Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringController.java
===================================================================
diff -u -r671a81e214ab1c4716dd1180d77827404412e67e -r2c74285f2768b9de8e18c685f6de2c1feec36b1e
--- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringController.java	(.../MonitoringController.java)	(revision 671a81e214ab1c4716dd1180d77827404412e67e)
+++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/MonitoringController.java	(.../MonitoringController.java)	(revision 2c74285f2768b9de8e18c685f6de2c1feec36b1e)
@@ -1101,7 +1101,7 @@
 	HttpSession ss = SessionManager.getSession();
 	UserDTO user = (UserDTO) ss.getAttribute(AttributeNames.USER);
 
-	if (true) {
+	if (!securityService.isLessonMonitor(lessonId, user.getUserID(), "get lesson details", false)) {
 	    response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the lesson");
 	    return null;
 	}