Issue Summary

If an anonymous user searches for something with content search API, and the query happens to get a hit on a user, the API returns a 403 error.

Example of a search query that matches a user and returns 403: (open using fresh incognito window):
https://refined.atlassian.net/wiki/rest/api/search?cql=title%20~%20%22emil%22%20

But if the anonymous user's search query does NOT have a user match in the result set, it returns the API results successfully (200)

Example of non-user matching search, returning 200 + results: (open using fresh incognito window):
https://refined.atlassian.net/wiki/rest/api/search?cql=title%20~%20"partners"%20 

NOTE: This bug report is about receiving a 403 on anonymous content search API calls whenever there's a user profile match on the query. We do not expect user profile matches to be included at all on this method; however, we also expect that a user match shouldn't affect this query at all.

Steps to Reproduce

1. Open incognito window to insure you're not logged in
2. Call content search API, searching for a title for a known username on instance: https://refined.atlassian.net/wiki/rest/api/search?cql=title%20~%20%22emil%22%20

Expected Results

API call succeeds whether or not the query finds a user profile match. 

Actual Results

403 error on CQL queries that find a hit/match on user profile.

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available