Application Security and Data Sharing Model
Introduction
3B Docs is an application designed to allow System Administrators to create document templates using a custom built WYSIWYG editor and allow Salesforce Users and Guest Users to render the templates, merged with data from Salesforce.
Application and Security Model
There are three types of users that can interact with the application:
Template Builder User
This is usually a system administrator with a Salesforce Licence
Document Generating User (Internal)
This is usually an internal (admin/platform user) or external (community, portal) authenticated user that generates a document from a template
Document Generating User (External)
This is a non-Salesforce user (guest user) that generates a document from a template
Due to the nature of the application, we had to build our own security model, in order to allow these three user types to interact with the application.
Pages
The application is used/managed predominantly by the following three visualforce pages:
Template Editor Page
This page overrides the “Edit” button on the b3d__Template__c object. The page itself is meant to be used only by System Administrators that have FULL access to the application.
We check that the running user has access to all of the objects/fields that are part of the application by calling the SecurityUtils.userAppAccessCheck() method, which describes all objects and fields part of the application.
If the running user does not have read and write permission to all objects and editable fields that form part of the application, then they will see an error message with a reason code and the application will lock out for any further operations. This is usually checked on the initial load of the Visualforce Page.
This page is built in React and compiled via Webpack & Babel.
Document Page
This page is responsible for the actual template merging and can be ran by all three user types, but the main target are the Document Generating users.
Important: depending on how the template has been built, it can be created with the checkbox “b3d__With_Security_Enforced__c” set to true, in which case, we will check both record sharing and object/field read permissions of the running user and we will strip out data that the running user doesn’t have access to. If, however “b3d__With_Security_Enforced__c” is set to true, then we will ignore sharing & permissions and we will run in “admin” mode. Runnin in “admin” mode allows us to expose values to guest users without having to configure permanent profile permissions, risking a wider data leak threat.
This page is built in React and compiled via Webpack & Babel.
Generated Document Page
This page is responsible for displaying the contents of a generated document from a saved file (ContentVersion). Also used with PDF generation.