Fixes #3543. Ported access collections fix to master.

1 files changed, 8 insertions, 21 deletions

diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
index fe719d74b..ff8f1fb55 100644
--- a/actions/friends/collections/delete.php
+++ b/actions/friends/collections/delete.php
@@ -8,29 +8,16 @@
 
 $collection_id = (int) get_input('collection');
 
-// Check to see that the access collection exist and grab its owner
-$get_collection = get_access_collection($collection_id);
-
-if ($get_collection) {
-
-	if ($get_collection->owner_guid == elgg_get_logged_in_user_guid()) {
-
-		$delete_collection = delete_access_collection($collection_id);
+// check the ACL exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	register_error(elgg_echo("friends:collectiondeletefailed"));
+	forward(REFERER);
+}
 
-		// Success message
-		if ($delete_collection) {
-			system_message(elgg_echo("friends:collectiondeleted"));
-		} else {
-			register_error(elgg_echo("friends:collectiondeletefailed"));
-		}
-	} else {
-		// Failure message
-		register_error(elgg_echo("friends:collectiondeletefailed"));
-	}
+if (delete_access_collection($collection_id)) {
+	system_message(elgg_echo("friends:collectiondeleted"));
 } else {
-	// Failure message
 	register_error(elgg_echo("friends:collectiondeletefailed"));
 }
 
-// Forward to the collections page
-forward("collections/" . elgg_get_logged_in_user_entity()->username);
+forward(REFERER);