Fixes #3543. Ported access collections fix to master.

3 files changed, 35 insertions, 44 deletions

diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
index 8ec6a085f..1e2bc1d5c 100644
--- a/actions/friends/collections/add.php
+++ b/actions/friends/collections/add.php
@@ -9,28 +9,24 @@
 $collection_name = get_input('collection_name');
 $friends = get_input('friends_collection');
 
-//first check to make sure that a collection name has been set and create the new colection
-if ($collection_name) {
+if (!$collection_name) {
+	register_error(elgg_echo("friends:nocollectionname"));
+	forward(REFERER);
+}
 
-	//create the collection
-	$create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid());
+$id = create_access_collection($collection_name);
 
-	//if the collection was created and the user passed some friends from the form, add them
-	if ($create_collection && (!empty($friends))) {
-		//add friends to the collection
-		foreach ($friends as $friend) {
-			add_user_to_access_collection($friend, $create_collection);
-		}
+if ($id) {
+	$result = update_access_collection($id, $friends);
+	if ($result) {
+		system_message(elgg_echo("friends:collectionadded"));
+		// go to the collections page
+		forward("pg/collections/" . get_loggedin_user()->username);
+	} else {
+		register_error(elgg_echo("friends:nocollectionname"));
+		forward(REFERER);
 	}
-
-	// Success message
-	system_message(elgg_echo("friends:collectionadded"));
-	// Forward to the collections page
-	forward("collections/" . elgg_get_logged_in_user_entity()->username);
-
 } else {
 	register_error(elgg_echo("friends:nocollectionname"));
-
-	// Forward to the add collection page
-	forward("collections/add");
-}
+	forward(REFERER);
+}
\ No newline at end of file
diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
index fe719d74b..ff8f1fb55 100644
--- a/actions/friends/collections/delete.php
+++ b/actions/friends/collections/delete.php
@@ -8,29 +8,16 @@
 
 $collection_id = (int) get_input('collection');
 
-// Check to see that the access collection exist and grab its owner
-$get_collection = get_access_collection($collection_id);
-
-if ($get_collection) {
-
-	if ($get_collection->owner_guid == elgg_get_logged_in_user_guid()) {
-
-		$delete_collection = delete_access_collection($collection_id);
+// check the ACL exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	register_error(elgg_echo("friends:collectiondeletefailed"));
+	forward(REFERER);
+}
 
-		// Success message
-		if ($delete_collection) {
-			system_message(elgg_echo("friends:collectiondeleted"));
-		} else {
-			register_error(elgg_echo("friends:collectiondeletefailed"));
-		}
-	} else {
-		// Failure message
-		register_error(elgg_echo("friends:collectiondeletefailed"));
-	}
+if (delete_access_collection($collection_id)) {
+	system_message(elgg_echo("friends:collectiondeleted"));
 } else {
-	// Failure message
 	register_error(elgg_echo("friends:collectiondeletefailed"));
 }
 
-// Forward to the collections page
-forward("collections/" . elgg_get_logged_in_user_entity()->username);
+forward(REFERER);
diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php
index b7fb716f2..9eb5e1eab 100644
--- a/actions/friends/collections/edit.php
+++ b/actions/friends/collections/edit.php
@@ -9,7 +9,15 @@
 $collection_id = get_input('collection_id');
 $friends = get_input('friend');
 
-//chech the collection exists and the current user owners it
-update_access_collection($collection_id, $friends);
+// check it exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	system_message(elgg_echo('friends:collection:edit_failed'));
+}
 
-exit;
+if (update_access_collection($collection_id, $friends)) {
+	system_message(elgg_echo('friends:collections:edited'));
+} else {
+	system_message(elgg_echo('friends:collection:edit_failed'));
+}
+
+forward(REFERER);
\ No newline at end of file