- Add some more analytics events

- Enable business features for personal users on business plans
- Fix a bug in the credit card image view

endpoints/api.py

@@ -1601,9 +1601,31 @@ def subscribe(user, plan, token, require_business_plan):
   return resp
 
 
+@app.route('/api/user/invoices', methods=['GET'])
+@api_login_required
+def user_invoices_api():
+  user = current_user.db_user()
+  if not user.stripe_id:
+    abort(404)
+      
+  return get_invoices(user.stripe_id)
+
+
 @app.route('/api/organization/<orgname>/invoices', methods=['GET'])
 @api_login_required
 def org_invoices_api(orgname):
+  permission = AdministerOrganizationPermission(orgname)
+  if permission.can():
+    organization = model.get_organization(orgname)
+    if not organization.stripe_id:
+      abort(404)
+      
+    return get_invoices(organization.stripe_id)
+
+  abort(403)
+
+
+def get_invoices(customer_id):
   def invoice_view(i):
     return {
       'id': i.id,
@@ -1619,18 +1641,10 @@ def org_invoices_api(orgname):
       'plan': i.lines.data[0].plan.id if i.lines.data[0].plan else None
     }
     
-  permission = AdministerOrganizationPermission(orgname)
-  if permission.can():
-    organization = model.get_organization(orgname)
-    if not organization.stripe_id:
-      abort(404)
-      
-    invoices = stripe.Invoice.all(customer=organization.stripe_id, count=12)
-    return jsonify({
-      'invoices': [invoice_view(i) for i in invoices.data]
-    })
-
-  abort(403)  
+  invoices = stripe.Invoice.all(customer=customer_id, count=12)
+  return jsonify({
+    'invoices': [invoice_view(i) for i in invoices.data]
+  })
 
 
 @app.route('/api/organization/<orgname>/plan', methods=['PUT'])
@@ -1815,6 +1829,17 @@ def org_logs_api(orgname):
   abort(403)
 
 
+@app.route('/api/user/logs', methods=['GET'])
+@api_login_required
+def user_logs_api():
+  performer_name = request.args.get('performer', None)
+  start_time = request.args.get('starttime', None)
+  end_time = request.args.get('endtime', None)
+
+  return get_logs(current_user.db_user().username, start_time, end_time,
+                  performer_name=performer_name)
+
+
 def get_logs(namespace, start_time, end_time, performer_name=None,
              repository=None):
   performer = None

endpoints/web.py

@@ -4,7 +4,7 @@ import stripe
 
 from flask import (abort, redirect, request, url_for, render_template,
                    make_response, Response)
-from flask.ext.login import login_user, UserMixin
+from flask.ext.login import login_user, UserMixin, current_user
 from flask.ext.principal import identity_changed
 from urlparse import urlparse
 
@@ -134,21 +134,34 @@ def privacy():
 
 @app.route('/receipt', methods=['GET'])
 def receipt():
+  if not current_user.is_authenticated():
+    abort(401)
+    return
+
   id =  request.args.get('id')
   if id:
     invoice = stripe.Invoice.retrieve(id)
     if invoice:
-      org = model.get_user_or_org_by_customer_id(invoice.customer)
-      if org and org.organization:
-        admin_org = AdministerOrganizationPermission(org.username)
-        if admin_org.can():
-          file_data = renderInvoiceToPdf(invoice, org)          
-          return Response(file_data,
-                          mimetype="application/pdf",
-                          headers={"Content-Disposition":
-                                     "attachment;filename=receipt.pdf"})
+      user_or_org = model.get_user_or_org_by_customer_id(invoice.customer)
+      
+      if user_or_org:
+        if user_or_org.organization:
+          admin_org = AdministerOrganizationPermission(user_or_org.username)
+          if not admin_org.can():
+            abort(404)
+            return
+        else:
+          if not user_or_org.username == current_user.db_user().username:
+            abort(404)
+            return      
+
+      file_data = renderInvoiceToPdf(invoice, user_or_org)          
+      return Response(file_data,
+                      mimetype="application/pdf",
+                      headers={"Content-Disposition": "attachment;filename=receipt.pdf"})
   abort(404)
 
+
 def common_login(db_user):
   if login_user(_LoginWrappedDBUser(db_user.username, db_user)):
     logger.debug('Successfully signed in as: %s' % db_user.username)