5 files changed, 65 insertions, 4 deletions

diff --git a/lib/api/helpers/search_helpers.rb b/lib/api/helpers/search_helpers.rb
index 47fb5a36327..0e052e0e273 100644
--- a/lib/api/helpers/search_helpers.rb
+++ b/lib/api/helpers/search_helpers.rb
@@ -5,17 +5,17 @@ module API
     module SearchHelpers
       def self.global_search_scopes
         # This is a separate method so that EE can redefine it.
-        %w(projects issues merge_requests milestones snippet_titles snippet_blobs)
+        %w(projects issues merge_requests milestones snippet_titles snippet_blobs users)
       end
 
       def self.group_search_scopes
         # This is a separate method so that EE can redefine it.
-        %w(projects issues merge_requests milestones)
+        %w(projects issues merge_requests milestones users)
       end
 
       def self.project_search_scopes
         # This is a separate method so that EE can redefine it.
-        %w(issues merge_requests milestones notes wiki_blobs commits blobs)
+        %w(issues merge_requests milestones notes wiki_blobs commits blobs users)
       end
     end
   end
diff --git a/lib/api/search.rb b/lib/api/search.rb
index f65e810bf90..60095300ea1 100644
--- a/lib/api/search.rb
+++ b/lib/api/search.rb
@@ -17,7 +17,8 @@ module API
         blobs: Entities::Blob,
         wiki_blobs: Entities::Blob,
         snippet_titles: Entities::Snippet,
-        snippet_blobs: Entities::Snippet
+        snippet_blobs: Entities::Snippet,
+        users: Entities::UserBasic
       }.freeze
 
       def search(additional_params = {})
@@ -51,6 +52,12 @@ module API
         # Defining this method here as a noop allows us to easily extend it in
         # EE, without having to modify this file directly.
       end
+
+      def check_users_search_allowed!
+        if params[:scope].to_sym == :users && Feature.disabled?(:users_search, default_enabled: true)
+          render_api_error!({ error: _("Scope not supported with disabled 'users_search' feature!") }, 400)
+        end
+      end
     end
 
     resource :search do
@@ -67,6 +74,7 @@ module API
       end
       get do
         verify_search_scope!
+        check_users_search_allowed!
 
         present search, with: entity
       end
@@ -87,6 +95,7 @@ module API
       end
       get ':id/(-/)search' do
         verify_search_scope!
+        check_users_search_allowed!
 
         present search(group_id: user_group.id), with: entity
       end
@@ -106,6 +115,8 @@ module API
         use :pagination
       end
       get ':id/(-/)search' do
+        check_users_search_allowed!
+
         present search(project_id: user_project.id), with: entity
       end
     end
diff --git a/lib/gitlab/group_search_results.rb b/lib/gitlab/group_search_results.rb
new file mode 100644
index 00000000000..7255293b194
--- /dev/null
+++ b/lib/gitlab/group_search_results.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Gitlab
+  class GroupSearchResults < SearchResults
+    def initialize(current_user, limit_projects, group, query, default_project_filter: false, per_page: 20)
+      super(current_user, limit_projects, query, default_project_filter: default_project_filter, per_page: per_page)
+
+      @group = group
+    end
+
+    # rubocop:disable CodeReuse/ActiveRecord
+    def users
+      # 1: get all groups the current user has access to
+      groups = GroupsFinder.new(current_user).execute.joins(:users)
+
+      # 2: Get the group's whole hierarchy
+      group_users = @group.direct_and_indirect_users
+
+      # 3: get all users the current user has access to (->
+      # `SearchResults#users`), which also applies the query.
+      users = super
+
+      # 4: filter for users that belong to the previously selected groups
+      users
+        .where(id: group_users.select('id'))
+        .where(id: groups.select('members.user_id'))
+    end
+    # rubocop:enable CodeReuse/ActiveRecord
+  end
+end
diff --git a/lib/gitlab/project_search_results.rb b/lib/gitlab/project_search_results.rb
index a68f8801c2a..58f06b6708c 100644
--- a/lib/gitlab/project_search_results.rb
+++ b/lib/gitlab/project_search_results.rb
@@ -22,11 +22,17 @@ module Gitlab
         paginated_blobs(wiki_blobs, page)
       when 'commits'
         Kaminari.paginate_array(commits).page(page).per(per_page)
+      when 'users'
+        users.page(page).per(per_page)
       else
         super(scope, page, false)
       end
     end
 
+    def users
+      super.where(id: @project.team.members) # rubocop:disable CodeReuse/ActiveRecord
+    end
+
     def blobs_count
       @blobs_count ||= blobs.count
     end
diff --git a/lib/gitlab/search_results.rb b/lib/gitlab/search_results.rb
index 491148ec1a6..8988b9ad7be 100644
--- a/lib/gitlab/search_results.rb
+++ b/lib/gitlab/search_results.rb
@@ -32,6 +32,8 @@ module Gitlab
                      merge_requests.page(page).per(per_page)
                    when 'milestones'
                      milestones.page(page).per(per_page)
+                   when 'users'
+                     users.page(page).per(per_page)
                    else
                      Kaminari.paginate_array([]).page(page).per(per_page)
                    end
@@ -71,6 +73,12 @@ module Gitlab
     end
     # rubocop: enable CodeReuse/ActiveRecord
 
+    # rubocop:disable CodeReuse/ActiveRecord
+    def limited_users_count
+      @limited_users_count ||= users.limit(count_limit).count
+    end
+    # rubocop:enable CodeReuse/ActiveRecord
+
     def single_commit_result?
       false
     end
@@ -79,6 +87,12 @@ module Gitlab
       1001
     end
 
+    def users
+      return User.none unless Ability.allowed?(current_user, :read_users_list)
+
+      UsersFinder.new(current_user, search: query).execute
+    end
+
     private
 
     def projects