From 2d4d29da066fbdca42b2d25ac3bc52c1ff67b542 Mon Sep 17 00:00:00 2001 From: Ankit Agarwal Date: Tue, 2 Jul 2013 11:57:17 +0800 Subject: [PATCH] MDL-40354 groups:groups_get_activity_allowed_groups() should use passed userid to check capabilities --- lib/grouplib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/grouplib.php b/lib/grouplib.php index 4c3bbd22177..be99f74d335 100644 --- a/lib/grouplib.php +++ b/lib/grouplib.php @@ -776,7 +776,7 @@ function groups_get_activity_allowed_groups($cm,$userid=0) { // If visible groups mode, or user has the accessallgroups capability, // then they can access all groups for the activity... $context = context_module::instance($cm->id); - if ($groupmode == VISIBLEGROUPS or has_capability('moodle/site:accessallgroups', $context)) { + if ($groupmode == VISIBLEGROUPS or has_capability('moodle/site:accessallgroups', $context, $userid)) { return groups_get_all_groups($cm->course, 0, $cm->groupingid); } else { // ...otherwise they can only access groups they belong to