Merge branch 'ee-users-search-results' into 'master'

[EE] Add users search results to global search See merge request gitlab-org/gitlab-ee!8985

Merge branch 'ee-users-search-results' into 'master'
[EE] Add users search results to global search See merge request gitlab-org/gitlab-ee!8985
52c378d7 · Sean McGivern · 7380e48c · 09da07e6 · 52c378d7 · 52c378d7
Commit 52c378d7 authored Mar 19, 2019 by Sean McGivern
28 changed files
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -29,6 +29,7 @@ class SearchController < ApplicationController
    @search_objects = search_service.search_objects

    render_commits if @scope == 'commits'
+    eager_load_user_status if @scope == 'users'

    check_single_commit_result
  end
@@ -54,6 +55,12 @@ class SearchController < ApplicationController
    @search_objects = prepare_commits_for_rendering(@search_objects)
  end

+  def eager_load_user_status
+    return if Feature.disabled?(:users_search, default_enabled: true)
+
+    @search_objects = @search_objects.eager_load(:status) # rubocop:disable CodeReuse/ActiveRecord
+  end
+
  def check_single_commit_result
    if @search_results.single_commit_result?
      only_commit = @search_results.objects('commits').first

--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -366,7 +366,8 @@ module ProjectsHelper
      blobs:          :download_code,
      commits:        :download_code,
      merge_requests: :read_merge_request,
-      notes:          [:read_merge_request, :download_code, :read_issue, :read_project_snippet]
+      notes:          [:read_merge_request, :download_code, :read_issue, :read_project_snippet],
+      members:        :read_project_member
    )
  end


--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -201,6 +201,16 @@ module SearchHelper
  def limited_count(count, limit = 1000)
    count > limit ? "#{limit}+" : count
  end
+
+  def search_tabs?(tab)
+    return false if Feature.disabled?(:users_search, default_enabled: true)
+
+    if @project
+      project_search_tabs?(:members)
+    else
+      can?(current_user, :read_users_list)
+    end
+  end
 end

 SearchHelper.prepend(EE::SearchHelper)
--- a/app/services/search/global_service.rb
+++ b/app/services/search/global_service.rb
@@ -23,7 +23,8 @@ module Search

    def allowed_scopes
      strong_memoize(:allowed_scopes) do
-        %w[issues merge_requests milestones]
+        allowed_scopes = %w[issues merge_requests milestones]
+        allowed_scopes << 'users' if Feature.enabled?(:users_search, default_enabled: true)
      end
    end


--- a/app/services/search/group_service.rb
+++ b/app/services/search/group_service.rb
@@ -11,6 +11,12 @@ module Search
      @group = group
    end

+    def execute
+      Gitlab::GroupSearchResults.new(
+        current_user, projects, group, params[:search], default_project_filter: default_project_filter
+      )
+    end
+
    def projects
      return Project.none unless group
      return @projects if defined? @projects

--- a/app/services/search/project_service.rb
+++ b/app/services/search/project_service.rb
@@ -16,7 +16,12 @@ module Search
    end

    def scope
-      @scope ||= %w[notes issues merge_requests milestones wiki_blobs commits].delete(params[:scope]) { 'blobs' }
+      @scope ||= begin
+        allowed_scopes = %w[notes issues merge_requests milestones wiki_blobs commits]
+        allowed_scopes << 'users' if Feature.enabled?(:users_search, default_enabled: true)
+
+        allowed_scopes.delete(params[:scope]) { 'blobs' }
+      end
    end
  end
 end

--- a/app/views/search/_category.html.haml
+++ b/app/views/search/_category.html.haml
+- users = capture_haml do
+  - if search_tabs?(:members)
+    %li{ class: active_when(@scope == 'users') }
+      = link_to search_filter_path(scope: 'users') do
+        Users
+        %span.badge.badge-pill
+          = limited_count(@search_results.limited_users_count)
+
 .scrolling-tabs-container.inner-page-scroll-tabs.is-smaller
  .fade-left= icon('angle-left')
  .fade-right= icon('angle-right')
@@ -45,6 +53,7 @@
            = _("Commits")
            %span.badge.badge-pill
              = @search_results.commits_count
+      = users

    - elsif @show_snippets
      %li{ class: active_when(@scope == 'snippet_blobs') }
@@ -94,3 +103,4 @@
            = _("Wiki")
            %span.badge.badge-pill
              = limited_count(@search_results.wiki_blobs_count)
+      = users
--- a/app/views/search/results/_user.html.haml
+++ b/app/views/search/results/_user.html.haml
+%ul.content-list
+  %li
+    .avatar-cell.d-none.d-sm-block
+      = user_avatar(user: user, user_name: user.name, css_class: 'd-none d-sm-inline avatar s40')
+    .user-info
+      = link_to user_path(user), class: 'd-none d-sm-inline' do
+        .item-title
+          = user.name
+          = user_status(user)
+        .cgray= user.to_reference
--- a/changelogs/unreleased/feature-users-search-results.yml
+++ b/changelogs/unreleased/feature-users-search-results.yml
+---
+title: Add users search results to global search
+merge_request: 21197
+author: Alexis Reigel
+type: added
--- a/doc/api/search.md
+++ b/doc/api/search.md
@@ -17,7 +17,7 @@ GET /search
 | `scope`       | string   | yes        | The scope to search in                |
 | `search`      | string   | yes        | The search query  |

-Search the expression within the specified scope. Currently these scopes are supported: projects, issues, merge_requests, milestones, snippet_titles, snippet_blobs.
+Search the expression within the specified scope. Currently these scopes are supported: projects, issues, merge_requests, milestones, snippet_titles, snippet_blobs, users.

 If Elasticsearch is enabled additional scopes available are blobs, wiki_blobs and commits. Find more about [the feature](../integration/elasticsearch.md).

@@ -255,7 +255,7 @@ Example response:
 ### Scope: snippet_blobs

 ```bash
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=snippet_blobs&search=test
+curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=snippet_blos&search=test
 ```

 Example response:
@@ -375,6 +375,27 @@ Example response:
 ]
 ```

+### Scope: users
+
+```bash
+curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/search?scope=users&search=doe
+```
+
+Example response:
+
+```json
+[
+  {
+    "id": 1,
+    "name": "John Doe1",
+    "username": "user1",
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/c922747a93b40d1ea88262bf1aebee62?s=80&d=identicon",
+    "web_url": "http://localhost/user1"
+  }
+]
+```
+
 ## Group Search API

 Search within the specified group.
@@ -391,7 +412,7 @@ GET /groups/:id/search
 | `scope`       | string   | yes        | The scope to search in                |
 | `search`      | string   | yes        | The search query  |

-Search the expression within the specified scope. Currently these scopes are supported: projects, issues, merge_requests, milestones.
+Search the expression within the specified scope. Currently these scopes are supported: projects, issues, merge_requests, milestones, users.

 If Elasticsearch is enabled additional scopes available are blobs, wiki_blobs and commits. Find more about [the feature](../integration/elasticsearch.md).

@@ -687,6 +708,27 @@ Example response:
 ]
 ```

+### Scope: users
+
+```bash
+curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/3/search?scope=users&search=doe
+```
+
+Example response:
+
+```json
+[
+  {
+    "id": 1,
+    "name": "John Doe1",
+    "username": "user1",
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/c922747a93b40d1ea88262bf1aebee62?s=80&d=identicon",
+    "web_url": "http://localhost/user1"
+  }
+]
+```
+
 ## Project Search API

 Search within the specified project.
@@ -703,7 +745,7 @@ GET /projects/:id/search
 | `scope`       | string   | yes        | The scope to search in                |
 | `search`      | string   | yes        | The search query  |

-Search the expression within the specified scope. Currently these scopes are supported: issues, merge_requests, milestones, notes, wiki_blobs, commits, blobs.
+Search the expression within the specified scope. Currently these scopes are supported: issues, merge_requests, milestones, notes, wiki_blobs, commits, blobs, users.

 The response depends on the requested scope.

@@ -1016,4 +1058,25 @@ Example response:
 ]
 ```

+### Scope: users
+
+```bash
+curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/6/search?scope=users&search=doe
+```
+
+Example response:
+
+```json
+[
+  {
+    "id": 1,
+    "name": "John Doe1",
+    "username": "user1",
+    "state": "active",
+    "avatar_url": "http://www.gravatar.com/avatar/c922747a93b40d1ea88262bf1aebee62?s=80&d=identicon",
+    "web_url": "http://localhost/user1"
+  }
+]
+```
+
 [ce-41763]: https://gitlab.com/gitlab-org/gitlab-ce/issues/41763
--- a/ee/app/services/ee/search/global_service.rb
+++ b/ee/app/services/ee/search/global_service.rb
@@ -9,7 +9,9 @@ module EE
      override :execute
      def execute
        if ::Gitlab::CurrentSettings.elasticsearch_search?
-          ::Gitlab::Elastic::SearchResults.new(current_user, params[:search], elastic_projects, elastic_global)
+          ::Gitlab::Elastic::SearchResults.new(current_user, params[:search],
+                                               elastic_projects, projects,
+                                               elastic_global)
        else
          super
        end

--- a/ee/app/services/ee/search/group_service.rb
+++ b/ee/app/services/ee/search/group_service.rb
@@ -3,6 +3,8 @@
 module EE
  module Search
    module GroupService
+      extend ::Gitlab::Utils::Override
+
      def elastic_projects
        @elastic_projects ||= projects.pluck(:id) # rubocop:disable CodeReuse/ActiveRecord
      end
@@ -10,6 +12,15 @@ module EE
      def elastic_global
        false
      end
+
+      override :execute
+      def execute
+        return super unless ::Gitlab::CurrentSettings.elasticsearch_search?
+
+        ::Gitlab::Elastic::GroupSearchResults.new(
+          current_user, elastic_projects, projects, group, params[:search],
+          elastic_global, default_project_filter: default_project_filter)
+      end
    end
  end
 end
--- a/ee/lib/gitlab/elastic/group_search_results.rb
+++ b/ee/lib/gitlab/elastic/group_search_results.rb
+# frozen_string_literal: true
+
+module Gitlab
+  module Elastic
+    # Always prefer to use the full class namespace when specifying a
+    # superclass inside a module, because autoloading can occur in a
+    # different order between execution environments.
+    class GroupSearchResults < Gitlab::Elastic::SearchResults
+      delegate :users, to: :generic_search_results
+      delegate :limited_users_count, to: :generic_search_results
+
+      attr_reader :group, :default_project_filter
+
+      def initialize(current_user, limit_project_ids, limit_projects, group, query, public_and_internal_projects, default_project_filter: false, per_page: 20)
+        super(current_user, query, limit_project_ids, limit_projects, public_and_internal_projects)
+
+        @default_project_filter = default_project_filter
+        @group = group
+      end
+
+      def objects(scope, page = nil)
+        case scope
+        when 'users'
+          users.page(page).per(per_page)
+        else
+          super
+        end
+      end
+
+      def generic_search_results
+        @generic_search_results ||= Gitlab::GroupSearchResults.new(current_user, limit_projects, group, query, default_project_filter: default_project_filter)
+      end
+    end
+  end
+end
--- a/ee/lib/gitlab/elastic/project_search_results.rb
+++ b/ee/lib/gitlab/elastic/project_search_results.rb
@@ -8,6 +8,9 @@ module Gitlab
    class ProjectSearchResults < Gitlab::Elastic::SearchResults
      attr_reader :project, :repository_ref

+      delegate :users, to: :generic_search_results
+      delegate :limited_users_count, to: :generic_search_results
+
      def initialize(current_user, query, project_id, repository_ref = nil)
        @current_user = current_user
        @project = Project.find(project_id)
@@ -26,11 +29,17 @@ module Gitlab
          wiki_blobs.page(page).per(per_page)
        when 'commits'
          commits(page: page, per_page: per_page)
+        when 'users'
+          users.page(page).per(per_page)
        else
          super
        end
      end

+      def generic_search_results
+        @generic_search_results ||= Gitlab::ProjectSearchResults.new(current_user, project, query, repository_ref)
+      end
+
      def blobs_count
        @blobs_count ||= blobs.total_count
      end

--- a/ee/lib/gitlab/elastic/search_results.rb
+++ b/ee/lib/gitlab/elastic/search_results.rb
@@ -7,11 +7,15 @@ module Gitlab

      # Limit search results by passed project ids
      # It allows us to search only for projects user has access to
-      attr_reader :limit_project_ids
+      attr_reader :limit_project_ids, :limit_projects

-      def initialize(current_user, query, limit_project_ids, public_and_internal_projects = true)
+      delegate :users, to: :generic_search_results
+      delegate :limited_users_count, to: :generic_search_results
+
+      def initialize(current_user, query, limit_project_ids, limit_projects = nil, public_and_internal_projects = true)
        @current_user = current_user
        @limit_project_ids = limit_project_ids
+        @limit_projects = limit_projects
        @query = query
        @public_and_internal_projects = public_and_internal_projects
      end
@@ -32,11 +36,17 @@ module Gitlab
          wiki_blobs.page(page).per(per_page)
        when 'commits'
          commits(page: page, per_page: per_page)
+        when 'users'
+          users.page(page).per(per_page)
        else
          Kaminari.paginate_array([])
        end
      end

+      def generic_search_results
+        @generic_search_results ||= Gitlab::SearchResults.new(current_user, limit_projects, query)
+      end
+
      def projects_count
        @projects_count ||= projects.total_count
      end

--- a/ee/spec/lib/gitlab/elastic/group_search_results_spec.rb
+++ b/ee/spec/lib/gitlab/elastic/group_search_results_spec.rb
+require 'spec_helper'
+
+describe Gitlab::Elastic::GroupSearchResults do
+  set(:user) { create(:user) }
+  set(:group) { create(:group) }
+  set(:guest) { create(:user).tap { |u| group.add_user(u, Gitlab::Access::GUEST) } }
+
+  before do
+    stub_ee_application_setting(elasticsearch_search: true, elasticsearch_indexing: true)
+  end
+
+  context 'user search' do
+    subject(:results) { described_class.new(user, nil, nil, group, guest.username, nil) }
+
+    before do
+      expect(Gitlab::GroupSearchResults).to receive(:new).and_call_original
+    end
+
+    it { expect(results.objects('users')).to eq([guest]) }
+    it { expect(results.limited_users_count).to eq(1) }
+  end
+end
--- a/ee/spec/lib/gitlab/elastic/project_search_results_spec.rb
+++ b/ee/spec/lib/gitlab/elastic/project_search_results_spec.rb
@@ -224,4 +224,15 @@ describe Gitlab::Elastic::ProjectSearchResults do
      expect(results.issues_count).to eq 3
    end
  end
+
+  context 'user search' do
+    subject(:results) { described_class.new(user, project.owner.username, project.id) }
+
+    before do
+      expect(Gitlab::ProjectSearchResults).to receive(:new).and_call_original
+    end
+
+    it { expect(results.objects('users')).to eq([project.owner]) }
+    it { expect(results.limited_users_count).to eq(1) }
+  end
 end
--- a/lib/api/helpers/search_helpers.rb
+++ b/lib/api/helpers/search_helpers.rb
@@ -5,17 +5,17 @@ module API
    module SearchHelpers
      def self.global_search_scopes
        # This is a separate method so that EE can redefine it.
-        %w(projects issues merge_requests milestones snippet_titles snippet_blobs)
+        %w(projects issues merge_requests milestones snippet_titles snippet_blobs users)
      end

      def self.group_search_scopes
        # This is a separate method so that EE can redefine it.
-        %w(projects issues merge_requests milestones)
+        %w(projects issues merge_requests milestones users)
      end

      def self.project_search_scopes
        # This is a separate method so that EE can redefine it.
-        %w(issues merge_requests milestones notes wiki_blobs commits blobs)
+        %w(issues merge_requests milestones notes wiki_blobs commits blobs users)
      end
    end
  end

--- a/lib/api/search.rb
+++ b/lib/api/search.rb
@@ -17,7 +17,8 @@ module API
        blobs: Entities::Blob,
        wiki_blobs: Entities::Blob,
        snippet_titles: Entities::Snippet,
-        snippet_blobs: Entities::Snippet
+        snippet_blobs: Entities::Snippet,
+        users: Entities::UserBasic
      }.freeze

      def search(additional_params = {})
@@ -51,6 +52,12 @@ module API
        # Defining this method here as a noop allows us to easily extend it in
        # EE, without having to modify this file directly.
      end
+
+      def check_users_search_allowed!
+        if params[:scope].to_sym == :users && Feature.disabled?(:users_search, default_enabled: true)
+          render_api_error!({ error: _("Scope not supported with disabled 'users_search' feature!") }, 400)
+        end
+      end
    end

    resource :search do
@@ -67,6 +74,7 @@ module API
      end
      get do
        verify_search_scope!
+        check_users_search_allowed!

        present search, with: entity
      end
@@ -87,6 +95,7 @@ module API
      end
      get ':id/(-/)search' do
        verify_search_scope!
+        check_users_search_allowed!

        present search(group_id: user_group.id), with: entity
      end
@@ -106,6 +115,8 @@ module API
        use :pagination
      end
      get ':id/(-/)search' do
+        check_users_search_allowed!
+
        present search(project_id: user_project.id), with: entity
      end
    end

--- a/lib/gitlab/group_search_results.rb
+++ b/lib/gitlab/group_search_results.rb
+# frozen_string_literal: true
+
+module Gitlab
+  class GroupSearchResults < SearchResults
+    def initialize(current_user, limit_projects, group, query, default_project_filter: false, per_page: 20)
+      super(current_user, limit_projects, query, default_project_filter: default_project_filter, per_page: per_page)
+
+      @group = group
+    end
+
+    # rubocop:disable CodeReuse/ActiveRecord
+    def users
+      # 1: get all groups the current user has access to
+      groups = GroupsFinder.new(current_user).execute.joins(:users)
+
+      # 2: Get the group's whole hierarchy
+      group_users = @group.direct_and_indirect_users
+
+      # 3: get all users the current user has access to (->
+      # `SearchResults#users`), which also applies the query.
+      users = super
+
+      # 4: filter for users that belong to the previously selected groups
+      users
+        .where(id: group_users.select('id'))
+        .where(id: groups.select('members.user_id'))
+    end
+    # rubocop:enable CodeReuse/ActiveRecord
+  end
+end
--- a/lib/gitlab/project_search_results.rb
+++ b/lib/gitlab/project_search_results.rb
@@ -22,11 +22,17 @@ module Gitlab
        paginated_blobs(wiki_blobs, page)
      when 'commits'
        Kaminari.paginate_array(commits).page(page).per(per_page)
+      when 'users'
+        users.page(page).per(per_page)
      else
        super(scope, page, false)
      end
    end

+    def users
+      super.where(id: @project.team.members) # rubocop:disable CodeReuse/ActiveRecord
+    end
+
    def blobs_count
      @blobs_count ||= blobs.count
    end

--- a/lib/gitlab/search_results.rb
+++ b/lib/gitlab/search_results.rb
@@ -32,6 +32,8 @@ module Gitlab
                     merge_requests.page(page).per(per_page)
                   when 'milestones'
                     milestones.page(page).per(per_page)
+                   when 'users'
+                     users.page(page).per(per_page)
                   else
                     Kaminari.paginate_array([]).page(page).per(per_page)
                   end
@@ -71,6 +73,12 @@ module Gitlab
    end
    # rubocop: enable CodeReuse/ActiveRecord

+    # rubocop:disable CodeReuse/ActiveRecord
+    def limited_users_count
+      @limited_users_count ||= users.limit(count_limit).count
+    end
+    # rubocop:enable CodeReuse/ActiveRecord
+
    def single_commit_result?
      false
    end
@@ -79,6 +87,12 @@ module Gitlab
      1001
    end

+    def users
+      return User.none unless Ability.allowed?(current_user, :read_users_list)
+
+      UsersFinder.new(current_user, search: query).execute
+    end
+
    private

    def projects

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -8816,6 +8816,9 @@ msgstr ""
 msgid "Scope"
 msgstr ""

+msgid "Scope not supported with disabled 'users_search' feature!"
+msgstr ""
+
 msgid "Scoped issue boards"
 msgstr ""


--- a/spec/features/search/user_searches_for_users_spec.rb
+++ b/spec/features/search/user_searches_for_users_spec.rb
+require 'spec_helper'
+
+describe 'User searches for users' do
+  context 'when on the dashboard' do
+    it 'finds the user' do
+      create(:user, username: 'gob_bluth', name: 'Gob Bluth')
+
+      sign_in(create(:user))
+
+      visit dashboard_projects_path
+
+      fill_in 'search', with: 'gob'
+      click_button 'Go'
+
+      expect(page).to have_content('Users 1')
+
+      click_on('Users 1')
+
+      expect(page).to have_content('Gob Bluth')
+      expect(page).to have_content('@gob_bluth')
+    end
+  end
+
+  context 'when on the project page' do
+    it 'finds the user belonging to the project' do
+      project = create(:project)
+
+      user1 = create(:user, username: 'gob_bluth', name: 'Gob Bluth')
+      create(:project_member, :developer, user: user1, project: project)
+
+      user2 = create(:user, username: 'michael_bluth', name: 'Michael Bluth')
+      create(:project_member, :developer, user: user2, project: project)
+
+      create(:user, username: 'gob_2018', name: 'George Oscar Bluth')
+
+      sign_in(user1)
+
+      visit projects_path(project)
+
+      fill_in 'search', with: 'gob'
+      click_button 'Go'
+
+      expect(page).to have_content('Gob Bluth')
+      expect(page).to have_content('@gob_bluth')
+
+      expect(page).not_to have_content('Michael Bluth')
+      expect(page).not_to have_content('@michael_bluth')
+
+      expect(page).not_to have_content('George Oscar Bluth')
+      expect(page).not_to have_content('@gob_2018')
+    end
+  end
+
+  context 'when on the group page' do
+    it 'finds the user belonging to the group' do
+      group = create(:group)
+
+      user1 = create(:user, username: 'gob_bluth', name: 'Gob Bluth')
+      create(:group_member, :developer, user: user1, group: group)
+
+      user2 = create(:user, username: 'michael_bluth', name: 'Michael Bluth')
+      create(:group_member, :developer, user: user2, group: group)
+
+      create(:user, username: 'gob_2018', name: 'George Oscar Bluth')
+
+      sign_in(user1)
+
+      visit group_path(group)
+
+      fill_in 'search', with: 'gob'
+      click_button 'Go'
+
+      expect(page).to have_content('Gob Bluth')
+      expect(page).to have_content('@gob_bluth')
+
+      expect(page).not_to have_content('Michael Bluth')
+      expect(page).not_to have_content('@michael_bluth')
+
+      expect(page).not_to have_content('George Oscar Bluth')
+      expect(page).not_to have_content('@gob_2018')
+    end
+  end
+end
--- a/spec/lib/gitlab/group_search_results_spec.rb
+++ b/spec/lib/gitlab/group_search_results_spec.rb
+require 'spec_helper'
+
+describe Gitlab::GroupSearchResults do
+  let(:user) { create(:user) }
+
+  describe 'user search' do
+    let(:group) { create(:group) }
+
+    it 'returns the users belonging to the group matching the search query' do
+      user1 = create(:user, username: 'gob_bluth')
+      create(:group_member, :developer, user: user1, group: group)
+
+      user2 = create(:user, username: 'michael_bluth')
+      create(:group_member, :developer, user: user2, group: group)
+
+      create(:user, username: 'gob_2018')
+
+      result = described_class.new(user, anything, group, 'gob').objects('users')
+
+      expect(result).to eq [user1]
+    end
+
+    it 'returns the user belonging to the subgroup matching the search query', :nested_groups do
+      user1 = create(:user, username: 'gob_bluth')
+      subgroup = create(:group, parent: group)
+      create(:group_member, :developer, user: user1, group: subgroup)
+
+      create(:user, username: 'gob_2018')
+
+      result = described_class.new(user, anything, group, 'gob').objects('users')
+
+      expect(result).to eq [user1]
+    end
+
+    it 'returns the user belonging to the parent group matching the search query', :nested_groups do
+      user1 = create(:user, username: 'gob_bluth')
+      parent_group = create(:group, children: [group])
+      create(:group_member, :developer, user: user1, group: parent_group)
+
+      create(:user, username: 'gob_2018')
+
+      result = described_class.new(user, anything, group, 'gob').objects('users')
+
+      expect(result).to eq [user1]
+    end
+
+    it 'does not return the user belonging to the private subgroup', :nested_groups do
+      user1 = create(:user, username: 'gob_bluth')
+      subgroup = create(:group, :private, parent: group)
+      create(:group_member, :developer, user: user1, group: subgroup)
+
+      create(:user, username: 'gob_2018')
+
+      result = described_class.new(user, anything, group, 'gob').objects('users')
+
+      expect(result).to eq []
+    end
+
+    it 'does not return the user belonging to an unrelated group' do
+      user = create(:user, username: 'gob_bluth')
+      unrelated_group = create(:group)
+      create(:group_member, :developer, user: user, group: unrelated_group)
+
+      result = described_class.new(user, anything, group, 'gob').objects('users')
+
+      expect(result).to eq []
+    end
+  end
+end
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -412,4 +412,36 @@ describe Gitlab::ProjectSearchResults do
      end
    end
  end
+
+  describe 'user search' do
+    it 'returns the user belonging to the project matching the search query' do
+      project = create(:project)
+
+      user1 = create(:user, username: 'gob_bluth')
+      create(:project_member, :developer, user: user1, project: project)
+
+      user2 = create(:user, username: 'michael_bluth')
+      create(:project_member, :developer, user: user2, project: project)
+
+      create(:user, username: 'gob_2018')
+
+      result = described_class.new(user, project, 'gob').objects('users')
+
+      expect(result).to eq [user1]
+    end
+
+    it 'returns the user belonging to the group matching the search query' do
+      group = create(:group)
+      project = create(:project, namespace: group)
+
+      user1 = create(:user, username: 'gob_bluth')
+      create(:group_member, :developer, user: user1, group: group)
+
+      create(:user, username: 'gob_2018')
+
+      result = described_class.new(user, project, 'gob').objects('users')
+
+      expect(result).to eq [user1]
+    end
+  end
 end
--- a/spec/lib/gitlab/search_results_spec.rb
+++ b/spec/lib/gitlab/search_results_spec.rb
@@ -121,6 +121,22 @@ describe Gitlab::SearchResults do
        results.objects('issues')
      end
    end
+
+    describe '#users' do
+      it 'does not call the UsersFinder when the current_user is not allowed to read users list' do
+        allow(Ability).to receive(:allowed?).and_return(false)
+
+        expect(UsersFinder).not_to receive(:new).with(user, search: 'foo').and_call_original
+
+        results.objects('users')
+      end
+
+      it 'calls the UsersFinder' do
+        expect(UsersFinder).to receive(:new).with(user, search: 'foo').and_call_original
+
+        results.objects('users')
+      end
+    end
  end

  it 'does not list issues on private projects' do

--- a/spec/requests/api/search_spec.rb
+++ b/spec/requests/api/search_spec.rb
@@ -77,6 +77,28 @@ describe API::Search do
        it_behaves_like 'response is correct', schema: 'public_api/v4/milestones'
      end

+      context 'for users scope' do
+        before do
+          create(:user, name: 'billy')
+
+          get api('/search', user), params: { scope: 'users', search: 'billy' }
+        end
+
+        it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
+
+        context 'when users search feature is disabled' do
+          before do
+            allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
+
+            get api('/search', user), params: { scope: 'users', search: 'billy' }
+          end
+
+          it 'returns 400 error' do
+            expect(response).to have_gitlab_http_status(400)
+          end
+        end
+      end
+
      context 'for snippet_titles scope' do
        before do
          create(:snippet, :public, title: 'awesome snippet', content: 'snippet content')
@@ -192,6 +214,40 @@ describe API::Search do

        it_behaves_like 'response is correct', schema: 'public_api/v4/milestones'
      end
+
+      context 'for users scope' do
+        before do
+          user = create(:user, name: 'billy')
+          create(:group_member, :developer, user: user, group: group)
+
+          get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' }
+        end
+
+        it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
+
+        context 'when users search feature is disabled' do
+          before do
+            allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
+
+            get api("/groups/#{group.id}/search", user), params: { scope: 'users', search: 'billy' }
+          end
+
+          it 'returns 400 error' do
+            expect(response).to have_gitlab_http_status(400)
+          end
+        end
+      end
+
+      context 'for users scope with group path as id' do
+        before do
+          user1 = create(:user, name: 'billy')
+          create(:group_member, :developer, user: user1, group: group)
+
+          get api("/groups/#{CGI.escape(group.full_path)}/search", user), params: { scope: 'users', search: 'billy' }
+        end
+
+        it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
+      end
    end
  end

@@ -269,6 +325,29 @@ describe API::Search do
        it_behaves_like 'response is correct', schema: 'public_api/v4/milestones'
      end

+      context 'for users scope' do
+        before do
+          user1 = create(:user, name: 'billy')
+          create(:project_member, :developer, user: user1, project: project)
+
+          get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' }
+        end
+
+        it_behaves_like 'response is correct', schema: 'public_api/v4/user/basics'
+
+        context 'when users search feature is disabled' do
+          before do
+            allow(Feature).to receive(:disabled?).with(:users_search, default_enabled: true).and_return(true)
+
+            get api("/projects/#{project.id}/search", user), params: { scope: 'users', search: 'billy' }
+          end
+
+          it 'returns 400 error' do
+            expect(response).to have_gitlab_http_status(400)
+          end
+        end
+      end
+
      context 'for notes scope' do
        before do
          create(:note_on_merge_request, project: project, note: 'awesome note')