Site guest user cannot run Get Record element - salesforce

In my site the guest users have access to the flow and they able to run the flow and even create records. When the flow try to find the created record the next error accrue:
Because Get_Record is passed to an action, subflow, or Lightning component, store the values of all Request_for_ChemTox__c fields that the running user has access to.
I gave access to every field for that user and still keep getting this error.
Any ideas?

It's probably not field level security (~table columns) but whole record's security (~table rows).
Check your site/community/experience settings as described in this article: https://help.salesforce.com/s/articleView?id=000352970&type=1. If there's something set - the ownership of created record is immediately transferred over to that internal user and guest loses visibility. It sucks but it's there to protect you, makes sure that if you have for example Leads or Cases submitted by guest users - they immediately "disappear", guest/hacker can't report on them, experiment with IDs in the url to learn other people's data...
You can Check Setup -> Sharing Settings for this object and create new sharing rule. (I can't upload image right now but start making new sharing rule with step 2 "rule type = Guest user access, based on criteria")
https://help.salesforce.com/s/articleView?id=sf.networks_guest_record_default_owner_best_practices.htm&type=5 has some good tips too:
If you’d like to create a different experience for guest users, use
flows in System Mode to redirect guest users to a different custom
screen after they create a record

Related

MongoDB: How to handle two users uploading the same username or password at the same time

This situation might not happen much, but I would rather be safe than sorry. I'm currently trying to make a sign in/sign up system with flutter MongoDB using API call to my database. On the signup screen, I am making checks to see if the data placed into the password and username text fields already exists within the database. In other words, if an account with those credentials already exists then I ask the user to try again, but if there isn't one then I allow for the user to go to the EULA and submit page.
The problem here is that I feel like that two or more users can do the same check at the same time, and will get the same result because, while their information might match, there isn't an instance of an account with those credentials uploaded to the database for the system to tell them to stop before they go to the submit page. And if they submit the data they wrote on their phones to the database at the same time, a situation is made where we have multiple instances of the same kind of account existing in the database.
I know that keys exist and can help in making each account unique from each other, but, in this situation, I am not sure on how to handle or prevent the concurrent uploading of similar or identical data from local devices to the same server. Are calls to my server and MongoDB asynchornous? Is this something that I need to worry about at all?
TL;DR: If you use a unique index on the username field, then it will raise an error on attempting to create a duplicate, and you can forward this to the user's sign up page and let them change their name.
The long answer:
This is more of a UX problem than a DB problem.
If I understand correctly, the user enters a username & password, then reads the EULA before the account is created.
I would disagree with this - you should make the account once they submit their name, and update it with a Boolean for eulaAccepted so that if this process fails (eg. bad connection) they can come back and accept it later.
You should do two sets of unique username validation:
When they type in the name, you can check for them and let them know the name is available. This still means someone else could take it before they hit save.
Once they hit save. Put a unique index on the username field. Then if a user tries saving a duplicate (even if submitted simultaneously, they will be processed sequentially) then it will raise an error. You can forward this onto the user, prompting them to try a different name.
Answering your other questions:
Are calls to my server and MongoDB asynchronous?
Yes, as they go over the network they are naturally asynchronous. But the saves inside the Database itself are sequential and atomic. MongoDB is ACID compliant. have a read through what it means, and what changed in version 4
Is this something that I need to worry about at all?
Yes, it's good to keep an eye on this sort problems. If you don't consider it now, you will have a nasty bug on your hand later.

Wordpress site protection with unique password for every user

How can we develop a voting website based on Wordpress where the landing page is login and password protected and logins and passwords are based on a preloaded database of users. The idea is to create a page for employees where they can enter after they provide the individual credentials. It cannot be based on a system where they register - their data should already be in a database.
I am assuming that you do not want different user roles for different users. If that is the case then you will need to create a function in your theme's functions.php file that will check if user is logged in using is_user_logged_in() and if not, redirect them to login page. In order to work around the problem of every user registering on site by themselves, you can create another piece of code that will iterate user details from a csv file, register them and set each user's password.
The reason for this suggestion/approach:
All the users are registered in your WP Users list so your passwords are not easily stolen.
You can assign custom user roles and capabilities later down the line if you wish.
You can do single or bulk addition of user down the line without redoing the same amount of efforts every time you need to add users.
You do not risk breaking the database structure in WP which is decently optimized.
Now do understand that you will need to leverage object caching and work using pre_get_posts to manage the large size of site.
Good Luck!!

How can I have 2 users logged in at the same time in a Laravel App

Please help me architect the following case in Laravel:
Every instance of the Laravel app (ex. a company) will have a single username (super-user) who can control the sub-users. The super-user will log into the app once to allow the sub-users to log in and out many times throughout the day. The sub-users won't be able to access the app at all without the super-user logging in.
Example: A POS system that the manager logs into once a day. It doesn't log itself out all throughout the day. The cashiers simply tap in their password to gain access and it auto-logs out after 5 mins. There's a single system in the store so the cashiers have to keep switching on and off. The cashier wont be able to use the POS at all if the manager does not log in.
Im new to Laravel. I know I need multiple guards but how do I access auth so that it doesn't keep directing me to the super-user? Im thinking of using the default laravel authentication for the superuser. But what about the other users?
Any help or pointers in the right direction is highly appreciated!
Thanks!
Laravel cannot persist multiple authenticated users at once but you don't necessarily need that for this system, in fact you may be able to design a more robust system without it.
Defining the problem (rather than a solution) we'd say something like, "The system must allow for a manager to enable and disable the POS for cashiers so that they are only able to access it when authorised".
A system that achieves that goal can be built with a single Laravel authentication system, using different roles (manager, cashier) and the associated permissions. This is (fortunately) very straightforward with Laravel.
The user flow would be along the lines of:
A cashier visits the POS terminal
The cashier clicks "log in"
The cashier enters their identifying details
The system finds the user, identifies that they're a cashier, then checks if cashiers are allowed to log in
If yes, the cashier is logged in and able to access the POS functionality
If no, the cashier log in is rejected with an error
The manager flow would be along the lines of:
A manager visits the POS terminal
The manager clicks "log in"
The manager enters their identifying details
The system accepts their log in and sends them to the management dashboard
The management dashboard would be where the manager could control other users (create and manage cashiers (edit, delete, audit)) and set the system status as activated for cashiers, this would be protected with policies.
At the start of business the manager would log in to the POS and activate it for cashiers by setting the "active" flag to true, then the manager would log out. Through the day any cashier could log in and use it. At the end of the day the manager would log in and deactivate the POS for cashiers.
An added benefit of this system is that you could allow managers to also be cashiers so if they needed to use the POS during the day they would not need a separate account. A users manager status could be a simple is_manager database column. You could additionally implement programmatic scheduled POS availability, i.e: "allow log in from cashiers between 9am and 5pm".
Laravel is a great choice for this project as it provides everything you need out of the box, let me know if you have any other questions about your implementation :-)

How to restrict a user to access for specific object records without role in Salesforce

I have created an integration profile CORE_AKTANA_DI through which data for objects will be loaded into my Salesforce instance through a third-party user. I have provided "View All" permission for all objects to that profile. However, since this is a global Salesforce org, hence, there is data for other countries as well in this instance.
I want the user with the profile to see only data of France i.e with country "FR". In this case, my only choice is to:
Remove the "View All" permission of the profile from all objects.
Give the user a role such as "FR-Corp".
Create sharing rules for all objects with "Private" OWD and share with this role.
The problem is that since this is an integration profile, I cannot assign a role to the user with this profile. Also, it is not plausible to create sharing rules since there are a lot of objects with private OWD.
Same problem occurs by assigning the user to a public group, i.e a lot of sharing rules need to be created.
In this case, please suggest me the easiest possible options.
Actually, how to solve your issue is dependent on business process you are trying to implement. There are few ways:
sharing by hierarchy: setting proper roles and checking 'grant access using hierarchy'
sharing rules: setting proper sharing rules, owner/criteria based
manual sharing: using button
sharing using apex: using share object of any corresponding object
I think, this document will be useful for you.
I don't think what you say is correct:
"The problem is that since this is an integration profile, I cannot assign
a role to the user with this profile."
In my org we have a few integration connections. Each connection is anchored by a SF user license which has both Role and Profile. You should likely give the integration it's own user license and name the user something like "Integration (Fr)" Set the Roll up with appropriate hierarchy position, permissions and sharing rules and once you've done all the token resets needed set as API login only & password never expires. That should do it unless I'm missing something.

URL to open Access Web DB form at specific record

I would like to create an email workflow using an Access Web DB form to manage holiday requests. The user will create a request from the form, save it - which triggers the SendMail data macro, ideally with a link in it for the approver to click and go to the approval form filtered to the correct request ID.
Does anybody know:
a) If it is possible to load the form in the browser filtered at the specific record ID. I have tried appending ?ID=1 to the form URL and so on, without any joy so far.
https://mysharepointserver.com/sites/mywebapp/default.aspx?ID=1
b) If possible, what steps do I need to go through to get it working?
This is an Access 2010 web database hosted on a heavily bespoke Sharepoint platform. Any help appreciated.
I have worked it out, using:
?Page={ID}
However, the one caveat with this is that if you delete a record then the page number refers to the records position in the table, not specifically the ID. If you can ensure that records are never deleted from the table it will remain aligned with Page number and ID number.
Its a bit of a pain, but if anyone finds a way of referencing ID directly that would be the ideal solution.
You can also use something along the lines of:
http://...sp_site_path.../default.aspx#Type=Form&Path=NavForm.Subform&Name=ActualForm&DataMode=Edit&Where=%3DID%3D1000
I believe the key part here is...
&Where=%3DID%3D1000
...which in this case refers to the database field [ID] and record 1000, ie:
[ID]=1000
The rest of the URL is refers to a specfic form within your site, however is you only have one, it is potentially not important for your purpose, and you would be able to get by with something like:
http://...sp_site_path.../default.aspx#Where=%3DID%3D1000
Since all my sites use navigation pages, I haven't tested this out

Resources