Learn Salesforce1 Mobile Basics Using Trailhead

If you are new to Salesforce1 platform or want to know how you can learn Salesforce1 Mobile Basics this post is for you.

Salesforce.com has come up with a great learning module called Trailhead, announced in Dreamforce’14 which enables the developers of every level to brush up their skills.

My favorite module on Trailhead is Salesforce1 Mobile Basics.

This trailhead module have 5 steps which gives you basic know how of Salesforce1 Mobile App.

1.Getting Started with the Salesforce1 Mobile App.

This step covers the basic introduction of Salesforce1 Mobile and how to access it. Its all about getting familiar with the navigation of app.

Best thing is the video introduction given in this step.

2.Customizing Navigation

This step walks you through the navigation menu overview and then makes you understand how you can customize the navigation menu.

s1_navigation_ss

3.Customizing Compact Layout

This step is important one, this lets you understand compact layouts and how you can customize them or override the standard ones.

Basically compact layouts are the area which shows the key information related to a record.

compact_layout_before_after_2fer

4.Creating Global Publisher Actions

Global publisher actions lets you to create records quickly.

For example you want the users of your app to quickly create a Case without going into the navigation menu Global Publisher Actions will let users to do that directly from the action bar.

s1_actionbar

5.Creating Object-Specific Publisher Actions

The step lets you understand how you can create object specific quick actions (Publisher Actions).

For example, you want to create an Invoice Line Item when you are viewing an Invoice Record in this scenario you can use Object-Specific Publisher Actions.

Key Take Aways:

1.Customization of Salesforce1 Mobile Navigation

2.Customization of Compact Layouts

3.Publisher Actions

So try this out here – https://developer.salesforce.com/trailhead/module/salesforce1_mobile_app  

Force.com Winter 15 Visualforce Enhancements

So Force.com’s winter release has arrived with lots of new features. There are various new enhancements to Visualforce in this release that are very important for developers, so here are these

2014-09-09 17_23_00-Salesforce.com Winter ’15 Release Notes - salesforce_winter15_release_notes.pdf

1. Remote Objects for Visualforce are now generally available with this release, if you are not familiar about these you can follow up my previous post https://forceexperiment.wordpress.com/2014/03/12/visualforcce-remote-objects/

2. Standard Style Sheets are combined in Visualforce now, this will reduce the number of network connections made during the load of a single page and will greatly improve the performance of a page.The content of this combination is unchanged so you don’t need to worry about references to make and you don’t need to do anything to make use of this enhancement.

3. Preserve sObject Field Encryption in Visualforce Expression, In Visualforce pages set to API  32.0 or above expressions that points to encrypted sObject Fields will return encrypted values instead of plain values. Visualforce pages set to API version 31.0 or earlier continue to display decrypted values for encrypted sObject fields, except when displayed by using <apex:inputField> and <apex:outputField>

 

 

Just in 5 points. Why you should attend Dreamforce?

So here I am. Two year ago I started learning Salesforce in my college days and I was introduced to a grand event called Dreamforce at that time i used to watch live stream of keynotes. Since then It was one of my dreams to attend Dreamforce.

After a deep patience of 2 years , this year I am going to Dreamforce ! Yes  just after completing a one in Industry[Thanks to my employer for considering me :) ] .

Here through this blog post I am going to share my views just in 5 points . Why you should attend Dreamforce?

So let me start :

1, You will get to learn new things, choose your path if you are a developer then go for developer sessions and if you are more on admin side do attend the administrative sessions.

This time i have decided to give large part of my time to developer sessions, if you are looking to learn more and enhance your skills just look at these sessions

http://www.salesforce.com/dreamforce/DF14/sessions.jsp#?search=blank&role=Developer&product=blank&industry=blank   

2. The Keynotes , attend these to get idea about the vision and new products of Salesforce.

3. Meet your clients and far  friends that are generally at other side of your machine and have fun .:)

4.Its a great time to get trained and certified. Salesforce provides huge discounts on training and certification.

5.Attend cloud expo,get your hands on all the Salesforce products and solutions. You can interact with Salesforce products firsthand and hear success stories shared by salesforce.com customers. Stop by and check out the latest features, connected devices, and interactive demos.

 See you soon at Dreamforce !

Securing your force.com app

Securing your force.com app

Building an app on force.com is great. But when it comes to developing a secure force.com app its a bit different thing.

Following are the guide lines, tips and tricks that you can follow to ease your app to pass Force.com security review .

 

  1. Parameter Tampering Issue.

This happens when you are trying to send some value from visualforce page and the value is being used throughout the controller. When this being used with any query it may result into database tempering.

 

Example :

String vid = ApexPages.currentPage().getParameters().get(‘id’);

account acc =[select id,name from account where id=:vid limit 1];

Solution:

account acc =[select id,name from account where id=:ApexPages.currentPage().getParameters().get(‘id’) limit 1];

 

 

  1. Second Order SOQL and SOSL Injection.

SOQL injection involves taking user-supplied input and using thosevalues in a dynamic SOQL query. If the input is not validated, it may include SOQL commands that effectively modify the SOQL statement and trickthe application into performing unintended commands.

 

Solution 1.: Avoid using dynamic SOQL/SOSL queries

 

Solution 2:

 

Example :

 

Folio__cfo=[select id,name from Folio__c where

Transaction__r.Id=:sr.Transaction__r.Id AND id!=null LIMIT 1];

 

Can be changed into

 

Folio__cfo=[select id,name from Folio__c where Transaction__r.Id=:String.escapeSingleQuotes(sr.Transaction__r.Id) AND id!=null LIMIT 1];

 

 

 

 

  1. Queries with No Where or No Limit Clause

 

Apex has governor limits in place that limits the number of records that can be retrieved through a SOQL query. This issue says SOQLqueries in the apex code that does not have a WHERE clause nor uses the LIMIT clause to restrict the number of records retrieved.

 

Solution: Apply Limit , if not possible to use limits use Where clause.

The Where clause can be a null check on id field

 

accq=[select id,name from account where id!=null];

 

  1. Sharing with controller

 

By default Apex have capability to read and update all data and doesn’t cares about FLS,OWD or profile permissions. We must take care of all these from a developer’s perspective.If no sharing setting is defined on the controller this may give a security issue.

 

Solution:

 

Use “public with sharing class className”

 

  1. FLS Create/FLS Partial Create /FLS Update/ FLS Partial Update:

 

While creating/inserting/updating a record the Apex code must check if the user have sufficient privileges to insert/update the record.

 

 

Example:

 

OrderPayment__c op = new OrderPayment__c();

Payment_Amount__c=grandtotal;

Collection_Date__c=Date.valueOf(System.now());

Collection__c=true;

insert op;

 

Solution :

 

OrderPayment__c op = new OrderPayment__c();

Payment_Amount__c=grandtotal;

Collection_Date__c=Date.valueOf(System.now());

Collection__c=true;

 

if(Schema.sObjectType.OrderPayment__c.fields.Payment_Amount__c.isCreateable() && Schema.sObjectType.OrderPayment__c.fields.Collection_Date__c.isCreateable() && Schema.sObjectType.OrderPayment__c.fields.Collection__c.isCreateable() ){

insert op;

}

 

In Case of update

 

if(Schema.sObjectType.OrderPayment__c.fields.Payment_Amount__c.isUpdateable() && Schema.sObjectType.OrderPayment__c.fields.Collection_Date__c.isUpdateable() && Schema.sObjectType.OrderPayment__c.fields.Collection__c.isUpdateable() ){

Update op;

}

 

 

 

  1. Test_Methods_With_No_Assert :

Proper assert statements are advised, at least 10 to 20 in a single test class.

 

 

 

  1. For Store XSS (Cross Site Scripting )Issue

About: Cross-site scripting is a vulnerability that occurs when an attacker can insert unauthorized JavaScript, VBScript, HTML, or other active content into a web page viewed by other users.

This issue raised when controllervariable are being used in JavaScript / JQuery .

Example:

Public class mycontroller{

String myval{get;set;}

Public mycontroller(){

Myval=’Hello Page Loaded’;

}

}

//On page

<Script>

Varscriptvar = ‘{!myval}’;

Alert(scriptvar);

</script>

 

POSSIBLE SOLUTION:

Varscriptvar = ‘{!JSENCODE(myvar)}’;

Happy Secure Coding :)

10 Days of 10 Dollar Ebooks

10yr-webbanner2As you all know I have authored two ( one to get released in September 2014)  books on Salesforce.com, by Packt Publishing . You can get my book ( or any other of your choice) in only $10 . Yes! its true.

 

To know more about this offer go on this link http://bit.ly/1sWO4Qv

 

 

Why Salesforce1 week matters for Students in India?

s1devweekbanner

Salesforce1 week is series of events that is going to take place around the world from 27 April to 3 May.In this week Students and Developers in India will get a chance to be Introduced to the new platform “Salesforce1″ by Salesforce.com which was announced last year in Dreamforce’13 .In India, students hardly get chance to learn mobile platform development as it needs high investment of time and money along with  regular studies.

If you are a student or a fresh developer who is hungry to  learn mobile development, Salesforce1 week is for you. Salesforce1 enables you to build mobile apps faster by using  JavaScript, HTML5 and CSS knowledge without worrying about the front end at all ! . Yes! mobile development without knowledge of Objective-C or Android SDK. Just log-in and start developing in the all new cloud platform.

If you have some experience on Apex or Visualforce or tried it as a experiment in your college to build an app that will add into this as Salesforce1 platform is backed with Force.com Platform.

If you want to take a hand-on look over Salesforce1, it  is near you! just register  for the nearest local developer user group here :

https://developer.salesforce.com/developer-week

s1joinus

If you are Student in India and willing to participate just join us  in Bikaner(Rajasthan).

Salesforce1 Developer Week Comes for Students in India

Saturday, May 3, 2014, 2:00 PM

Acme Embedded Technologies
3/503 Mukta Prasad Nagar

10 Students Attending

Join us for Salesforce1 Developer Week! This is a global event where Salesforce Developer Groups across the world will be meeting to talk Salesforce1. We are proud to be part of the 1.5 Million developers in the Salesforce Developer Community and are celebrating by taking part in Salesforce1 Developer Week on 3 May 2014. Join us for a hands-on look…

Check out this Meetup →

Don’t forget to grab a T-Shirt(while supplies last).We will have new books and swag for you and plenty of resources for you to work on your very first Salesforce1 app.

See you soon !

 

 

 

Visualforce Remote Objects

Salesforce launched Visualforce Remote Objects with Spring’14 release.

Note: This feature is currently available as developer preview.

Visualforce remote objects are proxy objects that you can use to perform DML operations on Saleforce objects and these do not counts towards API limits.

Benefits of using Remote Objects:

1. No need to use controllers or extensions.

2. Reduces the need for @RemoteAction methods in an Apex controller or extension.

3. No test classes.

Let’s go thru an example

In this example I have tried to search accounts based on their type.

1.First of all we need to define about the object we are going to use.

<apex:page>

    <apex:remoteObjects >

          <apex:remoteObjectModel name=”Account” fields=”Name” jsShorthand=”ac”>

                <apex:remoteObjectField name=”Type” jsShorthand=”ty”></apex:remoteObjectField>

        </apex:remoteObjectModel>

    </apex:remoteObjects>

Here, <apex:remoteObjects >  tag  is used to define the block were we will include everything related to Remote Objects.

This   <apex:remoteObjectModel name=”Account” fields=”Name” jsShorthand=”ac”>  is being used to  define the object on which the DML operations will be performed. Attribute name is used to hold the API name of the Object, fields attribute holds the fields you want to perform DML upon and jsShorthand is the shorthand notation for the object that you can use with the javaScript.

<apex:remoteObjectField name=”Type” jsShorthand=”ty”></apex:remoteObjectField> is being used to refer the fields if you additionally want to add some conditions in your DML operation.

Let’s go on the javaScript code

<script type=”text/javaScript”>

        function retrieveAccount(){

            clear();                     //calling clear method to clear the existing records if shown in table

            var t = document.getElementById(“srch”).value;      //getting the value from input box

            var acc = new SObjectModel.Account();                 // this defines the object on which we going to perform operations

// the below code will retrieve the 100 records from account object where Type field of the record is equal to the type defined in input box on page and will display records as part of a table.

            var acnt = acc.retrieve({where: {ty: {eq: t }},limit : 100},

                       function(err,records){

                           if(err){

                               alert(“Encountered Error”+err.message);

                           }

                           else{

                               records.forEach(

                                   function(record){

                                       var name = record.get(“Name”);

                                       var row = document.createElement(“tr”);

                                       row.appendChild(document.createTextNode(name));

                                       var table = document.getElementById(“accountTable”);

                                       table.appendChild(row);

                                }   

                               );

                           }

                        }

            );

        }

        function clear(){   // clear function to clear the existing records on page.

            document.getElementById(“accountTable”).innerHTML = “”;

        }

        </script>

Enter account type here:<input id=”srch”></input>  <!–Input box –>

    <button onclick=”retrieveAccount()”>Search</button>  <!–button which on click will javaScript method retrieveAccount –>

    <table id=”accountTable” border=”1″ cellspacing=”10″></table> <!–table that will hold records–>

</apex:page>

Now you can take a look at the functionality, this feature also works on Salesforce1 !!

Image

Follow

Get every new post delivered to your Inbox.