public async Task <UserGridViewDto> GetUserGridViewById(string userId, string company, int gridViewId) { var queryParameters = new DynamicParameters(); queryParameters.Add("@GridViewId", gridViewId); UserGridViewDto gridView = await ExecuteQueryFirstOrDefaultAsync <UserGridViewDto>(StoredProcedureNames.GetGridViewDetails, queryParameters); // A user can access a gridView if he is the owner, or if the gridView is shared with all users for the requested company if (gridView.CreatedBy == userId || (gridView.IsSharedWithAllUsers && gridView.IsSharedWithAllCompanies) || (gridView.IsSharedWithAllUsers && gridView.CompanyId == company)) { return(gridView); } throw new AtlasSecurityException("You are not the owner of this gridView or it is not shared with you."); }
public async Task <IActionResult> SetGridViewAsFavorite(string company, string gridCode, [FromBody, Required] UserGridViewDto gridView) { var command = new SetFavoriteGridViewCommand { CompanyId = company, GridCode = gridCode, GridViewId = gridView.GridViewId, GridViewColumnConfig = gridView.GridViewColumnConfig, Name = gridView.Name, }; await _mediator.Send(command); return(NoContent()); }