Permissions are corrected, i beleive Ninja
As for the link, it can simply be what we did for the "guruPrograms.php" in the components/com_guru/controllers/ area. Where I believe we set it to default Joomla login similiar to this:
$this->setRedirect(JRoute::_("index.php?option=com_users&view=login&return=".base64_encode('index.php?option=com_guru&view=guruPrograms&cid='.$course_id.'&Itemid='.$Itemid), false));
Basically, if the user isn't logged in, then they are forced to log in via default joomla login; which takes them to EasySocial loggin end. However, if they are already logged in, then its the same as we have for the "Enroll" button.
Hope that makes sense.