Only include personal snippets in snippets API
Summary
The snippets API doesn't exclude project snippets, but uses Entities::PersonalSnippet
to present them and checks for *_personal_snippet
permissions in some places, so this looks like a bug.
For the /snippets/public
endpoint we're fixing this as part of https://gitlab.com/gitlab-org/gitlab/issues/35389.
Improvements
Make sure all endpoints only interact with personal snippets.
Risks
The API docs don't mention personal and project snippets, so we might break somebody's workflow.
We might first want to introduce a proper API for project snippets before changing this. We could do that on top of our planned GraphQL API: #36079 (closed)
Involved components
lib/api/snippets.rb