I am building a customer portal and providing a custom UI using Visualforce + Force.com site but I would like to eliminate access to the standard UI list views and page layouts if the end user makes use of record's ID or its object prefix and simply enters it into the location bar.
How can I do this?
Attribution to: Steven Herod
Possible Suggestion/Solution #1
This is what I did in the end:
- Removed all tab's from the Customer Portal config
- Create a custom home page layout with nothing on it
- Remove access to all unneeded objects for the Portal Profile
- Remove all sensitive fields using Field Level Security for the Portal Profile
- Make all non-editable fields read only using Field Level Security for the Portal Profile
- Create page layouts with as little information as possible on them for the Portal Profile
Attribution to: Steven Herod
Possible Suggestion/Solution #2
In order to control what records users can access (one way or another) you need to implement sharing rules for those objects. This gives you the general steps involved, https://eu2.salesforce.com/help/doc/en/customer_portal_setting_up_for_users.htm. There is a few options on how to implement it, including a more declarative approach vs Apex Triggers. Both are quite well documented.
Attribution to: Andrew Fawcett
Possible Suggestion/Solution #3
If you don't want to restrict access using object permissions or org-defaults, and prefer a pure UI method, you can do this by overriding the standard actions with a dispatcher that prevents access from the customer portal / site context, but for all other scenarios sticks with the standard UI. Passing nooverride=1
as a query-string param, or setting the optional 4th parameter in the URLFOR()
function equal to true
, will always dump you back into the standard UI, regardless of any overrides you have configured.
So here's the example:
// CONTROLLER EXTENSION,
// can be used to override any standard action
public with sharing class Redirect {
// Is a user on a Force.com site?
public boolean getIsOnForceSite() {
String url = System.URL.getSalesforceBaseUrl().toExternalForm();
// We are running on a Force.com Site IFF
// 1. our URL does not contain .visual.
// 2. our URL does not contain .salesforce.
return (
!url.contains('.visual.')
&& !url.contains('.salesforce.com')
&& !url.contains('.cloudforce.com')
);
}
public ApexPages.StandardSetController setCtl {public get; private set;}
public ApexPages.StandardController stdCtl {public get; private set;}
public Redirect() {}
public Redirect(ApexPages.StandardController ctl) {this.stdCtl = ctl;}
public Redirect(ApexPages.StandardSetController ctl) {this.setCtl = ctl;}
}
// Example: LIST PAGE override
<apex:page standardController="Account" recordsetvar="a" extensions="Redirect"
showHeader="false" sidebar="false" standardStylesheets="false"
action="{!IF(isOnForceSite, '/SiteHomePage',
URLFOR($Action.Account.List, $ObjectType.Account, [fcf=LEFT(setCtl.filterId,15)],true))}">
</apex:page>
// Example: TAB PAGE override
<apex:page standardController="Account" recordsetvar="a" extensions="Redirect"
showHeader="false" sidebar="false" standardStylesheets="false"
action="{!IF(isOnForceSite, '/SiteHomePage',
URLFOR($Action.Account.Tab, $ObjectType.Account))}">
</apex:page>
// Example: VIEW PAGE override
<apex:page standardController="Account" recordsetvar="a" extensions="Redirect"
showHeader="false" sidebar="false" standardStylesheets="false"
action="{!IF(isOnForceSite, '/SiteHomePage',
URLFOR($Action.Account.View, Account.Id))}">
</apex:page>
// Example: CLONE PAGE override
<apex:page standardController="Account" recordsetvar="a" extensions="Redirect"
showHeader="false" sidebar="false" standardStylesheets="false"
action="{!IF(isOnForceSite, '/SiteHomePage',
URLFOR($Action.Account.Clone, Account.Id))}">
</apex:page>
Attribution to: zachelrath
This content is remixed from stackoverflow or stackexchange. Please visit https://salesforce.stackexchange.com/questions/3616