From 1f13015ad313e4fb0cb093437c2920a0054b1890 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Fri, 13 May 2016 15:06:53 -0400
Subject: [PATCH] Show an error when trying to view a billing page not your own

Fixes #1443
---
 static/js/pages/billing.js    | 9 ++++++---
 static/partials/billing.html  | 9 +++++++--
 static/partials/invoices.html | 9 +++++++--
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/static/js/pages/billing.js b/static/js/pages/billing.js
index 6fa2168cd..1b39a509f 100644
--- a/static/js/pages/billing.js
+++ b/static/js/pages/billing.js
@@ -22,7 +22,7 @@
   }]);
 
 
-  function BillingCtrl($scope, ApiService, $routeParams) {
+  function BillingCtrl($scope, ApiService, $routeParams, UserService) {
     $scope.orgname = $routeParams['orgname'];
     $scope.username = $routeParams['username'];
 
@@ -32,8 +32,11 @@
           $scope.organization = org;
         });
       } else {
-        $scope.entityResource = ApiService.getUserInformationAsResource({'username': $scope.username}).get(function(user) {
-          $scope.viewuser = user;
+        UserService.updateUserIn($scope, function(currentUser) {
+          $scope.entityResource = ApiService.getUserInformationAsResource({'username': $scope.username}).get(function(user) {
+            $scope.invaliduser = !currentUser || currentUser.username != $scope.username;
+            $scope.viewuser = user;
+          });
         });
       }
     };
diff --git a/static/partials/billing.html b/static/partials/billing.html
index 00d7a9d25..8cb5c5afb 100644
--- a/static/partials/billing.html
+++ b/static/partials/billing.html
@@ -25,8 +25,13 @@
     </div>
 
     <div class="co-main-content-panel" style="min-height: 500px;">
-      <div class="plan-manager" organization="organization.name" has-subscription="hasSubscription"  ng-if="organization"></div>
-      <div class="plan-manager" user="viewuser" has-subscription="hasSubscription" ng-if="!organization"></div>
+      <div ng-if="!invaliduser">
+        <div class="plan-manager" organization="organization.name" has-subscription="hasSubscription"  ng-if="organization"></div>
+        <div class="plan-manager" user="viewuser" has-subscription="hasSubscription" ng-if="!organization"></div>
+      </div>
+      <div class="co-alert co-alert-danger" ng-if="invaliduser">
+        You do not have access to this resource
+      </div>
     </div>
   </div>
 </div>
\ No newline at end of file
diff --git a/static/partials/invoices.html b/static/partials/invoices.html
index ffcc23fa2..5fc4cb4cc 100644
--- a/static/partials/invoices.html
+++ b/static/partials/invoices.html
@@ -25,8 +25,13 @@
     </div>
 
     <div class="co-main-content-panel" style="min-height: 500px;">
-      <div class="billing-invoices" user="viewuser" makevisible="true" ng-if="!organization"></div>
-      <div class="billing-invoices" organization="organization" makevisible="true" ng-if="organization"></div>
+      <div ng-if="!invaliduser">
+        <div class="billing-invoices" user="viewuser" makevisible="true" ng-if="!organization"></div>
+        <div class="billing-invoices" organization="organization" makevisible="true" ng-if="organization"></div>
+      </div>
+      <div class="co-alert co-alert-danger" ng-if="invaliduser">
+        You do not have access to this resource
+      </div>
     </div>
   </div>
 </div>
\ No newline at end of file