fix: paid users shouldn't see a link to an estimation page when they are on someone else collection page

Fix #1511

Author: php-coder

src/main/webapp/WEB-INF/views/collection/info.html

@@ -99,7 +99,7 @@ <h4 class="panel-title" th:text="#{t_in_collection}">In this collection</h4>
 									<p th:text="|#{t_series_amount}: ${seriesCounter}|">Amount of series: 3</p>
 									<p th:text="|#{t_stamps_amount}: ${stampsCounter}|">Amount of stamps: 34</p>
 									<!--/* @todo #892 Add integration tests for showing a link to collection estimation page */-->
-									<p sec:authorize="hasAuthority('ADD_SERIES_PRICE')">
+									<p sec:authorize="(hasAuthority('ADD_SERIES_PRICE') and #authentication?.principal?.userCollectionSlug == #vars.slug) or hasAuthority('VIEW_ANY_ESTIMATION')">
 										<span th:text="#{t_cost}">The cost</span>:
 										<a href="estimation.html"
 											th:href="@{${ESTIMATION_COLLECTION_PAGE}(slug=${slug})}"