Index: lib.php
===================================================================
RCS file: /cvsroot/moodle/moodle/course/lib.php,v
retrieving revision 1.538.2.3
diff -c -r1.538.2.3 lib.php
*** lib.php	27 Nov 2007 01:52:17 -0000	1.538.2.3
--- lib.php	9 Dec 2007 23:22:35 -0000
***************
*** 45,50 ****
--- 45,73 ----
              $users[$guest->id] = fullname($guest);
          }
  
+         // Check the user's permission to view the list of participants (MDL-12505)
+         if (! $context = get_context_instance(CONTEXT_COURSE, $course->id)) {
+             error("Context ID is incorrect");
+         }
+         $sitecontext = get_context_instance(CONTEXT_SYSTEM);
+         $frontpagectx = get_context_instance(CONTEXT_COURSE, SITEID);
+ 
+         if ($context->id != $frontpagectx->id) {
+             if (!has_capability('moodle/course:viewparticipants', $context)) {
+                 $users = array();
+             }
+         } else {
+             if (!has_capability('moodle/site:viewparticipants', $sitecontext)) {
+                 $users = array();
+             }
+         }
+         // Quick and dirty solution of separate groups problem (MDL-12505). Proper solution should check
+         // if there is an activity where the two users can meet each other...
+         if ($course->groupmode == SEPARATEGROUPS && $course->groupmodeforce && !has_capability('moodle/site:accessallgroups', $context)) {
+             $users = array();
+         }
+ 
+ 
          if (has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
              if ($ccc = get_records("course", "", "", "fullname")) {
                  foreach ($ccc as $cc) {