Change check permission strategy

SFDO-Community · Nov 25, 2024 · 2630f7b · 2630f7b
1 parent 2ed442e
commit 2630f7b
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 10 deletions.
diff --git a/dlrs/main/classes/Utilities.cls b/dlrs/main/classes/Utilities.cls
@@ -25,6 +25,8 @@
  **/
 
 public class Utilities {
+  static Set<String> permsHeldByUser;
+
   /**
    * Get the namespace of this package
    **/
@@ -90,19 +92,65 @@ public class Utilities {
    * returns `true` if user has any of those custom permissions
    */
   public static Boolean userHasCustomPermission(String permissionNames) {
+    // early out to avoid performance overhead, most rollups probably don't need to check perms
     if (String.isBlank(permissionNames)) {
       return false;
     }
+    Set<String> userPerms = getUserCustomPerms();
 
     for (String permName : permissionNames.split(',')) {
-      if (FeatureManagement.checkPermission(permName.trim())) {
+      // match lowercase because the index was built lowercase
+      if (userPerms.contains(permName.trim().toLowerCase())) {
         return true;
       }
     }
 
     return false;
   }
 
+  private static Set<String> getUserCustomPerms() {
+    if (permsHeldByUser == null) {
+      permsHeldByUser = new Set<String>();
+      // need to init the list of perms held by the user
+
+      // Get the list of CustomPermission Ids that the user has access to
+      // this respects Perm Sets, Perm Set Groups, and Profiles
+      List<Id> customPermIds = new List<Id>();
+      for (SetupEntityAccess entity : [
+        SELECT SetupEntityId
+        FROM SetupEntityAccess
+        WHERE
+          SetupEntityType = 'CustomPermission'
+          AND ParentId IN (
+            SELECT PermissionSetId
+            FROM PermissionSetAssignment
+            WHERE AssigneeId = :UserInfo.getUserId()
+          )
+      ]) {
+        customPermIds.add(entity.SetupEntityId);
+      }
+      // resolve the Custom Permission Id into string names
+      for (CustomPermission perm : [
+        SELECT Id, DeveloperName, NamespacePrefix
+        FROM CustomPermission
+        WHERE Id IN :customPermIds
+      ]) {
+        String permName = perm.DeveloperName;
+        if (!String.isBlank(perm.NamespacePrefix)) {
+          // if this has a namespace prefix we should build a unified string
+          permName = String.format(
+            '{0}__{1}',
+            new List<String>{ perm.NamespacePrefix, permName }
+          );
+        }
+        // normalize to lowercase for matching purposes
+        permsHeldByUser.add(permName.toLowerCase());
+      }
+    }
+
+    return permsHeldByUser;
+  }
+
   // Regular expression for Order By Clause
   // Case-Insensitive pattern
   // Group 1 - Field Name (required)

diff --git a/dlrs/main/classes/UtilitiesTest.cls b/dlrs/main/classes/UtilitiesTest.cls
@@ -2,20 +2,47 @@
 public class UtilitiesTest {
   @IsTest
   static void testUserHasCustomPermission() {
+    // find the permission set that has access to the Custom Permission we want to use to check (if it even exists in the system)
+    List<SetupEntityAccess> permSetsWithAccess = [
+      SELECT ParentId
+      FROM SetupEntityAccess
+      WHERE
+        SetupEntityId IN (
+          SELECT Id
+          FROM CustomPermission
+          WHERE DeveloperName = 'DisableDLRS'
+        )
+        AND Parent.IsOwnedByProfile = FALSE
+    ];
+    if (!permSetsWithAccess.isEmpty()) {
+      // there is a compatible permission set that we can use for testing
+      // see if the running user already has that permission set
+      List<PermissionSetAssignment> assignments = [
+        SELECT Id
+        FROM PermissionSetAssignment
+        WHERE
+          AssigneeId = :UserInfo.getUserId()
+          AND PermissionSetId = :permSetsWithAccess[0].ParentId
+      ];
+      if (assignments.isEmpty()) {
+        // user doesn't have the necessary perm set to grant it to them, add it
+        System.runAs(new User(Id = UserInfo.getUserId())) {
+          insert new PermissionSetAssignment(
+            AssigneeId = UserInfo.getUserId(),
+            PermissionSetId = permSetsWithAccess[0].ParentId
+          );
+        }
+      }
+      // make sure the utility can see the perm set correctly
+      // (we do it here because any earlier and the utility would have built the cache already)
+      Assert.areEqual(false, Utilities.userHasCustomPermission('DisableDLRS'));
+    }
+
     Assert.areEqual(false, Utilities.userHasCustomPermission(null));
     Assert.areEqual(false, Utilities.userHasCustomPermission('madeup_name'));
     Assert.areEqual(
       false,
       Utilities.userHasCustomPermission('madeup_name,name2 , name3,name4')
     );
-    // TODO: add custom perm and perm set assigned to working user for tests but not add to package
-    // Assert.areEqual(
-    //   true,
-    //   Utilities.userHasCustomPermission('DLRSLimitedDisable')
-    // );
-    // Assert.areEqual(
-    //   true,
-    //   Utilities.userHasCustomPermission('rollup1, DLRSLimitedDisable ,rollup2')
-    // );
   }
 }