SalesForce 中的 Http 请求和 iFrame 问题，INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY

Question

这是我的问题，我在 SalesForce 中创建了一个应用程序，它非常适合我。我有管理员权限，在这个应用程序中我有一个引用 SF 的 iFrame，servlet 文件 reader，当我以管理员身份登录时调用它时它工作得很好但是当我尝试使用标准用户时我得到以下错误:

Refused to display 'https://myDomain.salesforce.com/servlet/servlet.FileDownload?file=00PG000000UCL0CMAX' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

所以这是第一个问题，第二个是 Http 请求，我正在通过 Http 请求创建一个带有 AngularJS 的附件，再次以管理员身份登录时它工作正常但对于标准用户我收到以下错误：

POST https://myDomain.salesforce.com/services/data/v26.0/sobjects/Attachment/ 400 (Bad Request)

对于这篇文章，我将 http 请求配置如下：

app.run(['$http', '$window', function($http, $window) {

    /*Get the '{!GETSESSIONID()}' value cannot be processed on static ressource, 
            hence the link to the window global variable.*/
    var sessionId = $window.__sfdcSessionId;

    $http.defaults.useXDomain = true;
    delete $http.defaults.headers.common["X-Requested-With"];

    /* In order for this to work the domain has to be white-listed within
            SalesForce security Settings > CORS */
    $http.defaults.headers.common["Access-Control-Allow-Origin"] = "*";
    $http.defaults.headers.common["Accept"] = "application/json";
    $http.defaults.headers.common["Content-Type"] = "application/json";
    //Session ID necessary for authentication purposes.
    $http.defaults.headers.common['Authorization'] = "OAuth " + sessionId;
    $http.defaults.headers.common['X-User-Agent'] = "MyClient";
}]);

同样，它对管理员有效，但对标准用户无效。 任何想法，我认为它与许可有关，但我显然不想给每个人管理员权限......我不确定问题的真正根源，有什么建议吗？

更新：通过网络调用，我能够得到关于错误请求的更准确的错误：

INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY

所以我知道这与权限有关，但无法弄清楚到底要做什么不同才能使其适用于所有用户而不仅仅是管理员...有什么建议吗？

我附加了调用的实际 AngularJS 函数：

attachment.save = 函数（base64 值，文档）{

    /*Stripping the file type text in front of the base64 
        string, without this the file would show as corrupted */
    var position = base64value.indexOf("base64,");
    var matchWord = "base64,";
    var base64valueClean = base64value.slice(position + matchWord.length, base64value.length);

    //Setting payload to be saved in SF database.
    var data = {
        "Body": base64valueClean,
        "ContentType": document.attachmentContentType,
        "ParentId": document.id,
        "Name": document.fileName
    };

    var requestHeaders = {
            'Timeout': '600',
            'Content-Type': 'application/json',
            'Authorization': 'Bearer ' + $window.__sfdcSessionId
        };


    /*Get the {!URLFOR('/services/data/v26.0/sobjects/Attachment/')} value
        cannot be processed on static ressource, hence the link to the window
        global variable.*/
    var url = $window.__url;
    var method = 'POST';

    /* May be useful in future
    //Allows this function to be used for updates as well as insert
    var isUpdate = ($.trim(document.attachmentId) !==);
    if (isUpdate) {
        url = url + document.attachmentId;
        method = 'PATCH';
    } else {
        // Method for creation
        method = 'POST';
    };*/

    //Request system data
    var request = {

        url: url,
        method: method,
        data: data,
        requestHeaders: requestHeaders

    };

    console.log(request);

    //Promise type approach to Http request, allows easy handle of succes and failure
    // Very useful for asynchronous calls.
    var deferred = $q.defer();

    //Performing http request to Server
    $http(request).then(function(response) {

        deferred.resolve(response);
        console.log('File UPLOADED to SF!');

    }, function(event) {

        //Need to Improve error handling!!!
        deferred.reject('The attachment could not be saved:' + event);

    });


    return deferred.promise;
}

Answer 1

好吧，所有这些都归结为配置文件中的权限。用户没有与此附件关联的父对象的读写权限。

我修改了它，现在它就像一个魅力...不像我想的那样令人费解！