search

apex-enterprise-patterns / fflib-apex-common

Common Apex Library supporting Apex Enterprise Patterns and much more!
BSD 3-Clause "New" or "Revised" License
911 stars 517 forks source link

fflib_SecurityUtils does not use fflib_SObjectDescribe everywhere #380

Closed jonnypetraglia closed 1 year ago

jonnypetraglia commented 2 years ago

I considered just making a PR but this seems intentional. Example:

    public static void checkFieldIsReadable(SObjectType objType, String fieldName)
    {
        checkFieldIsReadable(objType, fflib_SObjectDescribe.getDescribe(objType).getField(fieldName));
    }
    public static void checkObjectIsReadable(SObjectType objType)
    {
        if (BYPASS_INTERNAL_FLS_AND_CRUD)
            return;
        if (!objType.getDescribe().isAccessible())
            throw new CrudException(OperationType.READ, objType);
    }

Obviously I think using fflib_SObjectDescribe everywhere is the way to go, but if not, it seems concerning if only because checkFieldIsReadable is using a different SObjectDescribe. Otherwise, if it's not the same, it should use the cache.

Unless I'm missing something?

daveespo commented 1 year ago

The support for fflib_SecurityUtils was deprecated with the introduction of native User Mode support in #419 -- we plan no further enhancements to the old CRUD/FLS logic