diff --git a/app/controllers/enrollments_api_controller.rb b/app/controllers/enrollments_api_controller.rb
index ae5eed037ba..a7126d23dc7 100644
--- a/app/controllers/enrollments_api_controller.rb
+++ b/app/controllers/enrollments_api_controller.rb
@@ -220,6 +220,13 @@ class EnrollmentsApiController < ApplicationController
   end
 
   protected
+  # Internal: Collect course enrollments that @current_user has permissions to
+  # read.
+  #
+  # scope_arguments - A hash to be passed as :conditions to an AR scope.
+  #                   Allowed keys are any keys allowed in :conditions.
+  #
+  # Returns an ActiveRecord scope of enrollments on success, false on failure.
   def course_index_enrollments(scope_arguments)
     if authorized_action(@context, @current_user, :read_roster)
       scope_arguments[:conditions].include?(:workflow_state) ?
@@ -230,11 +237,18 @@ class EnrollmentsApiController < ApplicationController
     end
   end
 
+  # Internal: Collect user enrollments that @current_user has permissions to
+  # read.
+  #
+  # scope_arguments - A hash to be passed as :conditions to an AR scope.
+  #                   Allowed keys are any keys allowed in :conditions.
+  #
+  # Returns an ActiveRecord scope of enrollments on success, false on failure.
   def user_index_enrollments(scope_arguments)
     user = api_find(User, params[:user_id])
     # if user is requesting for themselves, just return all of their
     # enrollments without any extra checking.
-    return user.current_enrollments if user == @current_user
+    return user.current_enrollments.scoped(scope_arguments) if user == @current_user
 
     # otherwise check for read_roster rights on all of the requested
     # user's accounts
@@ -243,16 +257,15 @@ class EnrollmentsApiController < ApplicationController
       accounts
     end
 
+    # if there aren't any ids in approved_accounts, then the user doesn't have
+    # permissions.
+    render_unauthorized_action(@user) and return false if approved_accounts.empty?
+
     scope_arguments[:conditions].merge!({ 'enrollments.root_account_id' => approved_accounts })
     enrollments = scope_arguments[:conditions].include?(:workflow_state) ?
       user.enrollments.scoped(scope_arguments) :
       user.current_and_invited_enrollments.scoped(scope_arguments)
 
-    if enrollments.count == 0 && user.current_enrollments.count != 0
-      render_unauthorized_action(@user)
-      return false
-    else
-      return enrollments
-    end
+    enrollments
   end
 end
diff --git a/spec/apis/v1/enrollments_api_spec.rb b/spec/apis/v1/enrollments_api_spec.rb
index aaca4b37d2d..1d7d11603a5 100644
--- a/spec/apis/v1/enrollments_api_spec.rb
+++ b/spec/apis/v1/enrollments_api_spec.rb
@@ -304,7 +304,7 @@ describe EnrollmentsApiController, :type => :integration do
         enrollment = @student.enrollments.first
         enrollment.course_section = @section
         enrollment.save!
-        
+
         @path = "/api/v1/sections/#{@section.id}/enrollments"
         @params = { :controller => "enrollments_api", :action => "index", :section_id => @section.id.to_param, :format => "json" }
         json = api_call(:get, @path, @params)
@@ -642,6 +642,15 @@ describe EnrollmentsApiController, :type => :integration do
           h
         }
       end
+
+      it "should return an empty array when no user enrollments match a filter" do
+        site_admin_user(:active_all => true)
+
+        json = api_call(:get, "#{@user_path}?type[]=TeacherEnrollment",
+          @user_params.merge(:type => %w{TeacherEnrollment}))
+
+        json.should be_empty
+      end
     end
   end
 end