Todos::Destroy::GroupPrivateService#authorized_users should not include subgroup members
When a group is set to private, we destroy todos for users that are no longer authorized to view the group.
We use Todos::Destroy::GroupPrivateService#authorized_users
as the list of users whose todos we want to retain.
This should not include members of subgroups because being a member of a subgroup does not give access to the parent group.
Note that this is not a security vulnerability because even if the todos are not deleted, we filter them out from the UI and API using Todos::AllowedTargetFilterService
. This just results to incorrect counts in the todos page because we count all todos regardless of permissions.
Edited by Heinrich Lee Yu