Fix Permissions for @AuraEnabled Apex

For the first time we’re presenting a vlog from the Desynit Development Team! This is a short video explaining how, if you are using @AuraEnabled Apex with your Lightning Components, you may have a serious permissions problem brewing due to two recent Critical Updates. I also look at how to use features of VSCode and the command line to investigate and edit sections of your metadata.

Please let us know what you think about this new format! I’ve added some notes below if you want to follow up on the content shown in the video.

Critical Updates

Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile (Critical Update)

Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile (Critical Update)

Bash

This is the Bash command I use to generate a text file of the names of all Apex classes with @AuraEnabled methods:

grep -lir '@AuraEnabled' > matches.txt

The command line arguments stand for:

-r recursive
-i ignore case
-l filename only

If you’re a Windows user and need to set up Bash inside VS Code, there are instructions here.

VS Code

Use the following search and replace settings in VS Code to generate the XML for sharing Apex classes in a Permission Set (make sure the Regular Expression option is engaged):

.*

<classAccesses>
    <apexClass>$0</apexClass>
    <enabled>true</enabled>
</classAccesses>

Lightning Web Components

Here is the code for the LWC that throws an error if the current User does not have access to it’s Apex Controller (and the relevant Critical Update is engaged):

<template>
    <lightning-card title="Hello World 2">
        <template if:true={helloMessage}>
            <div class="slds-m-around_medium">
                {helloMessage}
            </div> 
        </template>
    </lightning-card>
</template>

import { LightningElement, track } from 'lwc';
import getMessage from '@salesforce/apex/HelloWorldController.getMessage';

export default class HelloWorld2 extends LightningElement {

    @track helloMessage;

    connectedCallback() {

        getMessage()
        .then(result => {
            this.helloMessage = result;
        })
        .catch(error => {
            console.log("Error", error);
        });

    };

}

<?xml version="1.0" encoding="UTF-8"?>
<LightningComponentBundle xmlns="http://soap.sforce.com/2006/04/metadata">
    <apiVersion>48.0</apiVersion>
    <isExposed>true</isExposed>
    <masterLabel>Hello World 2</masterLabel>
    <targets>
        <target>lightning__HomePage</target>
    </targets>
</LightningComponentBundle>

public with sharing class HelloWorldController {

    @AuraEnabled
    public static String getMessage() {
        return 'Hello World!';
    }

}

4 thoughts on “Fix Permissions for @AuraEnabled Apex”

ForceMonkey says:

August 10, 2020 at 7:04 pm

Great article!

Shashank says:

September 23, 2020 at 10:17 am

Thank you for this wonderful article!

Claudio says:

October 15, 2020 at 2:40 pm

I really appreciated your job.
Just used your method.
Very usefull, thanks a lot.

claudio

Pingback: LWC suddenly fails: “You don’t have access to APEX class…” – Sonneil Tech Blog