Empty subgroups are accessible, but not listed w/o replicating group sharing of the parent (sub)group
Summary
A user U is a member of some group X. The group X is added as a member of another group Y. The group Y has empty subgroups.
When the user U logs in and navigates to the group Y's page, only those subgroups of Y are shown in the Subgroups and projects section that have the user U or its group X as an explicit member OR are non-empty (i.e. have projects or subgroups).
But even those empty subgroups of Y that are not shown on the group Y's page are still accessible to the user U when navigated to directly.
Steps to reproduce
Consider an org model:
-
org_root/
-
users/
group1/
-
public/
subgroup1/
subgroup2/
-
subgroup3/
project3.1
restricted/
-
- create the org model as shown above
- add user U to
org_root/
with Minimal Access - add user U to
/users/group1/
with Maintainer access - add
/users/group1/
as a member topublic/
- add
/users/group1/
as a member topublic/subgroup2
Example Project
N/A
What is the current bug behavior?
When GitLab's page for /org_root/public/
is opened, only subgroup2/
and subgroup3/
entries are listed for the user U.
But despite subgroup1/
not being listed, it can still be opened directly by navigating to /org_root/public/subgroup1/
.
What is the expected correct behavior?
All subgroups (including subgroup1
) should be listed for the user U on the /org_root/public/
's page.
Relevant logs and/or screenshots
N/A
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
N/A
Results of GitLab application Check
Possible fixes
N/A