campaign'); SObjectAccessDecision campaignAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, new List{ cmpVols }); cmpVols = (Campaign) campaignAccessDecision.getRecords()[0]; + // Using strip inaccessible in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ insert cmpVols; if (campaignIdClone != null) { @@ -148,6 +150,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { // Ensure the user has access to create the object and fields UTIL_Describe.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set {'Name', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ insert listJobs; UTIL_Describe.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), @@ -169,6 +173,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { listShifts.add(shift); } } + // Using a dynamic describe access check in the method called above. + /* sfca-disable-next-line ApexFlsViolationRule */ insert listShifts; } From aca1e285fa57e42c5273d5a846d9a21966c06374 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Mon, 18 Jul 2022 12:25:17 -0500 Subject: [PATCH 25/33] Additional access checks. --- src/classes/SoqlListView.cls | 2 +- src/classes/VOL_CTRL_VolunteersCampaignWizard.cls | 6 ++++++ src/classes/VOL_CTRL_VolunteersReportHours.cls | 6 ++++++ src/classes/VOL_SharedCode.cls | 14 ++++++-------- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/classes/SoqlListView.cls b/src/classes/SoqlListView.cls index 3879778..349d97d 100644 --- a/src/classes/SoqlListView.cls +++ b/src/classes/SoqlListView.cls @@ -146,7 +146,7 @@ public with sharing class SoqlListView extends ComponentControllerBase { // action method to delete an item from the database. public PageReference DeleteItem() { - if (idDeleteItem != null) { + if (idDeleteItem != null && idDeleteItem.getSObjectType().getDescribe().isDeletable()) { database.delete(idDeleteItem); idDeleteItem = null; setCon = null; diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index 169e5dc..cb95e05 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -371,6 +371,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { } // Ensure the user has access to the object and fields before saving UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')); + SObjectAccessDecision jobsAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, listJobs); + listJobs = (List) jobsAccessDecision.getRecords(); insert listJobs; return listJobs; } @@ -428,6 +430,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { // Ensure the user has access to the object and fields before saving UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c')); + SObjectAccessDecision shiftsAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, listShifts); + listShifts = (List) shiftsAccessDecision.getRecords(); insert listShifts; return listShifts; } @@ -505,6 +509,8 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { // Ensure the user has access to the object and fields before saving UTIL_Describe.checkObjectCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c')); + SObjectAccessDecision hoursAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, listHours); + listHours = (List) hoursAccessDecision.getRecords(); insert listHours; return listHours; } diff --git a/src/classes/VOL_CTRL_VolunteersReportHours.cls b/src/classes/VOL_CTRL_VolunteersReportHours.cls index c5632e6..4d54ee1 100644 --- a/src/classes/VOL_CTRL_VolunteersReportHours.cls +++ b/src/classes/VOL_CTRL_VolunteersReportHours.cls @@ -244,6 +244,12 @@ global virtual with sharing class VOL_CTRL_VolunteersReportHours { // set date and hours from shift if (volunteerShiftId != null) { + UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), + new Set { + 'Id', + UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c'), + UTIL_Describe.StrTokenNSPrefix('Duration__c') + }); Volunteer_Shift__c shift = [select Start_Date_Time__c, Duration__c from Volunteer_Shift__c where Id = :volunteerShiftId]; vhours.Start_Date__c = shift.Start_Date_Time__c.Date(); diff --git a/src/classes/VOL_SharedCode.cls b/src/classes/VOL_SharedCode.cls index d523c89..08fec99 100644 --- a/src/classes/VOL_SharedCode.cls +++ b/src/classes/VOL_SharedCode.cls @@ -58,15 +58,13 @@ global with sharing class VOL_SharedCode { listSO.add(new SelectOption('', '')); // Ensure the user has access to the object before querying - try { - UTIL_Describe.checkObjectReadAccess(String.valueOf(Volunteer_Job__c.SObjectType)); - } catch (Exception ex) { - // we will return an empty list vs throwing an error - return listSO; - } + if (Volunteer_Job__c.SObjectType.getDescribe().isAccessible() + && Volunteer_Job__c.Name.getDescribe().isAccessible() + && Volunteer_Job__c.Campaign__c.getDescribe().isAccessible()) { - for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c where Campaign__c = :campaignId order by name limit 999]) { - listSO.add(new SelectOption(vj.id, vj.name)); + for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c where Campaign__c = :campaignId order by name limit 999]) { + listSO.add(new SelectOption(vj.id, vj.name)); + } } return listSO; } From 184be054feef5361d60af6fc6c36907f33d01b8a Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Mon, 18 Jul 2022 12:26:21 -0500 Subject: [PATCH 26/33] Update comment to new scanner version prefix. --- src/classes/DatabaseDml.cls | 2 +- src/classes/VOL_Access.cls | 2 +- src/classes/VOL_CTRL_JobCalendar.cls | 12 ++++----- .../VOL_CTRL_PersonalSiteContactInfo.cls | 12 ++++----- .../VOL_CTRL_PersonalSiteContactLookup.cls | 4 +-- src/classes/VOL_CTRL_SendBulkEmail.cls | 26 +++++++++---------- .../VOL_CTRL_VolunteersBulkEnterHours.cls | 4 +-- .../VOL_CTRL_VolunteersCampaignWizard.cls | 8 +++--- src/classes/VOL_CTRL_VolunteersFind.cls | 8 +++--- src/classes/VOL_CTRL_VolunteersJobListing.cls | 4 +-- .../VOL_CTRL_VolunteersJobListingFS.cls | 4 +-- 11 files changed, 43 insertions(+), 43 deletions(-) diff --git a/src/classes/DatabaseDml.cls b/src/classes/DatabaseDml.cls index 164d160..5dbf972 100644 --- a/src/classes/DatabaseDml.cls +++ b/src/classes/DatabaseDml.cls @@ -31,7 +31,7 @@ This class was created for situations where we need to run in system mode. */ -/* sfca-disable ApexFlsViolationRule */ +/* sfge-disable ApexFlsViolationRule */ public without sharing virtual class DatabaseDml { protected DatabaseDml() {} diff --git a/src/classes/VOL_Access.cls b/src/classes/VOL_Access.cls index 970d084..937dc86 100644 --- a/src/classes/VOL_Access.cls +++ b/src/classes/VOL_Access.cls @@ -32,7 +32,7 @@ whether or not the admin has elevated the guest site user access. All permission checks are expected to be done by the caller. */ -/* sfca-disable ApexFlsViolationRule */ +/* sfge-disable ApexFlsViolationRule */ public with sharing virtual class VOL_Access { protected VOL_Access() {} diff --git a/src/classes/VOL_CTRL_JobCalendar.cls b/src/classes/VOL_CTRL_JobCalendar.cls index 385ec61..b817aaf 100644 --- a/src/classes/VOL_CTRL_JobCalendar.cls +++ b/src/classes/VOL_CTRL_JobCalendar.cls @@ -50,7 +50,7 @@ global with sharing class VOL_CTRL_JobCalendar { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Campaign', new Set{'Id', 'StartDate'}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listCampaign = [select Id, StartDate from Campaign where Id = :p]; if (listCampaign.size() > 0) { initialDate = Date.valueOf(listCampaign[0].StartDate); @@ -72,7 +72,7 @@ global with sharing class VOL_CTRL_JobCalendar { UTIL_Describe.StrTokenNSPrefix('First_Shift__c'), UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listJob = [select Id, First_Shift__c, Campaign__c from Volunteer_Job__c where Id = :p]; if (listJob.size() > 0) { @@ -96,7 +96,7 @@ global with sharing class VOL_CTRL_JobCalendar { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set{UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listShift = [select Id, Start_Date_Time__c, Volunteer_Job__c, Volunteer_Job__r.Campaign__c from Volunteer_Shift__c where Id = :p]; @@ -163,7 +163,7 @@ global with sharing class VOL_CTRL_JobCalendar { // only specify the css file if in the web page scenario. if (strURLtoCSSFile == null && fWeb) { // System query to find the css doc if the admin has added it for custom css - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listDocs = [SELECT Name, Id From Document WHERE Name = 'JobCalendarCSS.css' LIMIT 1 ]; if (listDocs.size() > 0) { Document doc = listDocs[0]; @@ -240,14 +240,14 @@ global with sharing class VOL_CTRL_JobCalendar { && Campaign.SObjectType.getDescribe().isAccessible() && Campaign.IsActive.getDescribe().isAccessible()) { if (campaignId == null) { // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c where Campaign__r.IsActive = true order by name limit 999]) { listSO.add(new SelectOption(vj.id, vj.name)); } } else { // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ for (Volunteer_Job__c vj : [select Name, Id from Volunteer_Job__c where Campaign__c = :campaignId order by name limit 999]) { listSO.add(new SelectOption(vj.id, vj.name)); diff --git a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls index 6ba7150..0656205 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactInfo.cls @@ -231,7 +231,7 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { strSoql += ' order by Shift_Start_Date_Time__c ASC '; strSoql += ' limit ' + cRowsUpcoming; // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ listUpcomingVolunteerHours = Database.Query(strSoql); // store friendly datetime string in system field for display only dateTimeFixup(listUpcomingVolunteerHours); @@ -330,7 +330,7 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { try { if (hoursId != null) { // We are dynamically check update access below, the query result is not being returned to the user. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Volunteer_Hours__c hr = [select Id, Status__c, Hours_Worked__c from Volunteer_Hours__c where Id = :hoursId]; hr.Status__c = 'Canceled'; hr.Hours_Worked__c = 0; @@ -339,7 +339,7 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { UTIL_Describe.StrTokenNSPrefix('Status__c'), UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c')}); // We are dynamically check update access above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ access.updateRecords(new List{hr}); hoursId = null; @@ -467,7 +467,7 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { UTIL_Describe.checkReadAccess('Contact', new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Volunteer_Hours__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Decimal contactTotalHours = [SELECT Id, Volunteer_Hours__c FROM Contact WHERE Id = :contactId LIMIT 1].Volunteer_Hours__c; if (contactTotalHours == null || contactTotalHours == 0) { @@ -478,14 +478,14 @@ global with sharing class VOL_CTRL_PersonalSiteContactInfo { String totalVolunteersQuery = 'SELECT count() FROM Contact WHERE ' + hoursField + ' > 0'; String totalVolunteersWithMoreHoursQuery = totalVolunteersQuery + ' AND ' + hoursField + ' > ' + contactTotalHours; // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Integer totalVolunteers = Database.countQuery(totalVolunteersQuery); if (totalVolunteers <= 2) { return ''; } // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Integer totalVolunteersWithMoreHours = Database.countQuery(totalVolunteersWithMoreHoursQuery); Integer rank = Integer.valueOf( diff --git a/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls b/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls index 33e5f86..edb8712 100644 --- a/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls +++ b/src/classes/VOL_CTRL_PersonalSiteContactLookup.cls @@ -132,7 +132,7 @@ global with sharing class VOL_CTRL_PersonalSiteContactLookup { // We are generating a task record as a system user to log for // the admin when users are requesting their volunteer information - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ access.insertRecords(new List{ taskRecord }); } else { @@ -151,7 +151,7 @@ global with sharing class VOL_CTRL_PersonalSiteContactLookup { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Contact', new Set{'Id', 'Name', 'Email'}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listCon = [select Name, Email from Contact where Id =: objId]; string strDetails = ''; if (listCon.size() > 0) diff --git a/src/classes/VOL_CTRL_SendBulkEmail.cls b/src/classes/VOL_CTRL_SendBulkEmail.cls index 382deff..7ce09cd 100644 --- a/src/classes/VOL_CTRL_SendBulkEmail.cls +++ b/src/classes/VOL_CTRL_SendBulkEmail.cls @@ -60,7 +60,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), new Set{'Id', 'Name', UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c shift = [select Name, Volunteer_Job__r.Name from Volunteer_Shift__c where Id = :shiftId]; strJobName = shift.Volunteer_Job__r.Name + ' - ' + shift.Name; templateObject = 'Shift'; @@ -69,7 +69,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set{'Id','Name'}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Volunteer_Job__c job = [select Name from Volunteer_Job__c where Id = :jobId]; strJobName = job.Name; templateObject = 'Job'; @@ -77,7 +77,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Campaign', new Set{'Id','Name'}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Campaign cmp = [select Name from Campaign where Id = :campaignId]; strJobName = cmp.Name; templateObject = 'Campaign'; @@ -93,7 +93,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { // get the folderId for our Volunteer email templates // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listf = [select Id from Folder where DeveloperName='Volunteers_Email_Templates']; if (listf.size() > 0) folderId = listf[0].Id; } catch (Exception e) { @@ -216,9 +216,9 @@ public with sharing class VOL_CTRL_SendBulkEmail { try { job.Description__c = htmlValue; // We are using Salesforce to sanitize the field then reverting the save. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ upsert job; - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ escapedHtml = [SELECT Description__c FROM Volunteer_Job__c WHERE Id = :job.Id LIMIT 1].Description__c; } catch (Exception ex) { @@ -242,7 +242,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ relatedJob.Id = [SELECT Volunteer_Job__c FROM Volunteer_Shift__c WHERE Id = :shiftId LIMIT 1].Volunteer_Job__c; return relatedJob; } @@ -256,7 +256,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ List jobs = [SELECT Id FROM Volunteer_Job__c WHERE Campaign__c = :campaignId LIMIT 1]; if (jobs.isEmpty()) { relatedJob.Campaign__c = campaignId; @@ -287,14 +287,14 @@ public with sharing class VOL_CTRL_SendBulkEmail { if (shiftId != null) { // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ listHr = [select contact__c from Volunteer_Hours__c where Status__c = :hourStatus.Status__c and Volunteer_Shift__c = :shiftId]; } else if (jobId != null){ - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ listHr = [select contact__c from Volunteer_Hours__c where Status__c = :hourStatus.Status__c and Volunteer_Job__c = :jobId]; } else if (campaignId != null) { // Salesforce failed to match our campaignId against the formula field which is text, so use full reference. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ listHr = [select contact__c from Volunteer_Hours__c where Status__c = :hourStatus.Status__c and Volunteer_Job__r.Campaign__c = :campaignId ]; } @@ -362,7 +362,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { // to keep track of unique contacts set setContactId = new set(); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ for (Volunteer_Hours__c hr : database.query(strSoql)) { if (!fEmailContactsOnlyOnce || setContactId.add(hr.Contact__c)) { Messaging.SingleEmailMessage mail = new Messaging.SingleEmailMessage(); @@ -421,7 +421,7 @@ public with sharing class VOL_CTRL_SendBulkEmail { // Ensure the user has access to the object and fields before querying UTIL_Describe.checkReadAccess('Contact', new Set{'Id', 'Name', 'Email'}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listCon = [select Name, Email from Contact where Id =: objId]; string strDetails = ''; if (listCon.size() > 0) diff --git a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls index 92339f9..cf0ff0d 100644 --- a/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls +++ b/src/classes/VOL_CTRL_VolunteersBulkEnterHours.cls @@ -125,7 +125,7 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { UTIL_Describe.checkReadAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c shift = [select Start_Date_Time__c from Volunteer_Shift__c where Id = :volunteerShiftId]; dt = shift.Start_Date_Time__c.date(); } else { @@ -241,7 +241,7 @@ global virtual with sharing class VOL_CTRL_VolunteersBulkEnterHours { UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c vs = [select Id, Duration__c, Start_Date_Time__c from Volunteer_Shift__c where Id = :volunteerShiftId]; hoursWorked = vs.Duration__c; dateStart = vs.Start_Date_Time__c.date(); diff --git a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls index 169e5dc..dcd2740 100644 --- a/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls +++ b/src/classes/VOL_CTRL_VolunteersCampaignWizard.cls @@ -110,7 +110,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { SObjectAccessDecision campaignAccessDecision = Security.stripInaccessible(AccessType.CREATABLE, new List{ cmpVols }); cmpVols = (Campaign) campaignAccessDecision.getRecords()[0]; // Using strip inaccessible in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ insert cmpVols; if (campaignIdClone != null) { @@ -151,7 +151,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { UTIL_Describe.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c'), new Set {'Name', UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ insert listJobs; UTIL_Describe.checkCreateAccess(UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c'), @@ -174,7 +174,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { } } // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ insert listShifts; } @@ -526,7 +526,7 @@ public with sharing class VOL_CTRL_VolunteersCampaignWizard { UTIL_Describe.StrTokenNSPrefix('Campaign__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listJobs = [select Id, First_Shift__c from Volunteer_Job__c where Campaign__c = :campaignIdClone order by First_Shift__c]; diff --git a/src/classes/VOL_CTRL_VolunteersFind.cls b/src/classes/VOL_CTRL_VolunteersFind.cls index 953a408..c6c7c22 100644 --- a/src/classes/VOL_CTRL_VolunteersFind.cls +++ b/src/classes/VOL_CTRL_VolunteersFind.cls @@ -274,7 +274,7 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { new Set{'Id', UTIL_Describe.StrTokenNSPrefix('Start_Date_Time__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ Volunteer_Shift__c vs = [select Start_Date_Time__c from Volunteer_Shift__c where Id = :volunteerShiftId]; dtStart = date.valueOf(vs.Start_Date_Time__c); } @@ -288,7 +288,7 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { UTIL_Describe.StrTokenNSPrefix('Contact__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Job__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ listVHExisting = [select Contact__c from Volunteer_Hours__c where Volunteer_Job__c = :volunteerJobId]; } else { // Ensure the user has access to the object and fields before querying @@ -297,7 +297,7 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { UTIL_Describe.StrTokenNSPrefix('Contact__c'), UTIL_Describe.StrTokenNSPrefix('Volunteer_Shift__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ listVHExisting = [select Contact__c from Volunteer_Hours__c where Volunteer_Shift__c = :volunteerShiftId]; } set setContactId = new set(); @@ -338,7 +338,7 @@ public with sharing class VOL_CTRL_VolunteersFind extends PageControllerBase { UTIL_Describe.StrTokenNSPrefix('Hours_Worked__c'), UTIL_Describe.StrTokenNSPrefix('Number_of_Volunteers__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ insert listHours; // if shift was specified, force its picklist to update with new numbers diff --git a/src/classes/VOL_CTRL_VolunteersJobListing.cls b/src/classes/VOL_CTRL_VolunteersJobListing.cls index 6f2211d..6a105d0 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListing.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListing.cls @@ -80,7 +80,7 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListing { get { if (strURLtoCSSFile == null) { // System query to find the css doc if the admin has added it for custom css - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listDocs = [SELECT Name, Id From Document WHERE Name = 'VolunteersJobListingCSS.css' LIMIT 1 ]; if (listDocs.size() > 0) { Document doc = listDocs[0]; @@ -264,7 +264,7 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListing { UTIL_Describe.StrTokenNSPrefix('Status__c'), UTIL_Describe.StrTokenNSPrefix('Start_Date__c')}); // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ access.insertRecords(new List{ vh }); volunteerHoursIdSignUp = vh.Id; } diff --git a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls index 50c9dab..325757a 100644 --- a/src/classes/VOL_CTRL_VolunteersJobListingFS.cls +++ b/src/classes/VOL_CTRL_VolunteersJobListingFS.cls @@ -122,7 +122,7 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { if (strURLtoCSSFile == null) { // System query to find the css doc if the admin has added it for custom css - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listDocs = [SELECT Name, Id From Document WHERE Name = 'VolunteersJobListingCSS.css' LIMIT 1 ]; if (listDocs.size() > 0) { Document doc = listDocs[0]; @@ -444,7 +444,7 @@ global virtual with sharing class VOL_CTRL_VolunteersJobListingFS { // make sure we don't go over the number of volunteers still needed on the shift. // Using a dynamic describe access check in the method called above. - /* sfca-disable-next-line ApexFlsViolationRule */ + /* sfge-disable-next-line ApexFlsViolationRule */ list listShift = [select Number_of_Volunteers_Still_Needed__c, Start_Date_Time__c, Duration__c from Volunteer_Shift__c where Id = :shiftIdSignUp]; if (listShift != null) { if (vhours.Number_of_Volunteers__c > listShift[0].Number_of_Volunteers_Still_Needed__c) { From 187e1adda6d0ef4df1ed2aa2ff6637cc3b10974b Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Mon, 18 Jul 2022 14:42:32 -0500 Subject: [PATCH 27/33] Additional access checks. --- src/classes/VOL_SharedCode.cls | 39 ++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/src/classes/VOL_SharedCode.cls b/src/classes/VOL_SharedCode.cls index 08fec99..314cf06 100644 --- a/src/classes/VOL_SharedCode.cls +++ b/src/classes/VOL_SharedCode.cls @@ -218,7 +218,8 @@ global with sharing class VOL_SharedCode { global static ID SettingsBucketAccountId { get { if (SettingsBucketAccountId == null) { - if (VolunteersSettings.Signup_Bucket_Account_On_Create__c != null) { + if (VolunteersSettings.Signup_Bucket_Account_On_Create__c != null + && Account.getSObjectType().getDescribe().isAccessible()) { Account[] acc = [select Id from Account where name = :VolunteersSettings.Signup_Bucket_Account_On_Create__c limit 1]; if (acc.size() > 0) SettingsBucketAccountId = acc[0].Id; } @@ -350,7 +351,8 @@ global with sharing class VOL_SharedCode { Account accToUse = null; // see if we can find their company (which we assume the form used Department to record.) - if (contact.Department != null) { + if (contact.Department != null + && Account.getSObjectType().getDescribe().isAccessible()) { list listAccount = [select Id, Name from Account where Name = :contact.Department limit 1]; if (listAccount.size() > 0) accToUse = listAccount.get(0); contact.Volunteer_Organization__c = contact.Department; @@ -392,24 +394,42 @@ global with sharing class VOL_SharedCode { // global code to verify the passed in ContactId is valid, as well as the email // exists on the Contact record. global static boolean isValidContactIdAndEmail(ID contactId, string strEmail) { + if (!Contact.getSObjectType().getDescribe().isAccessible()) { + return false; + } + string strSoql = 'select Id from Contact where Id = :contactId '; if (VolunteersSettings.Personal_Site_Requires_URL_Email_Match__c) { - if (strEmail == null || strEmail == '') + if (strEmail == null || strEmail == '' || Contact.Email.getDescribe().isAccessible()) return false; + strEmail = strEmail.escapeHtml4(); strSoql += 'and (Email= :strEmail'; // any additional email fields to check if (VolunteersSettings.Contact_Match_Email_Fields__c != null) { list listStrEmail = new list(); listStrEmail = VolunteersSettings.Contact_Match_Email_Fields__c.split(';'); + + Set fieldNames = Contact.getSObjectType.getDescribe().fields.getMap().keySet(); for (string str : listStrEmail) { - strSoql += ' or ' + str + ' = :strEmail '; + if (fieldNames.contains(str.toLowerCase())) { + strSoql += ' or ' + str + ' = :strEmail '; + } } + } // handle NPSP email fields if (IsNPSPInstalled) { - strSoql += ' or npe01__AlternateEmail__c = :strEmail '; - strSoql += ' or npe01__HomeEmail__c = :strEmail '; - strSoql += ' or npe01__WorkEmail__c = :strEmail '; + if (Contact.npe01__AlternateEmail__c.getDescribe().isAccessible()) { + strSoql += ' or npe01__AlternateEmail__c = :strEmail '; + } + if (Contact.npe01__HomeEmail__c.getDescribe().isAccessible()) { + strSoql += ' or npe01__HomeEmail__c = :strEmail '; + } + if (Contact.npe01__WorkEmail__c.getDescribe().isAccessible()) { + strSoql += ' or npe01__WorkEmail__c = :strEmail '; + } + + } strSoql += ') '; } @@ -614,7 +634,8 @@ global with sharing class VOL_SharedCode { // see if we can find their company Account accToUse = null; - if (strAccountName != null) { + if (strAccountName != null + && Account.getSObjectType().getDescribe().isAccessible()) { list listAccount = [select Id, Name from Account where Name = :strAccountName limit 1]; if (listAccount.size() > 0) accToUse = listAccount.get(0); } @@ -694,7 +715,7 @@ global with sharing class VOL_SharedCode { } strSoql += ' from ' + des.getName() + ' where Id = :id '; strSoql += ' limit 1'; - list listSObj = Database.Query(strSoql); + list listSObj = Security.stripInaccessible(AccessType.READABLE, Database.Query(strSoql)); if (listSObj.size() > 0) { SObject sobjT = listSObj[0]; From fbc20157e5b94b9763e2bb13de2e0ebb67ff6573 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Mon, 18 Jul 2022 16:38:57 -0500 Subject: [PATCH 28/33] Additional access checks. --- src/classes/VOL_SharedCode.cls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/classes/VOL_SharedCode.cls b/src/classes/VOL_SharedCode.cls index 314cf06..8c5f0e2 100644 --- a/src/classes/VOL_SharedCode.cls +++ b/src/classes/VOL_SharedCode.cls @@ -400,7 +400,7 @@ global with sharing class VOL_SharedCode { string strSoql = 'select Id from Contact where Id = :contactId '; if (VolunteersSettings.Personal_Site_Requires_URL_Email_Match__c) { - if (strEmail == null || strEmail == '' || Contact.Email.getDescribe().isAccessible()) + if (strEmail == null || strEmail == '' || !Contact.Email.getDescribe().isAccessible()) return false; strEmail = strEmail.escapeHtml4(); strSoql += 'and (Email= :strEmail'; From 41b1d70a88ffd52c3241fc3347d1ec2b26a40a69 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 19 Jul 2022 12:15:10 -0500 Subject: [PATCH 29/33] Fix errors and ensure npsp fields exist before accessesing them. --- src/classes/VOL_SharedCode.cls | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/classes/VOL_SharedCode.cls b/src/classes/VOL_SharedCode.cls index 8c5f0e2..b03c473 100644 --- a/src/classes/VOL_SharedCode.cls +++ b/src/classes/VOL_SharedCode.cls @@ -405,13 +405,13 @@ global with sharing class VOL_SharedCode { strEmail = strEmail.escapeHtml4(); strSoql += 'and (Email= :strEmail'; // any additional email fields to check + Map fieldByName = Contact.getSObjectType().getDescribe().fields.getMap(); if (VolunteersSettings.Contact_Match_Email_Fields__c != null) { list listStrEmail = new list(); listStrEmail = VolunteersSettings.Contact_Match_Email_Fields__c.split(';'); - Set fieldNames = Contact.getSObjectType.getDescribe().fields.getMap().keySet(); for (string str : listStrEmail) { - if (fieldNames.contains(str.toLowerCase())) { + if (fieldByName.containsKey(str)) { strSoql += ' or ' + str + ' = :strEmail '; } } @@ -419,13 +419,13 @@ global with sharing class VOL_SharedCode { } // handle NPSP email fields if (IsNPSPInstalled) { - if (Contact.npe01__AlternateEmail__c.getDescribe().isAccessible()) { + if (fieldByName.containsKey('npe01__AlternateEmail__c') && fieldByName.get('npe01__AlternateEmail__c').getDescribe().isAccessible()) { strSoql += ' or npe01__AlternateEmail__c = :strEmail '; } - if (Contact.npe01__HomeEmail__c.getDescribe().isAccessible()) { + if (fieldByName.containsKey('npe01__HomeEmail__c') && fieldByName.get('npe01__HomeEmail__c').getDescribe().isAccessible()) { strSoql += ' or npe01__HomeEmail__c = :strEmail '; } - if (Contact.npe01__WorkEmail__c.getDescribe().isAccessible()) { + if (fieldByName.containsKey('npe01__WorkEmail__c') && fieldByName.get('npe01__WorkEmail__c').getDescribe().isAccessible()) { strSoql += ' or npe01__WorkEmail__c = :strEmail '; } @@ -715,7 +715,7 @@ global with sharing class VOL_SharedCode { } strSoql += ' from ' + des.getName() + ' where Id = :id '; strSoql += ' limit 1'; - list listSObj = Security.stripInaccessible(AccessType.READABLE, Database.Query(strSoql)); + list listSObj = Security.stripInaccessible(AccessType.READABLE, Database.Query(strSoql)).getRecords(); if (listSObj.size() > 0) { SObject sobjT = listSObj[0]; From 67dd38bd2cf71e7021d1d55024f24af8f656c561 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Tue, 19 Jul 2022 17:33:21 -0500 Subject: [PATCH 30/33] Sanitize url parameter before using it in a query. --- src/classes/VOL_SharedCode.cls | 1 + 1 file changed, 1 insertion(+) diff --git a/src/classes/VOL_SharedCode.cls b/src/classes/VOL_SharedCode.cls index b03c473..280cf5c 100644 --- a/src/classes/VOL_SharedCode.cls +++ b/src/classes/VOL_SharedCode.cls @@ -636,6 +636,7 @@ global with sharing class VOL_SharedCode { Account accToUse = null; if (strAccountName != null && Account.getSObjectType().getDescribe().isAccessible()) { + strAccountName = strAccountName.escapeHtml4(); list listAccount = [select Id, Name from Account where Name = :strAccountName limit 1]; if (listAccount.size() > 0) accToUse = listAccount.get(0); } From dcb068f558fae664aee11720c14f5638f2f99df2 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 20 Jul 2022 12:21:35 -0500 Subject: [PATCH 31/33] Add test internal user permission set. --- .../V4S_Internal_Minimum.permissionset | 1413 +++++++++++++++++ 1 file changed, 1413 insertions(+) create mode 100644 unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset diff --git a/unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset b/unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset new file mode 100644 index 0000000..046c2e8 --- /dev/null +++ b/unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset @@ -0,0 +1,1413 @@ + + + + Groundwire_Volunteers + true + + + standard__LightningSales + true + + + ChangePasswordController + true + + + ChangePasswordControllerTest + true + + + ComponentControllerBase + true + + + DatabaseDml + true + + + DatabaseDml_TEST + true + + + ForgotPasswordController + true + + + ForgotPasswordControllerTest + true + + + InstallScript + true + + + InstallScript_TEST + true + + + MyProfilePageController + true + + + MyProfilePageControllerTest + true + + + PageControllerBase + true + + + QueryBuilder + true + + + QueryBuilder_TEST + true + + + SiteLoginController + true + + + SiteLoginControllerTest + true + + + SiteRegisterController + true + + + SiteRegisterControllerTest + true + + + SoqlListView + true + + + Telemetry + true + + + TelemetryService + true + + + TelemetryService_TEST + true + + + Telemetry_TEST + true + + + UTIL_Describe + true + + + UTIL_Describe_TEST + true + + + UTIL_HtmlOutput_CTRL + true + + + UTIL_HtmlOutput_TEST + true + + + UTIL_JavaScriptSanitizer + true + + + UTIL_JavaScriptSanitizer_TEST + true + + + UTIL_JobProgress_CTRL + true + + + UTIL_PageMessages_CTRL + true + + + UTIL_UnitTest + true + + + VOL_Access + true + + + VOL_Access_TEST + true + + + VOL_BATCH_Recurrence + true + + + VOL_BATCH_Recurrence_TEST + true + + + VOL_CTRL_BatchProgress + true + + + VOL_CTRL_BatchProgress_TEST + true + + + VOL_CTRL_JobCalendar + true + + + VOL_CTRL_JobCalendar_TEST + true + + + VOL_CTRL_NewAndEditVRS + true + + + VOL_CTRL_NewAndEditVRS_TEST + true + + + VOL_CTRL_OpenReport + true + + + VOL_CTRL_OpenReport_TEST + true + + + VOL_CTRL_PersonalSiteContactInfo + true + + + VOL_CTRL_PersonalSiteContactInfo_TEST + true + + + VOL_CTRL_PersonalSiteContactLookup + true + + + VOL_CTRL_PersonalSiteContactLookup_TEST + true + + + VOL_CTRL_PersonalSiteJobCalendar + true + + + VOL_CTRL_PersonalSiteJobListing + true + + + VOL_CTRL_PersonalSiteReportHours + true + + + VOL_CTRL_PersonalSiteTemplate + true + + + VOL_CTRL_PersonalSiteTemplate_TEST + true + + + VOL_CTRL_SendBulkEmail + true + + + VOL_CTRL_SendBulkEmail_TEST + true + + + VOL_CTRL_VolunteersBulkEnterHours + true + + + VOL_CTRL_VolunteersBulkEnterHours_TEST + true + + + VOL_CTRL_VolunteersCampaignWizard + true + + + VOL_CTRL_VolunteersCampaignWizard_TEST + true + + + VOL_CTRL_VolunteersFind + true + + + VOL_CTRL_VolunteersFind_TEST + true + + + VOL_CTRL_VolunteersJobListing + true + + + VOL_CTRL_VolunteersJobListingFS + true + + + VOL_CTRL_VolunteersJobListingFS_TEST + true + + + VOL_CTRL_VolunteersJobListing_TEST + true + + + VOL_CTRL_VolunteersReportHours + true + + + VOL_CTRL_VolunteersReportHours_TEST + true + + + VOL_CTRL_VolunteersSignup + true + + + VOL_CTRL_VolunteersSignupFS + true + + + VOL_CTRL_VolunteersSignupFS_TEST + true + + + VOL_CTRL_VolunteersSignup_TEST + true + + + VOL_JRS + true + + + VOL_JRS_TEST + true + + + VOL_SharedCode + true + + + VOL_SharedCode_TEST + true + + + VOL_StateCountryPicklists + true + + + VOL_StateCountryPicklists_TEST + true + + + VOL_TEST_Campaign_Trigger + true + + + VOL_TEST_VolunteerHours_Trigger + true + + + VOL_VRS + true + + + VOL_VRS_TEST + true + + + true + Account.AccountNumber + true + + + true + Account.AccountSource + true + + + true + Account.AnnualRevenue + true + + + true + Account.BillingAddress + true + + + false + Account.CleanStatus + true + + + true + Account.DandbCompanyId + true + + + true + Account.Description + true + + + true + Account.DunsNumber + true + + + true + Account.Fax + true + + + true + Account.Industry + true + + + true + Account.Jigsaw + true + + + true + Account.NaicsCode + true + + + true + Account.NaicsDesc + true + + + true + Account.NumberOfEmployees + true + + + true + Account.OperatingHoursId + true + + + true + Account.Ownership + true + + + true + Account.ParentId + true + + + true + Account.Phone + true + + + true + Account.Rating + true + + + true + Account.ShippingAddress + true + + + true + Account.Sic + true + + + true + Account.SicDesc + true + + + true + Account.Site + true + + + true + Account.TickerSymbol + true + + + true + Account.Tradestyle + true + + + true + Account.Type + true + + + true + Account.Website + true + + + true + Account.YearStarted + true + + + true + Campaign.ActualCost + true + + + false + Campaign.AmountAllOpportunities + true + + + false + Campaign.AmountWonOpportunities + true + + + true + Campaign.BudgetedCost + true + + + true + Campaign.Description + true + + + true + Campaign.EndDate + true + + + true + Campaign.ExpectedResponse + true + + + true + Campaign.ExpectedRevenue + true + + + false + Campaign.HierarchyActualCost + true + + + false + Campaign.HierarchyAmountAllOpportunities + true + + + false + Campaign.HierarchyAmountWonOpportunities + true + + + false + Campaign.HierarchyBudgetedCost + true + + + false + Campaign.HierarchyExpectedRevenue + true + + + false + Campaign.HierarchyNumberOfContacts + true + + + false + Campaign.HierarchyNumberOfConvertedLeads + true + + + false + Campaign.HierarchyNumberOfLeads + true + + + false + Campaign.HierarchyNumberOfOpportunities + true + + + false + Campaign.HierarchyNumberOfResponses + true + + + false + Campaign.HierarchyNumberOfWonOpportunities + true + + + false + Campaign.HierarchyNumberSent + true + + + true + Campaign.IsActive + true + + + false + Campaign.NumberOfContacts + true + + + false + Campaign.NumberOfConvertedLeads + true + + + false + Campaign.NumberOfLeads + true + + + false + Campaign.NumberOfOpportunities + true + + + false + Campaign.NumberOfResponses + true + + + false + Campaign.NumberOfWonOpportunities + true + + + true + Campaign.NumberSent + true + + + false + Campaign.%%%NAMESPACE%%%Number_of_Volunteers__c + true + + + true + Campaign.ParentId + true + + + true + Campaign.StartDate + true + + + true + Campaign.Status + true + + + true + Campaign.Type + true + + + false + Campaign.%%%NAMESPACE%%%Volunteer_Completed_Hours__c + true + + + false + Campaign.%%%NAMESPACE%%%Volunteer_Jobs__c + true + + + false + Campaign.%%%NAMESPACE%%%Volunteer_Shifts__c + true + + + true + Campaign.%%%NAMESPACE%%%Volunteer_Website_Time_Zone__c + true + + + false + Campaign.%%%NAMESPACE%%%Volunteers_Still_Needed__c + true + + + true + Contact.AccountId + true + + + true + Contact.AssistantName + true + + + true + Contact.AssistantPhone + true + + + true + Contact.Birthdate + true + + + false + Contact.CleanStatus + true + + + true + Contact.Department + true + + + true + Contact.Description + true + + + true + Contact.DoNotCall + true + + + true + Contact.Email + true + + + true + Contact.Fax + true + + + false + Contact.%%%NAMESPACE%%%First_Volunteer_Date__c + true + + + true + Contact.HasOptedOutOfEmail + true + + + true + Contact.HasOptedOutOfFax + true + + + true + Contact.HomePhone + true + + + true + Contact.Jigsaw + true + + + false + Contact.%%%NAMESPACE%%%Last_Volunteer_Date__c + true + + + true + Contact.LeadSource + true + + + true + Contact.MailingAddress + true + + + true + Contact.MobilePhone + true + + + true + Contact.OtherAddress + true + + + true + Contact.OtherPhone + true + + + true + Contact.Phone + true + + + true + Contact.ReportsToId + true + + + true + Contact.Title + true + + + false + Contact.%%%NAMESPACE%%%Unique_Volunteer_Count__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Auto_Reminder_Email_Opt_Out__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Availability__c + true + + + false + Contact.%%%NAMESPACE%%%Volunteer_Hours__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Last_Web_Signup_Date__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Manager_Notes__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Notes__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Organization__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Skills__c + true + + + true + Contact.%%%NAMESPACE%%%Volunteer_Status__c + true + + + true + %%%NAMESPACE%%%Job_Recurrence_Schedule__c.%%%NAMESPACE%%%Days_of_Week__c + true + + + true + %%%NAMESPACE%%%Job_Recurrence_Schedule__c.%%%NAMESPACE%%%Description__c + true + + + true + %%%NAMESPACE%%%Job_Recurrence_Schedule__c.%%%NAMESPACE%%%Desired_Number_of_Volunteers__c + true + + + true + %%%NAMESPACE%%%Job_Recurrence_Schedule__c.%%%NAMESPACE%%%Schedule_End_Date__c + true + + + true + %%%NAMESPACE%%%Job_Recurrence_Schedule__c.%%%NAMESPACE%%%Weekly_Occurrence__c + true + + + true + Lead.Address + true + + + true + Lead.AnnualRevenue + true + + + false + Lead.CleanStatus + true + + + true + Lead.CompanyDunsNumber + true + + + true + Lead.DandbCompanyId + true + + + true + Lead.Description + true + + + true + Lead.DoNotCall + true + + + true + Lead.Email + true + + + true + Lead.Fax + true + + + true + Lead.HasOptedOutOfEmail + true + + + true + Lead.HasOptedOutOfFax + true + + + true + Lead.Industry + true + + + true + Lead.Jigsaw + true + + + false + Lead.LastTransferDate + true + + + true + Lead.LeadSource + true + + + true + Lead.MobilePhone + true + + + true + Lead.NumberOfEmployees + true + + + true + Lead.Phone + true + + + true + Lead.Rating + true + + + true + Lead.Title + true + + + true + Lead.Volunteer_Availability__c + true + + + true + Lead.Volunteer_Notes__c + true + + + true + Lead.Volunteer_Skills__c + true + + + true + Lead.Volunteer_Status__c + true + + + true + Lead.Website + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Comments__c + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%End_Date__c + true + + + false + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Full_Name__c + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Hours_Worked__c + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Planned_Start_Date_Time__c + true + + + false + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Shift_Start_Date_Time__c + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Status__c + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%System_Note__c + true + + + false + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Total_Hours_Worked__c + true + + + false + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Volunteer_Campaign_Name__c + true + + + false + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Volunteer_Campaign__c + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c + true + + + true + %%%NAMESPACE%%%Volunteer_Hours__c.%%%NAMESPACE%%%Volunteer_Shift__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Description__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Display_on_Website__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%External_Signup_Url__c + true + + + false + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%First_Shift__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Inactive__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Location_City__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Location_Information__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Location_Street__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Location_Zip_Postal_Code__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Location__c + true + + + false + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Number_of_Completed_Hours__c + true + + + false + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Number_of_Shifts__c + true + + + false + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Number_of_Volunteers_Still_Needed__c + true + + + false + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Number_of_Volunteers__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Ongoing__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Skills_Needed__c + true + + + true + %%%NAMESPACE%%%Volunteer_Job__c.%%%NAMESPACE%%%Volunteer_Website_Time_Zone__c + true + + + true + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c.%%%NAMESPACE%%%Comments__c + true + + + true + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c.%%%NAMESPACE%%%Days_of_Week__c + true + + + true + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c.%%%NAMESPACE%%%Schedule_End_Date__c + true + + + true + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c.%%%NAMESPACE%%%Volunteer_Hours_Status__c + true + + + true + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c.%%%NAMESPACE%%%Volunteer_Job__c + true + + + true + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c.%%%NAMESPACE%%%Weekly_Occurrence__c + true + + + true + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Description__c + true + + + true + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Desired_Number_of_Volunteers__c + true + + + false + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Job_Location_City__c + true + + + false + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Job_Location_State_Province__c + true + + + false + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Job_Location_Street__c + true + + + false + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Job_Location_Zip_Postal_Code__c + true + + + true + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Job_Recurrence_Schedule__c + true + + + false + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Number_of_Volunteers_Still_Needed__c + true + + + true + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%System_Note__c + true + + + true + %%%NAMESPACE%%%Volunteer_Shift__c.%%%NAMESPACE%%%Total_Volunteers__c + true + + false + + + true + false + true + true + false + Account + false + + + true + false + true + true + false + Campaign + false + + + true + false + true + true + false + Contact + false + + + true + false + false + true + false + Lead + false + + + true + false + true + true + false + %%%NAMESPACE%%%Volunteer_Hours__c + false + + + true + false + true + true + false + %%%NAMESPACE%%%Volunteer_Job__c + false + + + true + false + true + true + false + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c + false + + + true + false + true + true + false + %%%NAMESPACE%%%Volunteer_Shift__c + false + + + JobCalendar + true + + + NewAndEditVRS + true + + + PersonalSiteContactInfo + true + + + PersonalSiteContactLookup + true + + + PersonalSiteJobCalendar + true + + + PersonalSiteJobListing + true + + + PersonalSiteReportHours + true + + + PersonalSiteTemplate + true + + + PersonalSiteTemplateEspanol + true + + + SendBulkEmail + true + + + VolunteersAbout + true + + + VolunteersBatchJobsProgress + true + + + VolunteersBulkEnterHours + true + + + VolunteersCampaignWizard + true + + + VolunteersFind + true + + + VolunteersJobListing + true + + + VolunteersJobListingFS + true + + + VolunteersReportHours + true + + + VolunteersSignup + true + + + VolunteersSignupFS + true + + + Campaign.Volunteers_Campaign + true + + + About_Volunteers + Visible + + + Find_Volunteers + Visible + + + Shift_Calendar + Visible + + + %%%NAMESPACE%%%Volunteer_Hours__c + Visible + + + %%%NAMESPACE%%%Volunteer_Job__c + Visible + + + %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c + Visible + + + %%%NAMESPACE%%%Volunteer_Shift__c + Visible + + + %%%NAMESPACE%%%Volunteers_Wizard + Visible + + + standard-Campaign + Visible + + + true + LightningExperienceUser + + From 8c3233552bb75562c60aa2c022019a193a652a87 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 20 Jul 2022 12:21:47 -0500 Subject: [PATCH 32/33] Add test internal user permission set. --- unpackaged/config/dev/package.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/unpackaged/config/dev/package.xml b/unpackaged/config/dev/package.xml index 4a536c8..d9612c1 100644 --- a/unpackaged/config/dev/package.xml +++ b/unpackaged/config/dev/package.xml @@ -5,6 +5,7 @@ Profile + V4S_Internal_Minimum V4S_Site_Minimum PermissionSet From 97cf2f704a3901bcd9ab404cc8a53f765c74bb48 Mon Sep 17 00:00:00 2001 From: Jennifer Bennett Date: Wed, 20 Jul 2022 16:06:29 -0500 Subject: [PATCH 33/33] Add missing namespace tokens --- .../V4S_Internal_Minimum.permissionset | 240 ++++++++---------- 1 file changed, 100 insertions(+), 140 deletions(-) diff --git a/unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset b/unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset index 046c2e8..873fafd 100644 --- a/unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset +++ b/unpackaged/config/dev/permissionsets/V4S_Internal_Minimum.permissionset @@ -1,7 +1,7 @@ - Groundwire_Volunteers + %%%NAMESPACE%%%Groundwire_Volunteers true @@ -17,319 +17,287 @@ true - ComponentControllerBase + %%%NAMESPACE%%%ComponentControllerBase true - DatabaseDml + %%%NAMESPACE%%%DatabaseDml true - DatabaseDml_TEST + %%%NAMESPACE%%%DatabaseDml_TEST true - ForgotPasswordController + %%%NAMESPACE%%%InstallScript true - ForgotPasswordControllerTest + %%%NAMESPACE%%%InstallScript_TEST true - InstallScript + %%%NAMESPACE%%%PageControllerBase true - InstallScript_TEST + %%%NAMESPACE%%%QueryBuilder true - MyProfilePageController + %%%NAMESPACE%%%QueryBuilder_TEST true - MyProfilePageControllerTest + %%%NAMESPACE%%%SoqlListView true - PageControllerBase + %%%NAMESPACE%%%Telemetry true - QueryBuilder + %%%NAMESPACE%%%TelemetryService true - QueryBuilder_TEST + %%%NAMESPACE%%%TelemetryService_TEST true - SiteLoginController + %%%NAMESPACE%%%Telemetry_TEST true - SiteLoginControllerTest + %%%NAMESPACE%%%UTIL_Describe true - SiteRegisterController + %%%NAMESPACE%%%UTIL_Describe_TEST true - SiteRegisterControllerTest + %%%NAMESPACE%%%UTIL_HtmlOutput_CTRL true - SoqlListView + %%%NAMESPACE%%%UTIL_HtmlOutput_TEST true - Telemetry + %%%NAMESPACE%%%UTIL_JavaScriptSanitizer true - TelemetryService + %%%NAMESPACE%%%UTIL_JavaScriptSanitizer_TEST true - TelemetryService_TEST + %%%NAMESPACE%%%UTIL_JobProgress_CTRL true - Telemetry_TEST + %%%NAMESPACE%%%UTIL_PageMessages_CTRL true - UTIL_Describe + %%%NAMESPACE%%%UTIL_UnitTest true - UTIL_Describe_TEST + %%%NAMESPACE%%%VOL_Access true - UTIL_HtmlOutput_CTRL + %%%NAMESPACE%%%VOL_Access_TEST true - UTIL_HtmlOutput_TEST + %%%NAMESPACE%%%VOL_BATCH_Recurrence true - UTIL_JavaScriptSanitizer + %%%NAMESPACE%%%VOL_BATCH_Recurrence_TEST true - UTIL_JavaScriptSanitizer_TEST + %%%NAMESPACE%%%VOL_CTRL_BatchProgress true - UTIL_JobProgress_CTRL + %%%NAMESPACE%%%VOL_CTRL_BatchProgress_TEST true - UTIL_PageMessages_CTRL + %%%NAMESPACE%%%VOL_CTRL_JobCalendar true - UTIL_UnitTest + %%%NAMESPACE%%%VOL_CTRL_JobCalendar_TEST true - VOL_Access + %%%NAMESPACE%%%VOL_CTRL_NewAndEditVRS true - VOL_Access_TEST + %%%NAMESPACE%%%VOL_CTRL_NewAndEditVRS_TEST true - VOL_BATCH_Recurrence + %%%NAMESPACE%%%VOL_CTRL_OpenReport true - VOL_BATCH_Recurrence_TEST + %%%NAMESPACE%%%VOL_CTRL_OpenReport_TEST true - VOL_CTRL_BatchProgress + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteContactInfo true - VOL_CTRL_BatchProgress_TEST + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteContactInfo_TEST true - VOL_CTRL_JobCalendar + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteContactLookup true - VOL_CTRL_JobCalendar_TEST + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteContactLookup_TEST true - VOL_CTRL_NewAndEditVRS + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteJobCalendar true - VOL_CTRL_NewAndEditVRS_TEST + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteJobListing true - VOL_CTRL_OpenReport + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteReportHours true - VOL_CTRL_OpenReport_TEST + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteTemplate true - VOL_CTRL_PersonalSiteContactInfo + %%%NAMESPACE%%%VOL_CTRL_PersonalSiteTemplate_TEST true - VOL_CTRL_PersonalSiteContactInfo_TEST + %%%NAMESPACE%%%VOL_CTRL_SendBulkEmail true - VOL_CTRL_PersonalSiteContactLookup + %%%NAMESPACE%%%VOL_CTRL_SendBulkEmail_TEST true - VOL_CTRL_PersonalSiteContactLookup_TEST + %%%NAMESPACE%%%VOL_CTRL_VolunteersBulkEnterHours true - VOL_CTRL_PersonalSiteJobCalendar + %%%NAMESPACE%%%VOL_CTRL_VolunteersBulkEnterHours_TEST true - VOL_CTRL_PersonalSiteJobListing + %%%NAMESPACE%%%VOL_CTRL_VolunteersCampaignWizard true - VOL_CTRL_PersonalSiteReportHours + %%%NAMESPACE%%%VOL_CTRL_VolunteersCampaignWizard_TEST true - VOL_CTRL_PersonalSiteTemplate + %%%NAMESPACE%%%VOL_CTRL_VolunteersFind true - VOL_CTRL_PersonalSiteTemplate_TEST + %%%NAMESPACE%%%VOL_CTRL_VolunteersFind_TEST true - VOL_CTRL_SendBulkEmail + %%%NAMESPACE%%%VOL_CTRL_VolunteersJobListing true - VOL_CTRL_SendBulkEmail_TEST + %%%NAMESPACE%%%VOL_CTRL_VolunteersJobListingFS true - VOL_CTRL_VolunteersBulkEnterHours + %%%NAMESPACE%%%VOL_CTRL_VolunteersJobListingFS_TEST true - VOL_CTRL_VolunteersBulkEnterHours_TEST + %%%NAMESPACE%%%VOL_CTRL_VolunteersJobListing_TEST true - VOL_CTRL_VolunteersCampaignWizard + %%%NAMESPACE%%%VOL_CTRL_VolunteersReportHours true - VOL_CTRL_VolunteersCampaignWizard_TEST + %%%NAMESPACE%%%VOL_CTRL_VolunteersReportHours_TEST true - VOL_CTRL_VolunteersFind + %%%NAMESPACE%%%VOL_CTRL_VolunteersSignup true - VOL_CTRL_VolunteersFind_TEST + %%%NAMESPACE%%%VOL_CTRL_VolunteersSignupFS true - VOL_CTRL_VolunteersJobListing + %%%NAMESPACE%%%VOL_CTRL_VolunteersSignupFS_TEST true - VOL_CTRL_VolunteersJobListingFS + %%%NAMESPACE%%%VOL_CTRL_VolunteersSignup_TEST true - VOL_CTRL_VolunteersJobListingFS_TEST + %%%NAMESPACE%%%VOL_JRS true - VOL_CTRL_VolunteersJobListing_TEST + %%%NAMESPACE%%%VOL_JRS_TEST true - VOL_CTRL_VolunteersReportHours + %%%NAMESPACE%%%VOL_SharedCode true - VOL_CTRL_VolunteersReportHours_TEST + %%%NAMESPACE%%%VOL_SharedCode_TEST true - VOL_CTRL_VolunteersSignup + %%%NAMESPACE%%%VOL_StateCountryPicklists true - VOL_CTRL_VolunteersSignupFS + %%%NAMESPACE%%%VOL_StateCountryPicklists_TEST true - VOL_CTRL_VolunteersSignupFS_TEST + %%%NAMESPACE%%%VOL_TEST_Campaign_Trigger true - VOL_CTRL_VolunteersSignup_TEST + %%%NAMESPACE%%%VOL_TEST_VolunteerHours_Trigger true - VOL_JRS + %%%NAMESPACE%%%VOL_VRS true - VOL_JRS_TEST - true - - - VOL_SharedCode - true - - - VOL_SharedCode_TEST - true - - - VOL_StateCountryPicklists - true - - - VOL_StateCountryPicklists_TEST - true - - - VOL_TEST_Campaign_Trigger - true - - - VOL_TEST_VolunteerHours_Trigger - true - - - VOL_VRS - true - - - VOL_VRS_TEST + %%%NAMESPACE%%%VOL_VRS_TEST true @@ -959,22 +927,22 @@ true - Lead.Volunteer_Availability__c + Lead.%%%NAMESPACE%%%Volunteer_Availability__c true true - Lead.Volunteer_Notes__c + Lead.%%%NAMESPACE%%%Volunteer_Notes__c true true - Lead.Volunteer_Skills__c + Lead.%%%NAMESPACE%%%Volunteer_Skills__c true true - Lead.Volunteer_Status__c + Lead.%%%NAMESPACE%%%Volunteer_Status__c true @@ -1287,103 +1255,99 @@ false - JobCalendar + %%%NAMESPACE%%%JobCalendar true - NewAndEditVRS + %%%NAMESPACE%%%NewAndEditVRS true - PersonalSiteContactInfo + %%%NAMESPACE%%%PersonalSiteContactInfo true - PersonalSiteContactLookup + %%%NAMESPACE%%%PersonalSiteContactLookup true - PersonalSiteJobCalendar + %%%NAMESPACE%%%PersonalSiteJobCalendar true - PersonalSiteJobListing + %%%NAMESPACE%%%PersonalSiteJobListing true - PersonalSiteReportHours + %%%NAMESPACE%%%PersonalSiteReportHours true - PersonalSiteTemplate + %%%NAMESPACE%%%PersonalSiteTemplate true - PersonalSiteTemplateEspanol + %%%NAMESPACE%%%PersonalSiteTemplateEspanol true - SendBulkEmail + %%%NAMESPACE%%%SendBulkEmail true - VolunteersAbout + %%%NAMESPACE%%%VolunteersAbout true - VolunteersBatchJobsProgress + %%%NAMESPACE%%%VolunteersBatchJobsProgress true - VolunteersBulkEnterHours + %%%NAMESPACE%%%VolunteersBulkEnterHours true - VolunteersCampaignWizard + %%%NAMESPACE%%%VolunteersCampaignWizard true - VolunteersFind + %%%NAMESPACE%%%VolunteersFind true - VolunteersJobListing + %%%NAMESPACE%%%VolunteersJobListing true - VolunteersJobListingFS + %%%NAMESPACE%%%VolunteersJobListingFS true - VolunteersReportHours + %%%NAMESPACE%%%VolunteersReportHours true - VolunteersSignup + %%%NAMESPACE%%%VolunteersSignup true - VolunteersSignupFS + %%%NAMESPACE%%%VolunteersSignupFS true - Campaign.Volunteers_Campaign + Campaign.%%%NAMESPACE%%%Volunteers_Campaign true - About_Volunteers - Visible - - - Find_Volunteers + %%%NAMESPACE%%%About_Volunteers Visible - Shift_Calendar + %%%NAMESPACE%%%Find_Volunteers Visible - %%%NAMESPACE%%%Volunteer_Hours__c + %%%NAMESPACE%%%Shift_Calendar Visible @@ -1394,10 +1358,6 @@ %%%NAMESPACE%%%Volunteer_Recurrence_Schedule__c Visible - - %%%NAMESPACE%%%Volunteer_Shift__c - Visible - %%%NAMESPACE%%%Volunteers_Wizard Visible