3 files changed, 37 insertions, 0 deletions

diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb
new file mode 100644
index 00000000000..65dbd5ef551
--- /dev/null
+++ b/app/controllers/abuse_reports_controller.rb
@@ -0,0 +1,24 @@
+class AbuseReportsController < ApplicationController
+  def new
+    @abuse_report = AbuseReport.new
+    @abuse_report.user_id = params[:user_id]
+  end
+
+  def create
+    @abuse_report = AbuseReport.new(report_params)
+    @abuse_report.reporter = current_user
+
+    if @abuse_report.save
+      message = "Thank you for your report. A GitLab administrator will look into it shortly."
+      redirect_to root_path, notice: message
+    else
+      render :new
+    end
+  end
+
+  private
+
+  def report_params
+    params.require(:abuse_report).permit(:user_id, :message)
+  end
+end
diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb
new file mode 100644
index 00000000000..34f37bca4ad
--- /dev/null
+++ b/app/controllers/admin/abuse_reports_controller.rb
@@ -0,0 +1,11 @@
+class Admin::AbuseReportsController < Admin::ApplicationController
+  def index
+    @abuse_reports = AbuseReport.order(id: :desc).page(params[:page])
+  end
+
+  def destroy
+    AbuseReport.find(params[:id]).destroy
+
+    redirect_to admin_abuse_reports_path, notice: 'Report was removed'
+  end
+end
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 52e9c58b47c..5c3ca8e23c9 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -33,6 +33,8 @@ class AutocompleteController < ApplicationController
     @users = @users.search(params[:search]) if params[:search].present?
     @users = @users.active
     @users = @users.page(params[:page]).per(PER_PAGE)
+    # Always include current user if available to filter by "Me"
+    @users = User.find(@users.pluck(:id) + [current_user.id]).uniq if current_user
     render json: @users, only: [:name, :username, :id], methods: [:avatar_url]
   end