User with inherited membership don't have access to shared group when querying the API

Steps to reproduce

1. Set up the following group hierarchy:

• Organization group
  • Projects subgroup
  • Users subgroup

2. Create a group-group share:

• share Projects subgroup with Users subgroup.

3. Add user as owner of Organization

4. create a PersonalAccessToken for user with api scope

5. curl --header "PRIVATE-TOKEN: " "http://localhost:3000/api/v4/groups/<group ID of projects>"

What is the current bug behavior?

shared_with_groups attribute is empty.

What is the expected correct behavior?

shared_with_groups attribute should include Users group.

With the current behaviour, user must be a direct member of Users group to be able to query the details of shared_with_groups, which shouldn't be required.

Possible fixes

Seems there's a bug where we check if the group is visible to the user.