Group API `only_own_groups` filter bug while using trust accounts

[marcospri]

Summary:

The /api/v1/courses/5269/groups?only_own_groups=1 endpoint doesn't return the groups an user belongs to when using the only_own_groups query parameter when used in a trusted accounts setup.

Steps to reproduce:

1. Set Up a trust relationship between two accounts, A and B.
2. Login into A as a student.
3. Pick on of the courses of B
4. You'll get redirected to B
5. Try to use /api/v1/courses/ID/groups?only_own_groups=1 returns [] when the students belongs to groups in the course.

For debugging I tried the following, all as the same student session:

• /api/v1/users/self

{..."id":XXXX0000000000041,"name":"XXX"...}

I get my identity to double check in the next calls

• /api/v1/courses/5269/groups?include[]=users

Listing all users in the course groups

{"id":3305,"name":"Group 1a",...,"users":[...{"id":XXXX0000000000041,"name":"XXXX"...}]

It does include the ID of the current user in one of the groups

• /api/v1/courses/5269/groups?only_own_groups=1

Listing the groups I belong to in the same course, it should return the group from the previous call but returns [] instead.

Expected behavior:

The only_own_groups filter should return the groups the user returns in the target account like it does in other scenarios.

Actual behavior:

The only_own_groups filter doesn't return the groups the user belongs to.

[dwhly]

This is a key issue for many CA CC schools within the California Virtual Campus program.