Added security to the monitoring calls - the calls to update a lesson now check that the user either the owner of the lesson or a staff member for the lesson.
Fixed getAllLessons() to return all the lessons for which the user is in the lesson's staff group. Added organisationID to the basic lesson DTO returned to Flash.
Loading ...