Index: lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningController.java =================================================================== diff -u -r1621b6daf8385b83e75f7ffde03c017b05c12487 -rc707049495e78958e693f8161cb8e71e7f5d6b69 --- lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningController.java (.../LearningController.java) (revision 1621b6daf8385b83e75f7ffde03c017b05c12487) +++ lams_tool_doku/src/java/org/lamsfoundation/lams/tool/dokumaran/web/controller/LearningController.java (.../LearningController.java) (revision c707049495e78958e693f8161cb8e71e7f5d6b69) @@ -41,6 +41,7 @@ import org.lamsfoundation.lams.etherpad.EtherpadException; import org.lamsfoundation.lams.notebook.model.NotebookEntry; import org.lamsfoundation.lams.notebook.service.CoreNotebookConstants; +import org.lamsfoundation.lams.security.ISecurityService; import org.lamsfoundation.lams.tool.ToolAccessMode; import org.lamsfoundation.lams.tool.dokumaran.DokumaranConstants; import org.lamsfoundation.lams.tool.dokumaran.dto.SessionDTO; @@ -50,6 +51,7 @@ import org.lamsfoundation.lams.tool.dokumaran.service.DokumaranApplicationException; import org.lamsfoundation.lams.tool.dokumaran.service.IDokumaranService; import org.lamsfoundation.lams.tool.dokumaran.web.form.ReflectionForm; +import org.lamsfoundation.lams.usermanagement.Role; import org.lamsfoundation.lams.usermanagement.User; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.util.Configuration; @@ -81,6 +83,9 @@ @Autowired private IDokumaranService dokumaranService; + @Autowired + private ISecurityService securityService; + /** * Read dokumaran data from database and put them into HttpSession. It will redirect to init.do directly after this * method run successfully. @@ -180,7 +185,7 @@ sessionMap.put(DokumaranConstants.ATTR_REFLECTION_INSTRUCTION, dokumaran.getReflectInstructions()); sessionMap.put(DokumaranConstants.ATTR_REFLECTION_ENTRY, entryText); - if (dokumaran.isGalleryWalkEnabled() && mode != null && mode.isAuthor()) { + if (dokumaran.isGalleryWalkEnabled() && mode != null && mode.isAuthor() && request.isUserInRole(Role.AUTHOR)) { String[] galleryWalkParameterValuesArray = request.getParameterValues("galleryWalk"); if (galleryWalkParameterValuesArray != null) { Collection galleryWalkParameterValues = Set.of(galleryWalkParameterValuesArray);