You need to sign in or sign up before continuing.

User with inherited membership don't have access to shared group when querying the API

Steps to reproduce

Set up the following group hierarchy:

Organization group
- Projects subgroup
- Users subgroup

Create a group-group share:

share Projects subgroup with Users subgroup.

Add user as owner of Organization
create a PersonalAccessToken for user with api scope
curl --header "PRIVATE-TOKEN: " "http://localhost:3000/api/v4/groups/<group ID of projects>"

What is the current bug behavior?

shared_with_groups attribute is empty.

What is the expected correct behavior?

shared_with_groups attribute should include Users group.

With the current behaviour, user must be a direct member of Users group to be able to query the details of shared_with_groups, which shouldn't be required.

Possible fixes

Seems there's a bug where we check if the group is visible to the user.

Edited Feb 19, 2021 by Imre Farkas