From b6edcb3a7c50407dfbc82e5dfb4f72dff59e61f8 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Tue, 13 Jun 2023 05:21:11 +0200
Subject: [PATCH] Hide limited users if viewed by anonymous ghost (#25214)

The ghost user leads to inclusion of limited users/orgs in
`BuildCanSeeUserCondition`.
---
 models/packages/container/search.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/models/packages/container/search.go b/models/packages/container/search.go
index b65c8634d6544..e02aedfc9d72e 100644
--- a/models/packages/container/search.go
+++ b/models/packages/container/search.go
@@ -271,6 +271,10 @@ func GetRepositories(ctx context.Context, actor *user_model.User, n int, last st
 		cond = cond.And(builder.Gt{"package_property.value": strings.ToLower(last)})
 	}
 
+	if actor.IsGhost() {
+		actor = nil
+	}
+
 	cond = cond.And(user_model.BuildCanSeeUserCondition(actor))
 
 	sess := db.GetEngine(ctx).