as we all know:
if a path has ACL search permission for a group,
and another user is in the group then this user has the search permission.
so when we get the ACL search permission, we should check user or group has the search permission.
But for fix search permission,
I think only set ACL search permission for user is enough.
is it necessary to set ACL search permission for group?