diff --git a/app/Http/Controllers/SkinlibController.php b/app/Http/Controllers/SkinlibController.php
index c599c990..f7ea5aa5 100644
--- a/app/Http/Controllers/SkinlibController.php
+++ b/app/Http/Controllers/SkinlibController.php
@@ -59,9 +59,12 @@ class SkinlibController extends Controller
             })
             ->when($user, function (Builder $query, User $user) {
                 if (!$user->isAdmin()) {
-                    return $query
-                        ->where('public', true)
-                        ->orWhere('uploader', $user->uid);
+                    // use closure-style `where` clause to lift up SQL priority
+                    return $query->where(function (Builder $query) use ($user) {
+                        $query
+                            ->where('public', true)
+                            ->orWhere('uploader', $user->uid);
+                    });
                 }
             }, function (Builder $query) {
                 // show public textures only to anonymous visitors
diff --git a/tests/HttpTest/ControllersTest/SkinlibControllerTest.php b/tests/HttpTest/ControllersTest/SkinlibControllerTest.php
index 3270d566..3af970a0 100644
--- a/tests/HttpTest/ControllersTest/SkinlibControllerTest.php
+++ b/tests/HttpTest/ControllersTest/SkinlibControllerTest.php
@@ -55,6 +55,11 @@ class SkinlibControllerTest extends TestCase
                     ['tid' => $steve->tid, 'nickname' => $steve->owner->nickname],
                 ],
             ]);
+        $user = factory(User::class)->create();
+        $list = $this->actingAs($user)
+            ->getJson('/skinlib/list?keyword=a')
+            ->decodeResponseJson('data');
+        $this->assertCount(1, $list);
 
         // with uploader
         $this->getJson('/skinlib/list?uploader='.$steve->uploader)