search

apex-enterprise-patterns / fflib-apex-common

Common Apex Library supporting Apex Enterprise Patterns and much more!
BSD 3-Clause "New" or "Revised" License
903 stars 514 forks source link

fflib_SecurityUtilsTest failures in Patch Orgs (Winter '22) #369

Closed sabinaene closed 2 years ago

sabinaene commented 2 years ago

Similar to #315 , fflib_SecurityUtilsTest is failing because Patch Orgs (first generation package) don't have the Read Only profile.

smsfsc.fflib_SecurityUtilsTest.readonly_field_access
System.QueryException: List has no rows for assignment to SObject
Class.smsfsc.fflib_SecurityUtilsTest.getProfile: line 53, column 1
Class.smsfsc.fflib_SecurityUtilsTest.setupTestUser: line 91, column 1
Class.smsfsc.fflib_SecurityUtilsTest.readonly_field_access: line 131, column 1

smsfsc.fflib_SecurityUtilsTest.readonly_objectAndField_access
System.QueryException: List has no rows for assignment to SObject
Class.smsfsc.fflib_SecurityUtilsTest.getProfile: line 53, column 1
Class.smsfsc.fflib_SecurityUtilsTest.setupTestUser: line 91, column 1
Class.smsfsc.fflib_SecurityUtilsTest.readonly_objectAndField_access: line 228, column 1

smsfsc.fflib_SecurityUtilsTest.readonly_object_access
System.QueryException: List has no rows for assignment to SObject
Class.smsfsc.fflib_SecurityUtilsTest.getProfile: line 53, column 1
Class.smsfsc.fflib_SecurityUtilsTest.setupTestUser: line 91, column 1
Class.smsfsc.fflib_SecurityUtilsTest.readonly_object_access: line 174, column 1

These are the profiles I have in patch orgs

Analytics Cloud Integration User    Analytics Cloud Integration User
Analytics Cloud Security User   Analytics Cloud Integration User
Chatter External User   Chatter External
Chatter Free User   Chatter Free
Chatter Moderator User  Chatter Free
Chatter Only User   Chatter Only
Company Communities User    Company Communities
Contract Manager    Salesforce
Custom: Marketing Profile   Salesforce
Custom: Sales Profile   Salesforce
Custom: Support Profile Salesforce
Customer Community Login User   Customer Community Login
Customer Community Plus Login User  Customer Community Plus Login
Customer Community Plus User    Customer Community Plus
Customer Community User Customer Community
Customer Portal Manager Customer Portal Manager
Customer Portal Manager Custom  Customer Portal Manager Custom
Customer Portal Manager Standard    Customer Portal Manager Standard
External Apps Login User    External Apps Login
External Identity User  External Identity
Force.com - App Subscription User   Force.com - App Subscription
Force.com - Free User   Force.com - Free
Gold Partner User   Gold Partner
High Volume Customer Portal High Volume Customer Portal
High Volume Customer Portal User    High Volume Customer Portal
Identity User   Identity
Marketing User  Salesforce
Partner App Subscription User   Partner App Subscription
Partner Community Login User    Partner Community Login
Partner Community User  Partner Community
Partner User    Partner
Service Cloud   Service Cloud
Silver Partner User Silver Partner
Solution Manager    Salesforce
Standard Platform User  Salesforce Platform
Standard User   Salesforce
System Administrator    Salesforce
Work.com Only User  Work.com Only
tfuda commented 2 years ago

Argh! The problem is not that "Read Only" is absent, it's that neither "Read Only", nor "Minimum Access - Salesforce" Profiles exist in your patch org. The PR I submitted specifically dealt with the fact that Salesforce decided to remove "Read Only" from new orgs, and added "Minimum Access - Salesforce" in its place. It assumes one, or the other would be present. You know what happens when you assume. Thanks Salesforce!

ImJohnMDaniel commented 2 years ago

@sabinaene -- can you add a "Read Only" or "Minimum Access - Salesforce" profile to your patch org? It doesn't have to be the exact type that @tfuda is referring to. It would simply need to be a profile with that name.

@daveespo or @stohn777 -- any other suggestions?

daveespo commented 2 years ago

I agree -- cloning an existing profile is probably the most expedient

You could also (painfully) open a support case because my understanding of Patch Orgs is that they should mirror the primary packager org from which they were created from. Sounds like some sort of regression perhaps -- we don't use Patch Orgs very often but we have used one within the past 2 months and didn't have this problem.

stohn777 commented 2 years ago

@sabinaene @ImJohnMDaniel No. I don't have anything further to add, but happy to emphasize the preceding comments. Unfortunately, the platform beneath our framework occasionally shifts, requiring us to make adjustments to our patterns, and if one of our community members designs insightful workarounds for these occasional shifts, I'm confident that all of us would enjoy seeing them and integrating them into the framework as appropriate.

sabinaene commented 2 years ago

@ImJohnMDaniel Yes, adding a "Read Only" profile makes it work. We automate all the deployments and package uploads and this is a bit inconvenient, but it does work. @daveespo Actually, opening a case is a very good idea - didn't think about it. But right now I'm not sure what is more painful - opening a case with Salesforce or updating our scripts to include a read only profile for patch orgs :) Thanks for all your replies!

ImJohnMDaniel commented 2 years ago

Definitely 🤣😂🤣

sabinaene commented 2 years ago

After 1.5 months I got a response to my case. It's a known issue :) https://trailblazer.salesforce.com/issues_view?id=a1p4V000001TuS2QAK