API members/all endpoint returns wrong access_level
Summary
On our gitlab server (ce 11.2.3) we have some projects in nested groups. For example group1->group2->project. We have users on group1 with developer access permissions. These users have maintainer permissions on other groups / projects (not directly inherited). When we use the members/all API endpoint on project1 the users is returned with both the maintainer and developer permission. Only the developer permission is expected. Note that this only happens with some of the users, not all.