Restrict users from read access to certain branches

Problem to solve

Restrict users from read access on certain branches

Further details

Currently (latest v11.11) there is unfortunately no built-in feature of Gitlab CE to restrict project members from read access on certain branches. In our use-case each member of a project has his/her own branch for a certain challenge (= task) assigned to him/her. It might happen member has more than one challenge, hence member could own more branches like in the following screenshot:

By the way branches are created automatically following a certain naming rule once maintainer of the project creates a challenge (created in external application).

We have managed to restrict users from write access on the branches of other members thank to pre-receive hook of gitlab-shell 👍🏾

But we couldn't find a way to achieve a similar solution for the read access. So far to solve this problem our approach is checking and validating each time when user tries to clone the project or checkout from current branch to another one.

Note: hosting every challenge on a separate project by adding just a single member to the project wouldn't be efficient way, as we have hundreds of challenges per each single project.

Question

For now we would like to know where in the source code of Gitlab CE we could check if the user trying to clone the project follow our rule by using a pattern like

git clone -b <branch_name_containing_user-id> --single-branch <repo_url> ?

How does look like our approach to solve the given problem ? Any idea welcome! Thanks a lot in advance!