RestrictSources
What It Does
Controls which call sources — phone-system connections within a CallCore workspace — the running user is allowed to see.
A Source__c record represents one connection to one external phone system within one CallCore workspace. The strategy decides which workspace subdomain(s) the running user is allowed to see; the package resolves those to the corresponding source IDs and applies them as a filter on every timeline query.
The source restriction is evaluated at the start of every timeline request and applied as a SOQL filter alongside the handler restriction. A call only appears if both the source restriction and the handler restriction are satisfied.
The default implementation allows all sources. Implement RestrictSources.IStrategy to scope users to a subset — for example, when a single Salesforce org syncs data from more than one CallCore workspace and each user should only see calls from their own.
Interface
global interface IStrategy {
void getAllowed(Context context);
}
Context
Input
The Context has no input fields. Use callcoreio.ServiceProvider.getSourceLookup().getSourceIdsBySubdomain(String) to translate a CallCore workspace subdomain into the Set<Id> to pass to allowSet. Use UserInfo.getProfileId(), custom metadata, or other org data to determine which workspace subdomain applies to the running user.
Write Methods Call one of these before returning. If you call none, the default is allow-all (all sources visible).
| Method | Description |
|---|---|
allowSingle(Id id) |
Allow exactly one Source__c record ID. Throws if id is null. |
allowSet(Set<Id> ids) |
Allow a specific set of Source__c record IDs. Throws if ids is null. An empty set means no sources are allowed. |
excludeAll() |
Allow no sources — no calls will be visible to the user. |
Unlike RestrictCallHandlers, there is no explicit allowAll() method. Simply do not call any write method and the framework treats the result as allow-all.
The Id values must be Source__c record IDs.
Discriminator
This strategy has no SObject discriminator. There is one global implementation per org. Use default as the discriminator value.
Default Behaviour
Allow all sources (AnySource implementation — no filtering applied).
Example: Map Users to Workspaces via Custom Metadata
Use custom metadata to map each Salesforce Profile to a CallCore workspace subdomain. Create a WorkspaceAccess__mdt type with fields ProfileId__c (Text) and Subdomain__c (Text), and add one row per profile.
public class RestrictWorkspacesByProfile
implements callcoreio.RestrictSources.IStrategy {
public void getAllowed(callcoreio.RestrictSources.Context context) {
List<WorkspaceAccess__mdt> rules = [
SELECT Subdomain__c
FROM WorkspaceAccess__mdt
WHERE ProfileId__c = :UserInfo.getProfileId()
LIMIT 1
];
if (rules.isEmpty()) {
context.excludeAll();
return;
}
Set<Id> ids = callcoreio.ServiceProvider
.getSourceLookup()
.getSourceIdsBySubdomain(rules[0].Subdomain__c);
if (ids == null || ids.isEmpty()) {
context.excludeAll();
} else {
context.allowSet(ids);
}
}
}
Example: Restrict to a Single Workspace
Restrict all users to a single CallCore workspace. Replace 'acme' with your workspace subdomain.
public class RestrictToSingleWorkspace
implements callcoreio.RestrictSources.IStrategy {
private static final String WORKSPACE_SUBDOMAIN = 'acme';
public void getAllowed(callcoreio.RestrictSources.Context context) {
Set<Id> ids = callcoreio.ServiceProvider
.getSourceLookup()
.getSourceIdsBySubdomain(WORKSPACE_SUBDOMAIN);
if (ids == null || ids.isEmpty()) {
context.excludeAll();
} else {
context.allowSet(ids);
}
}
}
Notes
- Fail closed. If your implementation throws an unhandled exception, the framework calls
excludeAll()and the user sees no calls. Design your logic to be defensive. - Source IDs via
ISourceLookuponly. TheSource__cobject is protected and cannot be queried directly from subscriber Apex. Usecallcoreio.ServiceProvider.getSourceLookup().getSourceIdsBySubdomain(String)to resolve a workspace subdomain to aSet<Id>. - If both
RestrictSourcesandRestrictCallHandlersare configured, both must pass. A call on an allowed source handled by a restricted handler will not appear. - A warning is logged if your strategy results in an allow-none state. If the timeline is empty for all users and debug mode is off, check whether
RestrictSourcesorRestrictCallHandlersis returning an empty restriction.