Subgroups API does not show visible subgroups to authenticated non-members
Summary
API call to list subgroups does not show subgroups if the API call is authenticated, but the authenticated user is not a member of those subgroups.
Steps to reproduce
Open https://gitlab.com/api/v4/groups/gitlab-org/subgroups while not being logged in, observe non-empty response. Open the same URL while being logged in as a non-member of the gitlab organization, observe []
as a response.
What is the expected correct behavior?
The documentation clearly states
Get a list of visible direct subgroups in this group.
Output of checks
This bug happens on GitLab.com