From 2126f712bfc0ea63705e54abbd14aec54299fa50 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Tue, 13 Jun 2023 05:21:11 +0200 Subject: [PATCH] Hide limited users if viewed by anonymous ghost (#25214) The ghost user leads to inclusion of limited users/orgs in `BuildCanSeeUserCondition`. --- models/packages/container/search.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/models/packages/container/search.go b/models/packages/container/search.go index 0d3664d38434..9a16b3ae44b9 100644 --- a/models/packages/container/search.go +++ b/models/packages/container/search.go @@ -262,6 +262,10 @@ func GetRepositories(ctx context.Context, actor *user_model.User, n int, last st cond = cond.And(builder.Gt{"package_property.value": strings.ToLower(last)}) } + if actor.IsGhost() { + actor = nil + } + cond = cond.And(user_model.BuildCanSeeUserCondition(actor)) sess := db.GetEngine(ctx).