1 files changed, 23 insertions, 11 deletions

diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
index 5b0aa8e10..fe719d74b 100644
--- a/actions/friends/collections/delete.php
+++ b/actions/friends/collections/delete.php
@@ -1,24 +1,36 @@
 <?php
-
 /**
  * Elgg friends: delete collection action
  *
- * @package Elgg
- * @subpackage Core
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
  */
 
 $collection_id = (int) get_input('collection');
 
-// check the ACL exists and we can edit
-if (!can_edit_access_collection($collection_id)) {
-	register_error(elgg_echo("friends:collectiondeletefailed"));
-	forward(REFERER);
-}
+// Check to see that the access collection exist and grab its owner
+$get_collection = get_access_collection($collection_id);
+
+if ($get_collection) {
+
+	if ($get_collection->owner_guid == elgg_get_logged_in_user_guid()) {
+
+		$delete_collection = delete_access_collection($collection_id);
 
-if (delete_access_collection($collection_id)) {
-	system_message(elgg_echo("friends:collectiondeleted"));
+		// Success message
+		if ($delete_collection) {
+			system_message(elgg_echo("friends:collectiondeleted"));
+		} else {
+			register_error(elgg_echo("friends:collectiondeletefailed"));
+		}
+	} else {
+		// Failure message
+		register_error(elgg_echo("friends:collectiondeletefailed"));
+	}
 } else {
+	// Failure message
 	register_error(elgg_echo("friends:collectiondeletefailed"));
 }
 
-forward(REFERER);
+// Forward to the collections page
+forward("collections/" . elgg_get_logged_in_user_entity()->username);