Salesforce: How to only render apex if current user has permission to update current record. Record level security

I'm trying to fix my code posted for this ques开发者_开发知识库tion VisualForce: convert carriage returns to html line-breaks in a long text field

As you can see in that posting there is a custom controller for a Visualforce page that has tabbed content for Case. The only way to list CaseComments is with custom Apex. The controller performs a simple query to retrieve all the CaseComments for the current case.

I want to only show an "Edit" link if the current user has permission to edit the instance of a particular case comment.

I found a good blog about rendering components dynamically based on object level security here: http://forcearchitects.deliveredinnovation.com/2011/02/05/render-visualforce-components-dynamically-based-on-object-level-security/

Based on that posting I tried using

$ObjectType.CaseComment.updateable

As in the following:

<apex:repeat value="{!comments}" var="c">
    <tr>
    <td class="commentsActionColumn">
    <!-- open the case comment for edit -->
    <apex:outputLink title=""
        rendered="{!$ObjectType.CaseComment.updateable}" 
    value="/{!c.id}/e?parent_id={!c.parentId}&retURL=/apex/{!$CurrentPage.Name}%3Fid={!case.id}" style="font-weight:bold">Edit</apex:outputLink> 
    </td>
    <td>
    <!-- display the case comment formatted using the apex outputField -->
    <div class="commentTdClass">
    <apex:outputField value="{!c.commentbody}"></apex:outputField>
    </div>
    </td>
    </tr>
</apex:repeat>

Unfortunately, the test for updateable is on the Object level so it returns true on all CaseComments if the current user has permission to edit any CaseComment.

I need record level validation to only show the Edit action if the particular row can be modified by the current user.

Any ideas?

Update As I reread my question I see that it wasn't as clear as it should be.

As I iterate over the set of CaseComments, for a given Case, I need to know if the current user can safely edit a particular CaseComment without seeing the "you don't have permission page". This test must be on a CaseComment by CaseComment record level basis because any given Case will have many CaseComments all contributed by different Users

You can do this in a couple of ways (I think).

If you want to go down a purely programmatic route then look here which discusses using the sharing object to allow record sharing with particular users or groups.

Otherwise, if possible you could use Roles and Hierarchy management to organise this in a way so that only people within a particular role of a particular level or above can see a record and access it?

Paul

Update:

Based upon your comment below I think you want to use apex sharing. If you look at this useful developerforce wiki you can see that you should access the sharing object to check whether or not the user has a record in this object to view the particular record instance. Something like:

MyObject__Share share1 = [Select ParentId, UserOrGroupId, AccessLevel from MyObject__Share where ParentId = :myrecordId And UserOrGroupId = :UserId];
if(share1 != null)
{ code to allow the record to be viewed}
else
{code to deny access}

I haven't tested or tried that so you will want to tweak it but that should be the general idea.

Paul

Have a look at the below URL.

https://developer.salesforce.com/forums/?id=906F00000008w0gIAA

Looks like we can use something like below. however ihaven't tested yet.

SELECT RecordId, [HasReadAccess, HasEditAccess, HasAllAccess, MaxAccessLevel] FROM UserRecordAccess
WHERE UserId = [single ID]
AND RecordId = [single ID] 
//or Record IN [list of IDs]