Issue Summary

Granting "Browse Project" permission to "User custom field value (XXXX)" makes the project visible to all portal customers. Regardless of whether that field is filled or not.

Steps to Reproduce

• Create a JSM project say CSM, set its permission to Customers added to this service project only by agents and admins, and add a customer to this project.
• Create another project say DEMO and set its permission to Customers added to this service project only by agents and admins
• Do not add the same customer to this project.
• Create a user-picker field and add it to the Browse projects permission of the DEMO project.
• When the portal customer logs in, they will see both projects on the portal:
  
• Associated KB articles of both projects will also be visible to the logged in customer

Expected Results

The project should not be visible to all customers here: https://<sitename>.atlassian.net/servicedesk/customer/portals

Actual Results

The project and its KB articles are visible to all customers her: https://<sitename>.atlassian.net/servicedesk/customer/portals

Workaround

Remove the "User custom field value (XXXX)" in the Browse project permission