Fix api_protect_course_group reject request if group doesn't exists BT#13541

Fix php warning

main/inc/ajax/announcement.ajax.php

@@ -10,6 +10,7 @@ $action = isset($_REQUEST['a']) ? $_REQUEST['a'] : null;
 
 $isAllowedToEdit = api_is_allowed_to_edit();
 $courseInfo = api_get_course_info();
+$courseId = api_get_course_int_id();
 $groupId = api_get_group_id();
 $sessionId = api_get_session_id();
 
@@ -35,12 +36,17 @@ switch ($action) {
         }
 
         if ($allowToEdit === false && !empty($groupId)) {
-            $groupProperties = GroupManager:: get_group_properties($groupId);
+            $groupProperties = GroupManager::get_group_properties($groupId);
             // Check if user is tutor group
             $isTutor = GroupManager::is_tutor_of_group(api_get_user_id(), $groupProperties, $courseId);
             if ($isTutor) {
                 $allowToEdit = true;
             }
+
+            // Last chance ... students can send announcements.
+            /*if ($groupProperties['announcements_state'] == GroupManager::TOOL_PRIVATE_BETWEEN_USERS) {
+                $allowToEdit = true;
+            }*/
         }
 
         if ($allowToEdit === false) {

main/inc/lib/api.lib.php

@@ -8982,11 +8982,17 @@ function api_mail_html(
  */
 function api_protect_course_group($tool, $showHeader = true)
 {
-    $userId = api_get_user_id();
     $groupId = api_get_group_id();
-    $groupInfo = GroupManager::get_group_properties($groupId);
+    if (!empty($groupId)) {
+        $userId = api_get_user_id();
+        $groupInfo = GroupManager::get_group_properties($groupId);
+
+        // Group doesn't exists
+        if (empty($groupInfo)) {
+            api_not_allowed($showHeader);
+        }
 
-    if (!empty($groupInfo)) {
+        // Check group access
         $allow = GroupManager::user_has_access(
             $userId,
             $groupInfo['iid'],