After patch https://reviews.mahara.org/#/c/5695/6 for Bug1514374, we've now got duplicate code it htdocs/collection/index.php and htdocs/collection/index.json.php, for checking whether the user has access to the particular collections they're trying to look at.
This kind of duplication stands a high likelihood of falling out of sync if changes are made to the access code in the future, so we should abstract it out into a common access method that gets called by both scripts.
The code is not *exactly* the same in both places. index.php intersperses it with code to set the menu headers, and index.json.php sends an error via json_reply on failure, while index.php throws an AccessDeniedException(). So it will require a little bit of thinking to do it. But it's not impossible.
When tackling that, it should be looked at whether we can set coding standards / guidelines when we have a json.php and a .php file so we don't end up in a situation like this again.