The question of whether all of your users have access to an object is an issue with VisualForce, specially when dealing with related lists. Unlike a standard page layout which has the logic built-in to not show related lists that a user does not have access to, Visualforce does exactly what you tell it to regardless. This came up in doing maintenance and consolidation of Visualforce pages across departments when there are a large number of profiles with varying degree’s of security. We are in the process of consolidating those to standard profiles with permission sets but in the meantime I needed something today that was flexible enough to check a users access, security, visibility, whatever you want to call it to an object before the page renders otherwise the user gets an error message and the entire page will not render (which is a funny user experience issue no one ever bothered to fix).
Option One – Check to see if the user was in the permission set before rendering the related list section. We use permission sets for all the custom Applications/Objects so this was what I thought would work. Here’s the snippet of code just in case:
Id ppid = [SELECT PermissionSetId FROM PermissionSetAssignment WHERE AssigneeId= :UserInfo.getUserId() AND PermissionSet.Name = ‘Custom Object Permission Set Name’].PermissionSetId;
You would want to enclose that in a ‘try/catch’ code block but I had a boolean variable that checked and returned true/false depending on the success of that string. Worked…but of course there is always an easier way.
Option Two – This is the best and easiest option and works like a charm! And less code which is always the goal…
<apex:relatedList rendered=”{!$ObjectType.Custom_Quote__c.accessible}” list=”Custom_Quotes__r”/>