as admin returns all groups, non-root returns only groups that user is part of

api/auth/groupauth.py

@@ -29,14 +29,14 @@ def list_permission_checker(handler, uid=None):
     def g(exec_op):
         def f(method, query=None, projection=None):
             if uid is not None:
-                if uid != handler.uid and not handler.superuser_request:
+                if uid != handler.uid and not handler.superuser_request and not handler.user_is_admin:
                     handler.abort(403, 'User ' + handler.uid + ' may not see the Groups of User ' + uid)
                 query = query or {}
                 query['permissions._id'] = uid
                 projection = projection or {}
                 projection['permissions.$'] = 1
             else:
-                if not handler.superuser_request:
+                if not handler.superuser_request and not handler.user_is_admin:
                     query = query or {}
                     projection = projection or {}
                     if handler.is_true('admin'):

api/handlers/grouphandler.py

@@ -37,7 +37,7 @@ class GroupHandler(base.RequestHandler):
         return result
 
     def get_all(self, uid=None):
-        projection = {'name': 1, 'created': 1, 'modified': 1, 'roles': 1, 'tags': 1}
+        projection = {'label': 1, 'created': 1, 'modified': 1, 'permissions': 1, 'tags': 1}
         permchecker = groupauth.list_permission_checker(self, uid)
         results = permchecker(self.storage.exec_op)('GET', projection=projection)
         if not self.superuser_request and not self.is_true('join_avatars'):