Obviously you can simply log in as a member of the group and not a member of the group to check your results, this approach does *not* provide you with any level of assurances that a misconfigured client/ bad actor can view/purchase items they should not.
If you are looking for security validation, the only way I can see to *ensure* that only members from a specific group are given the choice to purchase is to review the code running on the server. It will not be difficult to validate, but it will require a few minutes of looking at the code and then writing a test script to validate.
Regards,
Pete Lindsey