Protect the search and repository list endpoints appropriately. Add more differentiating data to some need types. Remove the notification about password change from the user admin page. Select the dependent models for the visible repo list.

data/model/legacy.py

@@ -555,9 +555,9 @@ def get_visible_repository_count(username=None, include_public=True,
 
 def get_visible_repositories(username=None, include_public=True, page=None,
                              limit=None, sort=False, namespace=None):
-  query = _visible_repository_query(username=username,
-                                    include_public=include_public, page=page,
-                                    limit=limit, namespace=namespace)
+  query = _visible_repository_query(username=username, include_public=include_public, page=page,
+                                    limit=limit, namespace=namespace,
+                                    select_models=[Repository, Visibility])
 
   if sort:
     query = query.order_by(Repository.description.desc())
@@ -569,9 +569,9 @@ def get_visible_repositories(username=None, include_public=True, page=None,
 
 
 def _visible_repository_query(username=None, include_public=True, limit=None,
-                              page=None, namespace=None):
+                              page=None, namespace=None, select_models=[]):
   query = (Repository
-             .select()  # Note: We need to leave this blank for the get_count case. Otherwise, MySQL/RDS complains.
+             .select(*select_models)  # Note: We need to leave this blank for the get_count case. Otherwise, MySQL/RDS complains.
              .distinct()
              .join(Visibility)
              .switch(Repository)