From 089bc279075bbfe258e8705e601200241f953ded Mon Sep 17 00:00:00 2001
From: Adrian Greeve <adrian@moodle.com>
Date: Tue, 8 Nov 2016 13:52:47 +0800
Subject: [PATCH] MDL-56363 mod_assign: Restrictions added for tutors.

If the grader does not have the accessallgroups capability
or is not a member of the group then no participants are
shown.
---
 mod/assign/amd/src/participant_selector.js | 3 ++-
 mod/assign/externallib.php                 | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/mod/assign/amd/src/participant_selector.js b/mod/assign/amd/src/participant_selector.js
index 2bbb2d6..04f09f6 100644
--- a/mod/assign/amd/src/participant_selector.js
+++ b/mod/assign/amd/src/participant_selector.js
@@ -53,6 +53,7 @@ define(['core/ajax', 'jquery', 'core/templates'], function(ajax, $, templates) {
          */
         transport: function(selector, query, success, failure) {
             var assignmentid = $(selector).attr('data-assignmentid');
+            var groupid = $(selector).attr('data-groupid');
             var filters = $('[data-region="configure-filters"] input[type="checkbox"]');
             var filterstrings = [];
 
@@ -62,7 +63,7 @@ define(['core/ajax', 'jquery', 'core/templates'], function(ajax, $, templates) {
 
             var promise = ajax.call([{
                 methodname: 'mod_assign_list_participants',
-                args: {assignid: assignmentid, groupid: 0, filter: query, limit: 30, includeenrolments: false}
+                args: {assignid: assignmentid, groupid: groupid, filter: query, limit: 30, includeenrolments: false}
             }]);
 
             promise[0].then(function(results) {
diff --git a/mod/assign/externallib.php b/mod/assign/externallib.php
index a0aba47..8a69ffe 100644
--- a/mod/assign/externallib.php
+++ b/mod/assign/externallib.php
@@ -2648,7 +2648,10 @@ class mod_assign_external extends external_api {
         $assign = new assign($context, null, null);
         $assign->require_view_grades();
 
-        $participants = $assign->list_participants_with_filter_status_and_group($params['groupid']);
+        $participants = array();
+        if (groups_group_visible($params['groupid'], $course, $cm)) {
+            $participants = $assign->list_participants_with_filter_status_and_group($params['groupid']);
+        }
 
         $userfields = user_get_default_fields();
         if (!$params['includeenrolments']) {
-- 
1.9.1