Add user/group permission checking on API calls to get subrepositories.
Currently all requested subrepositories are returned allowing users to select a subrepository to which they do not have access. Ultimately allocates for those repositories to which they don't have access will fail, but they preferably would not even be displayed as options.