Display user records to a particular role

Hi all need help on the below requirement

1. Manager - needs to see all the groups  and the users which he has membership and also the records to the type(custom field)  which he has access

say for sg. a group has a type tagged as B, C and even if the manager is not part of the type B group but hold membership to a different group which also has type B will be able to see the record

2. Agent has to see only the group records which they hold membership alone

The below Script works perfectly in the query business rule: 

but doesn't seem to work in the ACL script and displays all the records

(function executeRule(current, previous /*null when async*/ ) {

    var grpMem = []; //fetching the groups the logged in user is part of
    var grpTyp = []; // fetching owning business group the logged in user is part of 
    var arrayUtil = new ArrayUtil();
    var myGroups = new GlideRecord('sys_user_grmember');
    myGroups.addQuery('user', gs.getUserID());
    myGroups.query();
    while (myGroups.next()) {
        grpMem.push(myGroups.group.sys_id); //groups wwhich logged in user has access
        grpTyp.push(myGroups.group.type); //owning business group of the groups
    }

    var type = grpTyp.toString().split(",");
    var uniqType = arrayUtil.unique(type); //unique cumulative bands of the groups
    var grpList = grpMem.toString(); //sys if of groups

    //sys_idLIKEeee^ORtypeLIKE^typeISNOTEMPTY
    if (gs.hasRole('manager')) {
        current.addEncodedQuery('sys_idIN' + grpList + '^ORtypeIN' + uniqType + '^typeISNOTEMPTY'); // return records for the logged in user memeberships and he is part of the type
    } else if (gs.hasRole('agent')) {
        current.addEncodedQuery('sys_idIN' + grpList);
    }

    // filtering records to display based on the type and the group memebership

})(current, previous);

Please help on how to make this as a ACL script.

Also via the business rule , the user is not able to see the user records. so how to achieve this as well