diff --git a/plugins/wporg-5ftf/includes/authentication.php b/plugins/wporg-5ftf/includes/authentication.php
index fd3227d..d86f32c 100644
--- a/plugins/wporg-5ftf/includes/authentication.php
+++ b/plugins/wporg-5ftf/includes/authentication.php
@@ -149,3 +149,38 @@ function is_valid_authentication_token( $pledge_id, $action, $unverified_token )
 
 	return $verified;
 }
+
+/**
+ * Checks user capabilties or auth token to see if this user can edit the given pledge.
+ *
+ * @param int    $requested_pledge_id The pledge to edit.
+ * @param string $auth_token          The supplied auth token to check.
+ *
+ * @return true|WP_Error
+ */
+function can_manage_pledge( $requested_pledge_id, $auth_token = '' ) {
+	// A valid token superceeds other auth methods.
+	if ( true === is_valid_authentication_token( $requested_pledge_id, 'manage_pledge', $auth_token ) ) {
+		return true;
+	} else if ( is_user_logged_in() ) {
+		if ( current_user_can( 'manage_options' ) ) {
+			return true;
+		}
+		return new \WP_Error(
+			'invalid_token',
+			sprintf(
+				__( 'You don\'t have permissions to edit this page. <a href="%s">Request an edit link.</a>', 'wporg-5ftf' ),
+				get_permalink( $requested_pledge_id )
+			)
+		);
+	}
+
+	return new \WP_Error(
+		'invalid_token',
+		sprintf(
+			__( 'Your link has expired, please <a href="%s">obtain a new one.</a>', 'wporg-5ftf' ),
+			get_permalink( $requested_pledge_id )
+		)
+	);
+}
+
diff --git a/plugins/wporg-5ftf/tests/test-auth.php b/plugins/wporg-5ftf/tests/test-auth.php
index 646c501..9c0b15c 100644
--- a/plugins/wporg-5ftf/tests/test-auth.php
+++ b/plugins/wporg-5ftf/tests/test-auth.php
@@ -1,6 +1,6 @@
 <?php
 
-use function WordPressDotOrg\FiveForTheFuture\Auth\{ get_authentication_url, is_valid_authentication_token };
+use function WordPressDotOrg\FiveForTheFuture\Auth\{ can_manage_pledge, get_authentication_url, is_valid_authentication_token };
 use const WordPressDotOrg\FiveForTheFuture\Auth\{ TOKEN_PREFIX };
 use const WordPressDotOrg\FiveForTheFuture\Pledge\CPT_ID as PLEDGE_POST_TYPE;
 
@@ -226,4 +226,53 @@ class Test_Auth extends WP_UnitTestCase {
 
 		$this->assertFalse( $verified );
 	}
+
+	/**
+	 * @covers ::can_manage_pledge
+	 */
+	public function test_user_with_token_can_manage_pledge() {
+		$action = 'manage_pledge';
+		$token  = self::_get_token( self::$pledge->ID, $action, self::$page->ID, false );
+
+		$result = can_manage_pledge( self::$pledge->ID, $token['value'] );
+		$this->assertTrue( $result );
+	}
+
+	/**
+	 * @covers ::can_manage_pledge
+	 */
+	public function test_user_without_token_cant_manage_pledge() {
+		$result = can_manage_pledge( self::$pledge->ID, '' );
+		$this->assertWPError( $result );
+	}
+
+	/**
+	 * @covers ::can_manage_pledge
+	 */
+	public function test_logged_in_admin_can_manage_pledge() {
+		$user = self::factory()->user->create(
+			array(
+				'role' => 'administrator',
+			)
+		);
+		wp_set_current_user( $user );
+
+		$result = can_manage_pledge( self::$pledge->ID );
+		$this->assertTrue( $result );
+	}
+
+	/**
+	 * @covers ::can_manage_pledge
+	 */
+	public function test_logged_in_subscriber_cant_manage_pledge() {
+		$user = self::factory()->user->create(
+			array(
+				'role' => 'subscriber',
+			)
+		);
+		wp_set_current_user( $user );
+
+		$result = can_manage_pledge( self::$pledge->ID );
+		$this->assertWPError( $result );
+	}
 }