Hide limited users if viewed by anonymous ghost (#25214) (#25224)

Backport #25214 by @KN4CK3R

The ghost user leads to inclusion of limited users/orgs in
`BuildCanSeeUserCondition`.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

diff --git a/models/packages/container/search.go b/models/packages/container/search.go
index b65c8634d65447560e4762894f0055e4e738c2b4..e02aedfc9d72eda623a7667fdf34b88786113893 100644 (file)
--- a/models/packages/container/search.go
+++ b/models/packages/container/search.go
@@ -271,6 +271,10 @@ func GetRepositories(ctx context.Context, actor *user_model.User, n int, last st
                cond = cond.And(builder.Gt{"package_property.value": strings.ToLower(last)})
        }
 
+       if actor.IsGhost() {
+               actor = nil
+       }
+
        cond = cond.And(user_model.BuildCanSeeUserCondition(actor))
 
        sess := db.GetEngine(ctx).