Merged ACL fixes from 1.7 branch.

1 files changed, 11 insertions, 23 deletions

diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
index fe719d74b..5b0aa8e10 100644
--- a/actions/friends/collections/delete.php
+++ b/actions/friends/collections/delete.php
@@ -1,36 +1,24 @@
 <?php
+
 /**
  * Elgg friends: delete collection action
  *
- * @package Elgg.Core
- * @subpackage Friends.Collections
+ * @package Elgg
+ * @subpackage Core
  */
 
 $collection_id = (int) get_input('collection');
 
-// Check to see that the access collection exist and grab its owner
-$get_collection = get_access_collection($collection_id);
-
-if ($get_collection) {
-
-	if ($get_collection->owner_guid == elgg_get_logged_in_user_guid()) {
-
-		$delete_collection = delete_access_collection($collection_id);
+// check the ACL exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	register_error(elgg_echo("friends:collectiondeletefailed"));
+	forward(REFERER);
+}
 
-		// Success message
-		if ($delete_collection) {
-			system_message(elgg_echo("friends:collectiondeleted"));
-		} else {
-			register_error(elgg_echo("friends:collectiondeletefailed"));
-		}
-	} else {
-		// Failure message
-		register_error(elgg_echo("friends:collectiondeletefailed"));
-	}
+if (delete_access_collection($collection_id)) {
+	system_message(elgg_echo("friends:collectiondeleted"));
 } else {
-	// Failure message
 	register_error(elgg_echo("friends:collectiondeletefailed"));
 }
 
-// Forward to the collections page
-forward("collections/" . elgg_get_logged_in_user_entity()->username);
+forward(REFERER);