Salesforce: check if user has access to post to chatter group

Recently we developed some business logic for client to make chatter post. The logic was working perfect under admin user but when client was giving demo to his managers and tried to execute the logic under random user it failed with error

Insufficient Privileges: You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary.

I started to investigate this and after inverstigation I shared my findings on sse:

http://salesforce.stackexchange.com/questions/142695/how-to-check-if-user-has-access-to-make-post-into-chatter-group/142696#142696

So the user has ability to post to collaboration group in several cases.

Whenever group is public then any user can post to such a group. In my case one of the groups was private to which chatter post was made by Apex code.

If user is admin or at least has View All Data or Modify All Data permission that user is god-like and can do everything.

In the culprit case, when the user is neither admin nor having view all data permission and chatter group is private then we need to check if user is member of the private group. If user is not a member of a private group then user doesn’t have access and chatter post try will result in exception.

My code to check this is following:

public static Boolean checkIfUserHasAccessToGroup( Id userId, Id groupId ) {
    CollaborationGroup group = [ Select Id, CollaborationType
        from CollaborationGroup WHERE Id = :groupId  ];

    if ( group.CollaborationType == 'Public' )  {
        // everyone has access
        return true;
    } else {
        List<PermissionSetAssignment> psaList = [ SELECT Id, PermissionSetId
        FROM PermissionSetAssignment
        WHERE AssigneeId = :userId
        AND ( PermissionSet.PermissionsModifyAllData=true 
         OR PermissionSet.PermissionsViewAllData=true ) ];
        if ( psaList.size() > 0 ) {
        // user has modify all data or view all data permission
            return true;
        } else {
            List<CollaborationGroupMember> cgmList = [
             select Id, MemberId, Member.Name, CollaborationGroupId, 
CollaborationGroup.Name 
             from CollaborationGroupMember
           where CollaborationGroupId = :groupId  AND MemberId = :userId ];
            if ( cgmList.size() > 0 ) {
            // user is member of group
                return true;
            }
            return false;

        }
    }
}

 

Advertisements
This entry was posted in apex, Chatter and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s