In og_field_widget_form() we check for group IDs associated with the content that may not be accessible to the user so that those groups are saved along with any changes in selection the user makes.
Currently, og_get_entity_groups() is used to compare the entity groups with the user's groups. However, it is possible for the user to be legitimately given options in the group audience field, by action of other modules, to groups they may not be part of. If a user is not part of a group, but is allowed access to that group in the group audience field, they can add but not remove, that group from the group audience as the validation will add it back if the user de-selects it.
I propose that OgSelectionHandler::getReferenceableEntities be used instead of og_get_entity_groups(). By using the selection handler, we compare the entity groups with all options given to the user in the audience field.
Patch to follow.
PASSED: [[SimpleTest]]: [MySQL] 781 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 780 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 832 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 805 pass(es).