saving force.com site reference fields

edited July 1, 2019 in Questions
I'm having trouble getting reference fields to save on a force.com site page - is a site 'Guest User' able to save data contained in reference fields if the object being looked up is not explicitly available to the Guest User profile?

ie....

- I have a custom object 'Feedback' which we have created a force.com site for.
- The feedback object has a lookup field to the Account object
- The Account Id and Account Name are passed in the url when the site page is loaded (e.g. "examplesiteurl.secure.force.com/feedback?acct=0012400000L****AA3&acctname=TestAccount"

The conditions I have on the feedback model are as pictured:

image

I've tried quite a few different combinations of conditions here, but can't seem to get it to work for the site's Guest User profile.

Do I need to expose the Account object to the site's Guest User profile? (Which I would prefer not to do) or is there some particular condition I have missed?

Thanks, Greg





Comments

  • edited July 1, 2019
    if that profile does not have access to the account object the lookups will be always empty (because that profile cannot read accounts).

    Before continue reading, please note that I'm just discovering the sharing rules and all the things with not internal users, so the information can not be accurate or wrong.

    I think you have 3 options here: 
    • Give read on accounts (and don't share any account with that user / group so he can use the object, but no data is shared with him (I think a user has automatically shared the account of his/her contact). I don't know how this will work if you try to put an account that is not shared with the user in the lookup, probably will fail (the record does not exist for that user)
    • Use apex. I think apex does not look at the permissions in profiles,(I'm not really sure of this). you can store the data on text fields and with a trigger update the account, or schedule a batch to set the account in all the feedbacks without account
    hope it helps (and hopping the info is accurate)

  • edited December 4, 2017
    Thanks Pablo. 

    I've considered the apex option - we would need to add text fields to the Feedback object where we capture the id url parameters, and then when the record is saved we use Apex to populate the lookup fields using those ids - but I'd prefer to stay away from that as it's harder to maintain as a long-term solution for the client in this case.

    And I'd prefer not to give public site users read access to all Accounts on the site - whilst its 'low risk' it does technically expose ALL the Account data publicly, which isn't ideal.
  • edited December 4, 2017
    Just a quick update on this - I ended up having to go down the apex trigger path to update these reference fields behind the scenes. There didn't seem to be a way to do it using the UI as I didn't want to grant read access accounts on that force.com site. The trigger is working nicely for the site Guest User profile.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!