From a484481d468c3d1256bd99125aafe4c89c029123 Mon Sep 17 00:00:00 2001
From: Sumaiya Javed <sumaiya.javed@catalyst.net.nz>
Date: Tue, 28 Jan 2025 15:41:39 +1300
Subject: [PATCH] Search users group add capability check

---
 classes/local/course_enrolment_manager.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/classes/local/course_enrolment_manager.php b/classes/local/course_enrolment_manager.php
index ad574c7..a6198d0 100644
--- a/classes/local/course_enrolment_manager.php
+++ b/classes/local/course_enrolment_manager.php
@@ -41,6 +41,8 @@ public function search_users_with_groups(string $search = '', bool $searchanywhe
             array $groups = []) {
         global $DB;
 
+        $context = $this->context;
+
         [$ufields, $joins, $params, $wherecondition] = $this->get_basic_search_conditions($search, $searchanywhere);
 
         $fields      = 'SELECT ' . $ufields;
@@ -53,10 +55,17 @@ public function search_users_with_groups(string $search = '', bool $searchanywhe
                  JOIN {enrol} e ON ue.enrolid = e.id
                  JOIN ({groups_members} gm JOIN {groups} g ON (g.id = gm.groupid))
                       ON (u.id = gm.userid AND g.courseid = e.courseid)
+                 JOIN {role_assignments} ra ON ra.userid = u.id
                 WHERE $wherecondition
                   AND e.courseid = :courseid
+                  AND u.suspended = 0
+                  AND 1 = (SELECT permission FROM {role_capabilities}
+                        WHERE capability LIKE :capability AND roleid = ra.roleid LIMIT 1)
+                  AND ra.contextid = :contextid
                   AND g.id $insql";
         $params['courseid'] = $this->course->id;
+        $params['capability'] = 'mod/dialogue:receive';
+        $params['contextid'] = $context->id;
         $params = array_merge($params, $inparams);
         return $this->execute_search_queries($search, $fields, $countfields, $sql, $params, $page, $perpage, 0, false);
     }