Prevent global user searches

Changelog: changed

app/controllers/search_controller.rb

@@ -169,15 +169,17 @@ class SearchController < ApplicationController
 
     search_allowed = case params[:scope]
                      when 'blobs'
-                       Feature.enabled?(:global_search_code_tab, current_user, type: :ops, default_enabled: true)
+                       Feature.enabled?(:global_search_code_tab, current_user, type: :ops, default_enabled: :yaml)
                      when 'commits'
-                       Feature.enabled?(:global_search_commits_tab, current_user, type: :ops, default_enabled: true)
+                       Feature.enabled?(:global_search_commits_tab, current_user, type: :ops, default_enabled: :yaml)
                      when 'issues'
-                       Feature.enabled?(:global_search_issues_tab, current_user, type: :ops, default_enabled: true)
+                       Feature.enabled?(:global_search_issues_tab, current_user, type: :ops, default_enabled: :yaml)
                      when 'merge_requests'
-                       Feature.enabled?(:global_search_merge_requests_tab, current_user, type: :ops, default_enabled: true)
+                       Feature.enabled?(:global_search_merge_requests_tab, current_user, type: :ops, default_enabled: :yaml)
                      when 'wiki_blobs'
-                       Feature.enabled?(:global_search_wiki_tab, current_user, type: :ops, default_enabled: true)
+                       Feature.enabled?(:global_search_wiki_tab, current_user, type: :ops, default_enabled: :yaml)
+                     when 'users'
+                       Feature.enabled?(:global_search_users_tab, current_user, type: :ops, default_enabled: :yaml)
                      else
                        true
                      end

app/helpers/search_helper.rb

@@ -436,11 +436,11 @@ module SearchHelper
   end
 
   def show_user_search_tab?
-    if @project
-      project_search_tabs?(:members)
-    else
-      can?(current_user, :read_users_list)
-    end
+    return project_search_tabs?(:members) if @project
+    return false unless can?(current_user, :read_users_list)
+    return true if @group
+
+    Feature.enabled?(:global_search_users_tab, current_user, type: :ops, default_enabled: :yaml)
   end
 
   def issuable_state_to_badge_class(issuable)

config/feature_flags/ops/global_search_users_tab.yml

+---
+name: global_search_users_tab
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84186
+rollout_issue_url:
+milestone: '14.10'
+type: ops
+group: group::global search
+default_enabled: true

doc/user/search/advanced_search.md

@@ -26,8 +26,8 @@ when searching in:
 - Comments
 - Code
 - Commits
-- Wiki (except [group wikis](../project/wiki/group.md))
 - Users
+- Wiki (except [group wikis](../project/wiki/group.md))
 
 The Advanced Search can be useful in various scenarios:
 
@@ -139,6 +139,7 @@ its performance:
 | Commits | `global_search_commits_tab` | When enabled, the global search includes commits as part of the search. |
 | Issues | `global_search_issues_tab` | When enabled, the global search includes issues as part of the search. |
 | Merge Requests | `global_search_merge_requests_tab` | When enabled, the global search includes merge requests as part of the search. |
+| Users | `global_search_users_tab` | When enabled, the global search includes users as part of the search. |
 | Wiki | `global_search_wiki_tab` | When enabled, the global search includes wiki as part of the search. [Group wikis](../project/wiki/group.md) are not included. |
 
 ## Global Search validation

spec/controllers/search_controller_spec.rb

@@ -211,6 +211,7 @@ RSpec.describe SearchController do
             :global_search_merge_requests_tab | 'merge_requests'
             :global_search_wiki_tab           | 'wiki_blobs'
             :global_search_commits_tab        | 'commits'
+            :global_search_users_tab          | 'users'
           end
 
           with_them do

spec/helpers/search_helper_spec.rb

@@ -467,6 +467,12 @@ RSpec.describe SearchHelper do
   describe '#show_user_search_tab?' do
     subject { show_user_search_tab? }
 
+    let(:current_user) { build(:user) }
+
+    before do
+      allow(self).to receive(:current_user).and_return(current_user)
+    end
+
     context 'when project search' do
       before do
         @project = :some_project
@@ -481,11 +487,14 @@ RSpec.describe SearchHelper do
       end
     end
 
-    context 'when not project search' do
+    context 'when group search' do
+      before do
+        @group = :some_group
+      end
+
       context 'when current_user can read_users_list' do
         before do
-          allow(self).to receive(:current_user).and_return(:the_current_user)
-          allow(self).to receive(:can?).with(:the_current_user, :read_users_list).and_return(true)
+          allow(self).to receive(:can?).with(current_user, :read_users_list).and_return(true)
         end
 
         it { is_expected.to eq(true) }
@@ -493,8 +502,33 @@ RSpec.describe SearchHelper do
 
       context 'when current_user cannot read_users_list' do
         before do
-          allow(self).to receive(:current_user).and_return(:the_current_user)
-          allow(self).to receive(:can?).with(:the_current_user, :read_users_list).and_return(false)
+          allow(self).to receive(:can?).with(current_user, :read_users_list).and_return(false)
+        end
+
+        it { is_expected.to eq(false) }
+      end
+    end
+
+    context 'when global search' do
+      context 'when current_user can read_users_list' do
+        before do
+          allow(self).to receive(:can?).with(current_user, :read_users_list).and_return(true)
+        end
+
+        it { is_expected.to eq(true) }
+
+        context 'when global_search_user_tab feature flag is disabled' do
+          before do
+            stub_feature_flags(global_search_users_tab: false)
+          end
+
+          it { is_expected.to eq(false) }
+        end
+      end
+
+      context 'when current_user cannot read_users_list' do
+        before do
+          allow(self).to receive(:can?).with(current_user, :read_users_list).and_return(false)
         end
 
         it { is_expected.to eq(false) }