restricted users only see repos in orgs witch there team was assigned to

Author: 6543

models/repo/repo_list.go

@@ -652,12 +652,12 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu
 				userOrgTeamUnitRepoCond("`repository`.id", user.ID, unitType),
 			)
 		}
-		cond = cond.Or(
-			// 4. Repositories that we directly own
-			builder.Eq{"`repository`.owner_id": user.ID},
+		// 4. Repositories that we directly own
+		cond = cond.Or(builder.Eq{"`repository`.owner_id": user.ID})
+		if !user.IsRestricted {
 			// 5. Be able to see all public repos in private organizations that we are an org_user of
-			userOrgPublicRepoCond(user.ID),
-		)
+			cond = cond.Or(userOrgPublicRepoCond(user.ID))
+		}
 	}
 
 	return cond

models/user/search.go

@@ -160,7 +160,8 @@ func BuildCanSeeUserCondition(actor *User) builder.Cond {
 				// or private users who do follow them
 				cond = cond.Or(builder.Eq{
 					"`user`.visibility": structs.VisibleTypePrivate,
-					"`user`.id":         builder.Select("follow.user_id").From("follow").Where(builder.Eq{"follow.follow_id": actor.ID})})
+					"`user`.id":         builder.Select("follow.user_id").From("follow").Where(builder.Eq{"follow.follow_id": actor.ID}),
+				})
 			}
 			// Don't forget about self
 			return cond.Or(builder.Eq{"`user`.id": actor.ID})