Index: lams_learning/src/java/org/lamsfoundation/lams/learning/web/controller/NotebookController.java
===================================================================
diff -u -rad2a44cf5737f17483ecb2a732b0d6adcaad8078 -r9c090b4d913dd7feae46711e898babbef79427e9
--- lams_learning/src/java/org/lamsfoundation/lams/learning/web/controller/NotebookController.java	(.../NotebookController.java)	(revision ad2a44cf5737f17483ecb2a732b0d6adcaad8078)
+++ lams_learning/src/java/org/lamsfoundation/lams/learning/web/controller/NotebookController.java	(.../NotebookController.java)	(revision 9c090b4d913dd7feae46711e898babbef79427e9)
@@ -37,6 +37,7 @@
 import org.lamsfoundation.lams.notebook.model.NotebookEntry;
 import org.lamsfoundation.lams.notebook.service.CoreNotebookConstants;
 import org.lamsfoundation.lams.notebook.service.ICoreNotebookService;
+import org.lamsfoundation.lams.security.ISecurityService;
 import org.lamsfoundation.lams.usermanagement.User;
 import org.lamsfoundation.lams.usermanagement.exception.UserAccessDeniedException;
 import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
@@ -59,6 +60,8 @@
     private ILearnerFullService learnerService;
     @Autowired
     private IUserManagementService userManagementService;
+    @Autowired
+    private ISecurityService securityService;
 
     /**
      * View all notebook entries
@@ -89,16 +92,11 @@
     @RequestMapping("/viewAllJournals")
     public String viewAllJournals(@ModelAttribute NotebookForm notebookForm, HttpServletRequest request)
 	    throws IOException, ServletException {
-
-	// getting requested object according to coming parameters
 	Integer userID = LearningWebUtil.getUserId();
-	User user = (User) userManagementService.findById(User.class, userID);
-
-	// lesson service
 	Long lessonID = notebookForm.getLessonID();
 	Lesson lesson = learnerService.getLesson(lessonID);
 
-	if (!hasStaffAccessToJournals(user, lesson)) {
+	if (!securityService.isLessonMonitor(lessonID, userID, "view all journals", false)) {
 	    throw new UserAccessDeniedException(
 		    "User " + userID + " may not retrieve journal entries for lesson " + lessonID);
 	}
@@ -112,25 +110,6 @@
 	return "notebook/viewalljournals";
     }
 
-    // check user has permission to access all the journals for a lesson
-    private boolean hasStaffAccessToJournals(User user, Lesson lesson) {
-	if (lesson == null) {
-	    return false;
-	}
-
-	// lesson owner okay
-	if ((lesson.getUser() != null) && lesson.getUser().getUserId().equals(user.getUserId())) {
-	    return true;
-	}
-
-	// staff member okay
-	if ((lesson.getLessonClass() != null) && lesson.getLessonClass().isStaffMember(user)) {
-	    return true;
-	}
-
-	return false;
-    }
-
     /**
      * View single notebook entry
      */
@@ -150,8 +129,7 @@
 
 	if (entry.getUser() != null && !entry.getUser().getUserId().equals(user.getUserId())) {
 	    // wants to look at someone else's entry - check they are a teacher
-	    Lesson lesson = learnerService.getLesson(currentLessonID);
-	    if (!hasStaffAccessToJournals(user, lesson)) {
+	    if (!securityService.isLessonMonitor(currentLessonID, userID, "view notebook entry", false)) {
 		throw new UserAccessDeniedException(
 			"User " + userID + " may not retrieve journal entries for lesson " + currentLessonID);
 	    }