diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb
index a686a94b7c66d93bdd1febb57fb6e9af04bbfa56..9168d6946f35ebf319601c125a3c35a624aaf801 100644
--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -67,7 +67,10 @@ class ProjectPolicy < BasePolicy
   condition(:default_issues_tracker, scope: :subject) { project.default_issues_tracker? }
 
   desc "Container registry is disabled"
-  condition(:container_registry_disabled, scope: :subject) do
+  # Do not use the scope option here as this condition depends
+  # on both the user and the subject, and can lead to bugs like
+  # https://gitlab.com/gitlab-org/gitlab/-/issues/391551
+  condition(:container_registry_disabled) do
     if user.is_a?(DeployToken)
       (!user.read_registry? && !user.write_registry?) ||
       user.revoked? ||