From 9a68ff24d2ee13e5bb0c46d17555704c96161c6c Mon Sep 17 00:00:00 2001
From: Dan Marsden <dan@danmarsden.com>
Date: Mon, 14 Nov 2011 21:03:47 +1300
Subject: [PATCH] MDL-27036 AICC HACP handling - add missing check for correct
 user with has_capability.

---
 mod/scorm/aicc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/scorm/aicc.php b/mod/scorm/aicc.php
index ea61f3947de..3ef92957605 100644
--- a/mod/scorm/aicc.php
+++ b/mod/scorm/aicc.php
@@ -195,7 +195,7 @@ if (!empty($command)) {
                     if (! $cm = get_coursemodule_from_instance("scorm", $scorm->id, $scorm->course)) {
                         echo "error=1\r\nerror_text=Unknown\r\n"; // No one must see this error message if not hacked
                     }
-                    if (!empty($aiccdata) && has_capability('mod/scorm:savetrack', get_context_instance(CONTEXT_MODULE, $cm->id))) {
+                    if (!empty($aiccdata) && has_capability('mod/scorm:savetrack', get_context_instance(CONTEXT_MODULE, $cm->id), $aiccuser->id)) {
                         $initlessonstatus = 'not attempted';
                         $lessonstatus = 'not attempted';
                         if (isset($scormsession->scorm_lessonstatus)) {