With winter release round the corner and applied to lot of sandbox, a common functionality that lot of the people are facing issue with Apex class having @AuraEnabled method are failing.
Previously when we used to write any aura enabled method we need not provide the access to particular profile to run the functionality. But now with this winter release it gives you more control over which authenticated users can access Apex classes containing @AuraEnabled methods.
This critical update changes the behavior of @AuraEnabled Apex controllers that don’t specify with sharing or without sharing to default to with sharing.
Once the critical update is activated, if the running user does not have access to the class, the method call will fail and your app will crash.
In setup, you can add Apex classes to a profile under “Enabled Apex Classes Access”. For a permission set, you’ll see it under Apps as “Apex Class Access”.
Aura Enabled Scanner Tool:
If you want to proactively find Apex classes that leverage @AuraEnabled, check out the open source tool @AuraEnabled Scanner. To install the tool, log in to the sandbox that you want to make the edits in. From there, go to:
Where <mydomain> is the prefix of the domain for your org. Once you’ve installed the package, go to:
The @AuraEnabled Scanner requires you to have the AuraEnabled Scanner User permission set. You’ll be prompted to assign it if you haven’t done so.
From there, you’ll have a list of Apex classes on the left that use @AuraEnabled. Clicking on one will allow you to update the profiles and permission sets that have access to the class.