MDL-51415 webservice: Check course access using can_access_course()

This function check both user enrolled and course:view capabilities

group/externallib.php

@@ -1363,13 +1363,14 @@ class core_group_external extends external_api {
             }
 
             // Validate if the user is enrolled in the course.
-            if (!is_enrolled($coursecontext, $user->id)) {
+            $course = get_course($cm->course);
+            if (!can_access_course($course, $user, '', true)) {
                 // We return a warning because the function does not fail for not enrolled users.
                 $warning = array();
                 $warning['item'] = 'course';
                 $warning['itemid'] = $cm->course;
                 $warning['warningcode'] = '1';
-                $warning['message'] = "User $user->id is not enrolled in course $cm->course";
+                $warning['message'] = "User $user->id cannot access course $cm->course";
                 $warnings[] = $warning;
             }
         }

notes/externallib.php

@@ -690,7 +690,7 @@ class core_notes_external extends external_api {
                 throw new moodle_exception('invaliduserid');
             }
 
-            if ($course->id != SITEID and !is_enrolled($context, $user, '', true)) {
+            if ($course->id != SITEID and !can_access_course($course, $user, '', true)) {
                 throw new moodle_exception('notenrolledprofile');
             }
         }

user/externallib.php

@@ -1394,7 +1394,7 @@ class core_user_external extends external_api {
             profile_view($user, $usercontext);
         } else {
             // Case like user/view.php.
-            if (!$currentuser and !is_enrolled($coursecontext, $user->id)) {
+            if (!$currentuser and !can_access_course($course, $user, '', true)) {
                 throw new moodle_exception('notenrolledprofile');
             }