feat: allow assigning role during user creation via developername#1415
feat: allow assigning role during user creation via developername#1415baslu93 wants to merge 2 commits intosalesforcecli:mainfrom
Conversation
|
Thanks for the contribution! Unfortunately we can't verify the commit author(s): Luca Bassani <l***@l***.i***.s***.com>. One possible solution is to add that email to your GitHub account. Alternatively you can change your commits to another email and force push the change. After getting your commits associated with your GitHub account, sign the Salesforce Inc. Contributor License Agreement and this Pull Request will be revalidated. |
|
Updated the commit author from Salesforce email to my personal email |
baslu93
changed the title
| logger.debug(`Querying org for user role name [${devName}]`); | ||
| const userRole = await this.flags['target-org'] | ||
| .getConnection(this.flags['api-version']) | ||
| .singleRecordQuery<{ Id: string }>(`SELECT id FROM userrole WHERE developername='${devName}'`); |
There was a problem hiding this comment.
can we prevent SQL injection here, with something like
DeveloperName in Salesforce is always alphanumeric + underscores, starting with a letter — that's enforced by the platform. Validate before querying and throw early with a clear message:
if (!/^[a-zA-Z]\w*$/.test(devName)) {
throw new SfError(`Invalid roleDeveloperName: "${devName}". Must start with a letter and contain only letters,
numbers, or underscores.`, 'InvalidRoleDeveloperName');
} 2 participants
What does this PR do?
This PR enables the assignment of a UserRole when creating users via CLI command, whether through variables or within the definition file. This allows for the configuration of multiple users with different roles, which is particularly useful for testing access rights in automated scenarios or for providing pre-configured users to business stakeholders within a scratch org environment.
Technical Implementation
Since Role IDs are dynamic, I implemented logic that resolves a provided
roleDeveloperNameinto its corresponding Org-specific ID. This lookup logic is conditional; it only triggers if a developer name is explicitly provided, otherwise preserving the existing as-is behavior. I opted to use theDeveloperNameinstead of the standard Name to ensure uniqueness and to avoid issues with special characters or localization.During testing, I identified an issue where DevHubs with different default languages failed to the locate the Standard User profile. To resolve this, I updated the
project-scratch-def.jsonfile to includelanguage=en_US, ensuring consistent behavior across different DevHub configurations.Testing and Project Configuration
To validate these changes, I added a unit test that verifies the correct transformation of the role parameter. Furthermore, within the df17AppBuilding project, I defined a custom role to avoid issues related to the default roles and updated the
complexUser.jsondefinition to assign the "Guide" role, aligned with the project's volunteering theme.