Saturday 27 February 2016

Lightning Component Events - Change Types with Care

Lightning Component Events - Change Types with Care



After the Spring 16 release of Salesforce went live, one of the components from my BrightMedia mobile booking application started throwing errors when sending a booking and its line items back to the Salesforce server. After some investigation, it turned out that the JavaScript version of the Order sObject had gained a ‘serId’ attribute somewhere along the line, which broke the deserialisation on the server.

One aspect of the application is that the order information is passed around between a number of components using Lighting Events - mainly application events, but there is the odd component event in there, so I set out to see if I could reproduce the error with a noddy application that fired and consumed a few events. I wasn’t able to reproduce the error, but along the way I did manage cause an interesting and unexpected error at deployment time.

Lightning Event Types

There are two types of events in the Lightning Components framework:

Application Events

Application Events follow the Publish-Subscribe pattern. Publisher Components fire events without any knowledge of which other components may consume them, while Subscribe Components receive and process events without any knowledge of which, or how many, components have fired them.

An application event specifies its type as ‘APPLICATION’ in the event bundle:

<aura:event type="APPLICATION" 
      description=“Event fired when something happens" />

A publisher component declares that it will fire the application event via the register event component:

<aura:registerEvent name="MyEvent" type="c:MyAppEvt"/>

A subscriber component declares that it wishes to handle events of this type via the handle event component, which also specifies the controller method to execute when an event of this type is to be removed:

<aura:handler event="c:MyAppEvt" action="{!c.handleMyAppEvt}" />

Component Events

Component Events are a bit more like JavaScript events fired in response to a user action - they can be handled by the component that fires the event (although the last time I tried this I couldn’t get it working) or it can bubble up through the component hierarchy, so being handled by the parent component that contains the publisher component, or its parent, and so on.

A component event specifies its type as ‘COMPONENT’ in the event bundle:

<aura:event type="COMPONENT"
	  description="Another event"/>

 A publisher component declares that it will fire the component event via the register event component, specifying 

<aura:registerEvent name="MyCompEvent" type="c:MyAppEvt"/>

A consumer component declares that it wishes to handle events of this type via the handle event component - this specifies the name attribute, which must match the name attribute of the register event declaration in the publisher component:

<aura:handler name=“MyCompEvent” event="c:MyCompEvt" action="{!c.handleMyCompEvt}" />

The Problem

When I wrote my noddy application, I defined my event has being of type APPLICATION, but not matter how many times I sent the custom object between components, I couldn’t get the bonus attribute. I then decided to change the type of the event to COMPONENT and update my components to handle the event through the bubbling mechanism. Unfortunately I didn’t carry out the latter task, as one of my many other duties took precedence, and I quickly forgot about it. Obviously this was in a developer edition and for a disposable application, in a real-world customer environment I’d create a new event rather than changing the behaviour of an existing one.

The next time that I tried to deploy an (unrelated) aura component via the metadata API, around a week later, I got the following error:

Screen Shot 2016 02 27 at 07 11 25

which rather confused me, as I didn’t have any event handlers in the component. After retrieving all of my lightning components via the Force CLI, I was able to search for component events, a synapse fired, and I remembered half changing my test component.

So it appears that when you deploy an aura component via the metadata API, a validation type check is carried out on all existing components to make sure that everything is coherent. This may happen with other deployment methods, I haven’t tested with any others. It doesn’t happen in the Developer Console, as that was the tool that I used to update the component. This makes sense, as otherwise it would be impossible to change anything that briefly invalidated another component.

By the way, if you are wondering what I did about the bonus attributes, I came up with a couple of workarounds:

  • Turn it into a JSON string an remove the attribute during the conversion
  • Delete the attribute using the JavaScript delete keyword
Both of these are dealing with the symptom rather than curing the problem, but reproducing this in a simple application has thus far defeated me. If any of the Lightning Components development team read this I’d love to know where this attribute might come from.

Related Content


Saturday 20 February 2016

Learn to Lead with Trailhead

Learn to Lead with Trailhead

Screen Shot 2016 02 20 at 15 40 50


In what seems like an ever reducing timescale, a set of seven new Trailhead badges are with us. Continuing the theme from the last round, some of these go outside the comfort zone of developer/administrator, covering leadership topics. Which I think is awesome. Its also a testament to the versatility of the Trailhead system, although obviously there is no automated challenge checking on those badges as there isn’t a developer edition that allows you to try out leading a team of people. That would be beyond awesome. And prohibitively expensive.

The Badges

  • Coaching and Feedback

    The basics on motivating and coaching members of your team. Useful for both new team leaders, and those who have got into the habit of only talking to their team when mistakes have been made or they want something. Don’t assume your people know how much you value their contribution - make sure to tell them.
  • Great Management

    Learn how Salesforce managers manage. This module also covers understanding your strengths and weaknesses as a leader. Assuming you have any weaknesses, which many people think they don’t. They are wrong and this module will help them to realise that.
  • Microsoft Integration Basics

    Getting to grips with the options for integration with Microsoft Outlook. To App for Outlook or not to App for Outlook, that is the question.
  • Microsoft Integration Benefits

    A high level overview of why you should integrate Microsoft products with Salesforce, and which product is most appropriate for your organisation. I’m a Mac users, so this doesn’t affect me directly, but I’m also a consultant so I need to know it. 
  • ISV App Strategy

    Choosing the right license model, supporting multiple editions, and what you should think about before you start building an app. An excellent primer.
  • Asynchronous Apex

    A more old-school trailhead module - hard core Apex with challenges to test you can apply what you have learned. 
  • Spring 16 Release

    Another new area for Trailhead training - key release features. I’m a big fan of anything that helps get the word out about whats in new Salesforce releases, as the BrightGen youtube channel webinars playlist will attest. The Trailhead format is a good fit for this, and I’d expect the gamification around the challenge questions will get people to dig into things in a bit more detail.

Ever Increasing Topics

One thing is clear from each update to the Trailhead content - as its popularity increases the scope widens. I’d imagine there’s a long queue of Product Managers outside the office of Chris Duarte in Salesforce HQ, all desperate to get a module or two published in the next release. Make ‘em work for it I say - require implementation of ideas from the success community to get access to the Trailhead community. My ideas, for example, would be an excellent start.

Everyone’s a Critic

While its great to see Trailhead branch out from its Salesforce config/development roots, there’s always room for improvement.

  • Org-Specific Trails - I’ve mentioned this before and I’m going to keep banging on about it until I get what I want. I’d love to be able to build trails specific to my own orgs, to train up users for whom I’ve built a custom application for example. All I want is a small piece of the traction and take-up that Trailhead has had.
  • MegaBadges - I wrote this post with Mega Shark versus Giant Octopus playing in the background, and Giant Badges didn’t have the same ring to it. The trick is obviously to decide what differentiates a MegaBadge from a regular badge, as some of the project badges already require quite a bit of effort. Maybe they are badges that are only unlocked once you have earned a bunch of qualification badges. I’m just the ideas man really.

Related Posts


Sunday 14 February 2016

Custom Transaction Security Policies in Spring 16

Custom Transaction Security Policies in Spring 16


Towards the end of the Spring 16 release notes, in the Security and Identity section, is a particularly interesting new feature - Custom Transaction Security Policies. Transaction Security intercepts Salesforce events and can take action, including blocking the requested event. Custom Transaction Security Policies allow you to create your own policies that are evaluated when an event occurs. Essentially what this means is that you can have a lot more granularity around security than with the regular setup tools. 

Note that there is an additional cost associated with this functionality - from the help :

Requires purchasing Salesforce Shield or Salesforce Shield Event Monitoring add-on subscriptions.

Enabling Custom Policies

Before you can create a custom policy, you need to enable the custom policies functionality by navigating to Setup -> Administration Setup -> Security Controls -> Transaction Security :

Screen Shot 2016 02 14 at 07 52 27

The Policy

The use case for this post is a request I’ve hit more than once in my world - restricting the users that can run reports from external IP addresses. Using the standard setup tools, all I can really do is restrict the IP addresses that users with a particular profile can login from, which stops them from carrying out any activities from an external address. Using a custom policy allows me to intercept a user’s attempt to execute a report or dashboard, and check that they are either from an approved IP address or they are a user that I have specifically allowed to do this.

The first step is to configure the custom policy: 

Screen Shot 2016 02 12 at 17 32 38

Stepping through the parameter values :

  • Enable - is the policy enabled (active)
  • Name/API Name - the friendly and internal names for the policy, pretty much everything in Salesforce has these!
  • Event Type - AccessResource - intercept when the selected resource is accessed
  • Resource Name - the selected resource - in this case, any Report or Dashboard access will trigger the evaluation of the policy
  • Notifications - how I want to be notified if the policy is breached
  • Real-Time Actions - what I want to do when the policy is breached - in this case I’m going to block access, but I could choose to just get notified and take no action, or mandate that two-factor authentication is required.
  • Apex Policy - this is the Apex class that contains the policy. I can either choose an existing policy or, as in this case, get the platform to generate me the basic class. Note that classes must implement the TxnSecurity.PolicyCondition interface.
  • Execute policy as - the context user to execute the Apex policy class, must have the System Administrator profile.
  • Create condition for - I need to check the source IP of the request. Obviously is not a valid internal IP address, but for the purposes of this post assume it is.

This generates the following Apex code:

global class BlockIPAddressReportsPolicyCondition
       implements TxnSecurity.PolicyCondition
  public boolean evaluate(TxnSecurity.Event e)
    if('SourceIp') == '')
       return true;

    return false;

Extending the Generated Policy

As it stands, this stops anyone from accessing reports unless it is from the IP address, which while an improvement on stopping users from doing anything from that IP address, isn’t all I’m hoping for.

The next step is to determine the user that made the request - luckily the Event class exposes the UserId property which I can use to retrieve the user record:

     User u=[select id, FirstName, LastName from User where id=:e.UserId];

 and I can then check that if I am not the user, the request is blocked:

 if ( (U.FirstName!='Keir') || (U.LastName!='Bowden') )
     // Prohibited user - only Keir Bowden can access reports from external IP addresses!
     return true;

Now if I try to access a report from any IP address, I’ll have full access, but if another user tries to access a report and their IP address isn’t, the request is blocked:

Screen Shot 2016 02 14 at 08 00 58

and as I specified myself as the recipient, I receive an in app notification:

Screen Shot 2016 02 14 at 08 03 05

and an email:

Screen Shot 2016 02 14 at 08 04 45


As I mentioned earlier, this feature requires an additional paid subscription. However, if you are working in a regulated industry, or for a customer with specific and nuanced requirements around application security, its well worth a look. Also, as its part of the Salesforce platform, there are no browser plugins or the like to be installed.

Related Posts


Saturday 6 February 2016

London Called and the Community Answered

London Called and the Community Answered


On 5th February 2016 the London’s Calling Salesforce community event took place in, no prizes for guessing, London. The first event of its kind here and the largest Salesforce community event to be held in EMEA. An event by the community for the community.

Not One but Two Keynotes

The day was bookended by keynotes from two Salesforce heavyweights. The day started with a talk by Erica Kuhl, Vice President, Community:

IMG 1535

and finished with one by Peter Coffee, VP for Strategic Research:

IMG 1538

These were different to talks I’ve attended from these speakers in the past - I’ve always seen them at events run by Salesforce, so the focus is very much on Salesforce. This time everybody in the audience was familiar with Salesforce to some degree, so there was no need to keep banging that particular drum. Erica’s talk was on the general aspects of building a community, while Peter’s covered a number of areas, but mainly with the theme that disruption is always coming so you need to be vigilant to keep ahead of the competition.

28 Community Led Sessions

Outside of the keynotes, the majority of sessions where community led training sessions, introducing new technology and techniques or refining existing best practice. There were a couple of things I really liked about the sessions.

  • it wasn’t the same old faces that we see at World Tour and Dreamforce events. While there were plenty of old stagers (like me, for example!) there were a number of people taking their first steps into the world of public speaking, and from what I saw and heard everyone did a great job.
  •  large number of speakers were presenting in their second language. Given how nervous most of us are when we start presenting in our native language, I can’t imagine what this feels like, but its certainly impressive.

As I said before the big day:

Screen Shot 2016 02 06 at 10 28 36

The good news is that all of the sessions were recorded, so we’ll all have access to everything once the editing is done in a couple of weeks. The slide decks will also be published on slide share, so make sure to keep an eye on social media for the latest information.

A Word from Our Sponsors

I was pleased to see people making good use of the Expo and a packed out keynote room for the demo jam - these kind of events are only possible with the support of sponsors.

Sold Out

Tickets sold out at such a pace, you could say that they were selling like hot cakes. The numbers were increased a couple of times, and each time they sold straight out again. Impressive, given that this was a paid event.

Awesome Organizers

The whole thing was put together by four sleep-deprived people who probably had no idea what was involved when they floated the idea at Dreamforce 15:

IMG 1541

So take a bow, Kerry Townsend, Simon Goodyear, Jodi Wagner and Francis Pindar. Hopefully it hasn’t put you off, as we’re looking forward to next year already!