MDL-27036 AICC HACP handling - add missing check for correct user with has_capability.

diff --git a/mod/scorm/aicc.php b/mod/scorm/aicc.php
index ea61f39..3ef9295 100644 (file)
--- a/mod/scorm/aicc.php
+++ b/mod/scorm/aicc.php
@@ -195,7 +195,7 @@ if (!empty($command)) {
                     if (! $cm = get_coursemodule_from_instance("scorm", $scorm->id, $scorm->course)) {
                         echo "error=1\r\nerror_text=Unknown\r\n"; // No one must see this error message if not hacked
                     }
-                    if (!empty($aiccdata) && has_capability('mod/scorm:savetrack', get_context_instance(CONTEXT_MODULE, $cm->id))) {
+                    if (!empty($aiccdata) && has_capability('mod/scorm:savetrack', get_context_instance(CONTEXT_MODULE, $cm->id), $aiccuser->id)) {
                         $initlessonstatus = 'not attempted';
                         $lessonstatus = 'not attempted';
                         if (isset($scormsession->scorm_lessonstatus)) {