Working with Salesforce Sites

if you have ever worked with salesforce sites, you know that the site guest user has limited access this is a deliberate measure on salesforce's part to prevent external users from being able to modify or delete data in your salesforce instance moreover, to comply with salesforce's security review process, we need to add an additional layer of security in the example below, we will update a customer record in netsuite using the global api the process is basically the same, no matter what you want to do you need to create a readonly permission set for the objects you want to read from, plus sharing rules for the same objects here is a very basic example of an invocable apex class calling our global api it will create the record in netsuite first and immediately sync it back to salesforce we need to set the "fromsalesforcesites" to "true" so breadwinner can treat this action as a site guest user and process it correctly &#x9;@invocablemethod(label='create netsuite customer' description='create netsuite customer') &#x9;public static list\<response> createnetsuitecustomer(){ &#x9; // create a map to store all the data of a customer &#x9; map\<string, object> nscustomer = new map\<string, object>(); &#x9; nscustomer put('companyname', 'grand hotels & resorts ltd'); &#x9; nscustomer put('subsidiary', new map\<string, object>{'internalid'=>'1'}); &#x9; // serialize the data to be passed &#x9; map\<string, object> requestjsonmap = new map\<string, object>(); &#x9; requestjsonmap put('customers', new list\<object>{nscustomer}); &#x9; string reqjson = json serialize(requestjsonmap); &#x9; map\<string, object> reqobj = new map\<string, object>(); &#x9; reqobj put('version', '1 0'); &#x9; reqobj put('action', 'createcustomer'); &#x9; reqobj put('fromsalesforcesites', 'true'); &#x9; reqobj put('requestjson', reqjson); &#x9; // make the global api request &#x9; map\<string, object> respmap = breadwinner ns breadwinnernetsuiteapi call(reqobj); &#x9; system debug('response ' + respmap); &#x9; return null; &#x9;} by default, the site guest user will not have access to breadwinner's custom objects, so you must create a custom readonly permission set the 'breadwinner read only' permission set cannot be assigned to the site guest user because it has the 'view all' object permission enabled, which is not allowed for the site guest user, so you must create your own read access to the "netsuite object" and "subsidiary" is required for all actions, and in this case, because we are updating the customer, we need to give read access to the netsuite company object, too enable 'read' at the object permissions level and check read access for all the fields at the fields permissions level for all objects that need access assign that permission set to the site guest user we also need to create sharing rules for each object more can be found here about sharing rules the image below is an example of sharing rules for the netsuite object go to setup and type "sharing" in the quick find box click on 'sharing settings' choose the object from the "manage sharing settings for" dropdown click "new" in the "sharing rules" section step 1 rule name choose a label & rule name step 2 select your rule type click the "guest user access, based on criteria" option step 3 criteria for the criteria, we need to open this up to all records, so set this to something that will always be true in the example below, we chose field created by id, operator not equal to, value \<empty> step 4 share with \<your site guest user> step 5 default access readonly update netsuite records via site guest user the 'skipdml' option here is important if you are doing an update because the site guest user only has the ability to read or create, not update because the skipdml is set to true, the update back into salesforce will not occur immediately instead, it will happen during the regular sync &#x9;@invocablemethod(label='edit netsuite customer' description='edit netsuite customer') &#x9;public static list\<response> editnetsuitecustomer(){ &#x9; // create a map to store all the data of a customer &#x9; map\<string, object> nscustomer = new map\<string, object>(); &#x9; nscustomer put('internalid',6); // internal netsuite id of the customer &#x9; nscustomer put('companyname', 'grand hotels & resorts ltd'); // update the company name &#x9; // serialize the data to be passed &#x9; map\<string, object> requestjsonmap = new map\<string, object>(); &#x9; requestjsonmap put('customers', new list\<object>{nscustomer}); &#x9; string reqjson = json serialize(requestjsonmap); &#x9; map\<string, object> reqobj = new map\<string, object>(); &#x9; reqobj put('version', '1 0'); &#x9; reqobj put('action', 'updatecustomer'); &#x9; reqobj put('skipdml', 'true'); &#x9; reqobj put('requestjson', reqjson); &#x9; // make the global api request &#x9; map\<string, object> respmap = breadwinner ns breadwinnernetsuiteapi call(reqobj); &#x9; system debug('response ' + respmap); &#x9; return null; &#x9;}