Currently users with no lesson create / edit permissions can still see course referenced lessons, reference existing lessons and see edit buttons even if pressing will result in an error.
Check what is the current user permitted to do and display buttons accordingly. Deny field access if the user has no permissions (create or use). Apply the same logic for lessons and activities.
Active
1.0
Courses and lessons