Don't know why it doesn't work, but you can try to use the PageData QueryDistinctAccess instead.

CurrentPage.QueryDistinctAccess(AccessLevel.Edit) 

When you pass a user name to QueryAccess it will only check the access for that user since it doesn't know about its roles. I guess most of your users get their access rights through their roles so that is why you see NoAccess.

You need to pass an IPrincipal object which knows about the roles. Most likely you can use PrincipalInfo.CreatePrincipal(username) to get it. But if you use Virtual Roles you must also wrap that principal into a VirtualRolePrincipal or the virtual roles will be ignored. So something like this should work (haven't tried it though):

var username = "whatever";
var principal = PrincipalInfo.CreatePrincipal(username);
var virtualRolePrincipal = VirtualRolePrincipal.CreateWrapper(principal);
var canRead = CurrentPage.ACL.QueryDistinctAccess(virtualRolePrincipal, AccessLevel.Read);

Edit: Spelling

On a side note, I see from your code that you are doing this only for a certain group which probably has a limited number of members, but the approach to loop through users is probably not optimal in other conditions. Say you would like to find all the users with a certain access right, then you would have to loop through all users in the database. An alternate approach is to loop over the ACL to gets the ACE:s and see "directly" what groups and users have been given a certain access level (that would miss virtual roles too, though).

Thanks Magnus, your suggestion worked!