Merge request approver list is hidden if it contains groups not available to the author of the merge request

Summary

If an approval rule includes groups that the MR requester does not have access to, the MR requester won't be able to see any approvers in this merge request.

Steps to reproduce

  • Create a new project and add 2 users with Developer permissions to this project. Let's call them users A and B.
  • In the new project, go to Settings > Merge requests > Merge request approvals and create a new approval rule: add two groups to this approval rule and user B. Make sure that user A is not a member of 2 groups that you've added to the approval rule.
  • Impersonate user A, create a merge request to the project and check how the approval section looks. It won't give any details about the specific users included eligible for approval (see the screenshot below).
  • Check the MR as an admin: you will be able to see the full list of members from both groups, and user B.

What is the current bug behavior?

As soon as there is a group in the approval rule that the MR requester does not have access to, they are not allowed to see ANY approvers.

What is the expected correct behavior?

The MR requester should be able to see the members that are not part of those groups like user B in the scenario above.

Relevant logs and/or screenshots

Screenshot of the approval rule with 2 groups and user B:

approval_rule_user_and_groups

Screenshot of the approval rule with only user B:

approval_rule_user_only

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

System information
System:   Debian 12
Proxy:    no
Current User: git
Using RVM:  no
Ruby Version: 3.1.4p223
Gem Version:  3.5.7
Bundler Version:2.5.8
Rake Version: 13.0.6
Redis Version:  7.0.15
Sidekiq Version:7.1.6
Go Version: unknown

GitLab information
Version:  16.11.0-ee
Revision: 22834294718
Directory:  /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 13.14
URL:    https://gitlabhost.tld
HTTP Clone URL: https://gitlabhost.tld/some-group/some-project.git
SSH Clone URL:  git@gitlabhost.tld:some-group/some-project.git
Elasticsearch:  no
Geo:    no
Using LDAP: no
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:  14.35.0
Repository storages:
- default:  unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path:    /opt/gitlab/embedded/service/gitlab-shell

Gitaly
- default Address:  unix:/var/opt/gitlab/gitaly/gitaly.socket
- default Version:  16.11.0
- default Git Version:  2.43.2