Authenticated member with inherited membership to group sees "Private" for users with direct membership
Summary
A customer reports (Zendesk ticket (internal only)) that in groups they have inherited membership to, they cannot see the source of direct members. Instead, the UI displays "Private". The customer described it this way:
I am still seeing direct users appearing as ‘private’. It appears that when reviewing the ‘source’ in a repo that I’ve inherited, I see “private”. But, when I view source for users where I am added as a reporter, I see direct member. So, while I’ve inherited permissions downwards, I cannot confidently say if others were directly added as I see ‘private’ only.
Details about specific groups and members are in the Zendesk ticket.
What is the current bug behavior?
Basic details:
- User is a member of the group, but their membership is inherited. They are a
reporterin this group. - When viewing the list of members, they can see the source of other members whose membership is inherited.
- But, they cannot view the source of members whose membership in the group is direct - instead, it shows
Private. - I've attached a screenshot.
What is the expected correct behavior?
It's our understanding that as a member of the group, whether inherited or direct, they should be able to see everything a reporter can normally see, including group membership sources.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
- GitLab Enterprise Edition 16.11.0-pre 9ef96894 (gitlab.com)