Fix access checks

SalesforceFoundation · Nov 10, 2023 · 626ebad · 626ebad
1 parent 82d6a0c
commit 626ebad
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 15 deletions.
diff --git a/force-app/main/default/classes/PMT_PaymentWizard_CTRL.cls b/force-app/main/default/classes/PMT_PaymentWizard_CTRL.cls
@@ -543,15 +543,19 @@ public with sharing class PMT_PaymentWizard_CTRL {
     */
     private Boolean hasFeatureAccess() {
         if (hasRequiredObjectLevelAccess()) {
-            return hasAccessTo(npe01__OppPayment__c.getSObjectType(), paymentFields())
-                && hasAccessTo(Opportunity.getSObjectType(), opportunityFields());
+            return hasReadAccessTo(npe01__OppPayment__c.getSObjectType(), paymentFields())
+                && hasModifyAccessTo(npe01__OppPayment__c.getSObjectType(), paymentFields())
+                && hasReadAccessTo(Opportunity.getSObjectType(), opportunityReadFields())
+                && hasModifyAccessTo(Opportunity.getSObjectType(), opportunityModifyFields());
         }
         return false;
     }
 
-    private Boolean hasAccessTo(SObjectType sObjectType, Set<SObjectField> sObjectFields) {
-        return permissions.canRead(sObjectType, sObjectFields)
-            && permissions.canUpdate(sObjectType, sObjectFields);
+    private Boolean hasReadAccessTo(SObjectType sObjectType, Set<SObjectField> sObjectFields) {
+        return permissions.canRead(sObjectType, sObjectFields);
+    }
+    private Boolean hasModifyAccessTo(SObjectType sObjectType, Set<SObjectField> sObjectFields) {
+        return permissions.canUpdate(sObjectType, sObjectFields);
     }
 
     private Boolean hasRequiredObjectLevelAccess() {
@@ -581,7 +585,7 @@ public with sharing class PMT_PaymentWizard_CTRL {
         };
     }
 
-    private Set<SObjectField> opportunityFields() {
+    private Set<SObjectField> opportunityReadFields() {
         return new Set<SObjectField>{
             Opportunity.fields.Name,
             Opportunity.fields.Amount,
@@ -595,6 +599,11 @@ public with sharing class PMT_PaymentWizard_CTRL {
             Opportunity.fields.IsWon
         };
     }
+    private Set<SObjectField> opportunityModifyFields() {
+        return new Set<SObjectField>{
+            Opportunity.fields.Amount
+        };
+    }
 
 
     /*******************************************************************************************************

diff --git a/force-app/main/default/classes/PMT_PaymentWizard_TEST.cls b/force-app/main/default/classes/PMT_PaymentWizard_TEST.cls
@@ -245,7 +245,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, PARAM_PAYMENT);
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         List<SelectOption> l = controller.getItems();
         l = controller.getIntervals();
@@ -331,7 +330,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, PARAM_PAYMENT);
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         List<SelectOption> l = controller.getItems();
         l = controller.getIntervals();
@@ -371,7 +369,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, PARAM_PAYMENT);
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         List<SelectOption> l = controller.getItems();
         l = controller.getIntervals();
@@ -410,7 +407,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, PARAM_PAYMENT);
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         List<SelectOption> l = controller.getItems();
         l = controller.getIntervals();
@@ -445,7 +441,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, PARAM_PAYMENT);
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         System.assertEquals(null, controller.currentOpp);
         UTIL_UnitTestData_TEST.assertPageHasError(System.Label.pmtWizardMsgNoOppFound);
@@ -465,7 +460,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, 'invalidType');
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         System.assertEquals(null, controller.currentOpp);
         UTIL_UnitTestData_TEST.assertPageHasError(System.Label.pmtWizardMsgNoOppFound);
@@ -487,7 +481,6 @@ private class PMT_PaymentWizard_TEST {
 
         System.runAs(UTIL_UnitTestData_TEST.createStandardProfileUser()) {
             PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-            controller.hasFeatureAccess = true;
 
             System.assertEquals(null, controller.currentOpp);
             UTIL_UnitTestData_TEST.assertPageHasError(System.Label.pmtWizardMsgNoOppFound);
@@ -590,7 +583,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, PARAM_PAYMENT);
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         // set values
         System.assertEquals(false, controller.haveAmount);
@@ -650,7 +642,6 @@ private class PMT_PaymentWizard_TEST {
         ApexPages.currentPage().getParameters().put(PARAM_WTYPE, PARAM_PAYMENT);
 
         PMT_PaymentWizard_CTRL controller = new PMT_PaymentWizard_CTRL();
-        controller.hasFeatureAccess = true;
 
         List<SelectOption> l = controller.getItems();
         l = controller.getIntervals();