JQL function membersOf returns incorrect results if the user has groups in another user directory

Summary

When using the JQL function membersOf it's possible to return invalid results if the user is a member of the group being selected in one user directory, but not the current one. For example:

• User captain.planet in the JIRA Internal Directory (JIT) is a member of the group eco-warrior.
• That user captain.planet is not a member of that group in the Active Directory (AD).
• Active Directory is above JIRA Internal Directory, so the user is referenced from AD rather than the JIT.
• The membersOf("eco-warrior") JQL will return issues as if that user was in the group.

Steps to Reproduce

1. Add a user to the JIT and AD (e.g.: captain-planet).
2. Give them a group in the JIT and not the AD (or the other way around), for example eco-warrior.
3. Move the user directory that they are not a member of the group to the top.
4. Create an issue with them as the reporter.
5. Run the following JQL:

   reporter = captain.planet and reporter in membersOf("eco-warrior")
   

Expected Results

The issue is not returned as they are not a member of that group.

Actual Results

The issue is returned, as the other User Directory has them in that group.

Notes

This can be worked around by:

1. Swapping the order of the user directories.
2. Removing the user from the group.
3. Restoring the original order.