Chatter Free user cannot avoid ContentDistribution access in Apex Trigger
Last updated 2017-10-14 ·Reference W-3917353 ·Reported By 0 users
Summary
When customer use Apex Trigger that is touching ContentDistribution, Chatter Free user cannot avoid this Trigger even if code logic doesn’t touch ContentDistribution in case of Chatter Free user.
The below error message is displayed when the Apex Trigger is fired.
-------
There were custom validation error(s) encountered while saving the affected record(s).
The first validation error encountered was "Apex trigger ContentVersionTrigger caused an unexpected exception, contact your administrator:
ContentVersionTrigger: execution of AfterInsert caused by: line 1, column 1: Entity is not api accessible entity name: ContentDistribution".
-------
- Trigger loaded under a Chatter Free user context will cause a ParseException due to underlying NoAccessException for inaccessible entities.
- This causes Chatter Free users to experience intermittent problems with functionality.
Repro
1. Verify Content Delivery is enabled: Setup > Customize > Salesforce Files > Settings > Content Deliveries
2. Create new Apex trigger on ContentVersion using field inaccessible to Chatter Free user:
trigger ContentVersionTrigger on ContentVersion (after insert, after update) {
ContentDistribution distribution = new ContentDistribution();
}
3. Create a new Chatter Free user. Use the Chatter Free license and the standard Chatter Free profile.
4. Log-in as the new Chatter Free user.
5. Goto “Files” section from link in left-sidebar.
6. Upload any file.
7. Hit “Entity is not api accessible” error.
Note 1: If the trigger is loaded and compiled by a standard (like Salesforce, Platform) users, then the trigger body is stored in cache and chatter free user does not experience problem.
Note 2: if you continue the repro and load the trigger via standard user, then the trigger as written above in step 2 will fire as expected but instead give a “level of access” error for Chatter Free user.
This is expected since they don’t have level of access to the ContentDistribution object.
This is a built in design flaw to demonstrate possible errors only.
Possible workaround is to read UserInfo at this point but original “not api accessible” error prevents it from reaching here.
(optional follow-on)
8. Login as standard or system admin user.
9. Goto Files tab.
10. Upload any file.
11. (Repeat steps 4 to 6)
12. Hit “Error: You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary.” error. This is expected.
Workaround
- No workaround for apex trigger implementation identified.
- Possible fix:
Disable access checking for ContentDistribution by Chatter Free user.
This means Chatter Free user will be able to use Apex Trigger for ContentDistribution without error.
However, this user cannot touch ContentDistribution object as design.
Thus, actual create/update/delete operation will not be fired even if the bug will be fixed.
Reported By (0)
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.