From 48ad4ade58bcdbb119e50b5f8f6b4c1b7e99f3eb Mon Sep 17 00:00:00 2001
From: Nick Sergeant <nick@nicksergeant.com>
Date: Fri, 16 Oct 2015 08:34:52 -0400
Subject: [PATCH] Allow searching of users via API.

---
 snipts/api.py  | 2 +-
 teams/views.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/snipts/api.py b/snipts/api.py
index 468e195..2b522dd 100644
--- a/snipts/api.py
+++ b/snipts/api.py
@@ -176,7 +176,7 @@ class PublicUserResource(ModelResource):
         fields = ['id', 'username']
         include_absolute_url = True
         allowed_methods = ['get']
-        filtering = {'username': 'exact'}
+        filtering = {'username': ['contains', 'exact']}
         max_limit = 200
         cache = SimpleCache()
 
diff --git a/teams/views.py b/teams/views.py
index 12fa0b2..24a0ac3 100644
--- a/teams/views.py
+++ b/teams/views.py
@@ -22,6 +22,8 @@ def for_teams(request):
 @render_to('teams/team-billing.html')
 def team_billing(request, username):
     team = get_object_or_404(Team, slug=username)
+    if team.owner != request.user:
+        raise Http404
     return {
         'team': team
     }
@@ -30,8 +32,6 @@ def team_billing(request, username):
 @render_to('teams/team-members.html')
 def team_members(request, username):
     team = get_object_or_404(Team, slug=username)
-    if team.owner != request.user:
-        raise Http404
     return {
         'team': team
     }