FEATURE: allow user search API to restrict to group

app/assets/javascripts/discourse/components/user-selector.js.es6

@@ -44,7 +44,8 @@ export default TextField.extend({
           exclude: excludedUsernames(),
           includeGroups,
           allowedUsers,
-          includeMentionableGroups
+          includeMentionableGroups,
+          group: self.get("group")
         });
 
         return results;

app/assets/javascripts/discourse/lib/user-search.js.es6

@@ -6,7 +6,7 @@ var cache = {},
     currentTerm,
     oldSearch;
 
-function performSearch(term, topicId, includeGroups, includeMentionableGroups, allowedUsers, resultsFn) {
+function performSearch(term, topicId, includeGroups, includeMentionableGroups, allowedUsers, group, resultsFn) {
   var cached = cache[term];
   if (cached) {
     resultsFn(cached);
@@ -19,6 +19,7 @@ function performSearch(term, topicId, includeGroups, includeMentionableGroups, a
             topic_id: topicId,
             include_groups: includeGroups,
             include_mentionable_groups: includeMentionableGroups,
+            group: group,
             topic_allowed_users: allowedUsers }
   });
 
@@ -79,7 +80,8 @@ export default function userSearch(options) {
       includeGroups = options.includeGroups,
       includeMentionableGroups = options.includeMentionableGroups,
       allowedUsers = options.allowedUsers,
-      topicId = options.topicId;
+      topicId = options.topicId,
+      group = options.group;
 
 
   if (oldSearch) {
@@ -105,10 +107,16 @@ export default function userSearch(options) {
       resolve(CANCELLED_STATUS);
     }, 5000);
 
-    debouncedSearch(term, topicId, includeGroups, includeMentionableGroups, allowedUsers, function(r) {
-      clearTimeout(clearPromise);
-      resolve(organizeResults(r, options));
-    });
+    debouncedSearch(term,
+        topicId,
+        includeGroups,
+        includeMentionableGroups,
+        allowedUsers,
+        group,
+        function(r) {
+          clearTimeout(clearPromise);
+          resolve(organizeResults(r, options));
+        });
 
   });
 }

app/controllers/users_controller.rb

@@ -587,7 +587,17 @@ class UsersController < ApplicationController
     topic_id = topic_id.to_i if topic_id
     topic_allowed_users = params[:topic_allowed_users] || false
 
-    results = UserSearch.new(term, topic_id: topic_id, topic_allowed_users: topic_allowed_users, searching_user: current_user).search
+    if params[:group].present?
+      @group = Group.find_by(name: params[:group])
+    end
+
+
+    results = UserSearch.new(term,
+                             topic_id: topic_id,
+                             topic_allowed_users: topic_allowed_users,
+                             searching_user: current_user,
+                             group: @group
+                            ).search
 
     user_fields = [:username, :upload_avatar_template]
     user_fields << :name if SiteSetting.enable_names?

app/models/user_search.rb

@@ -10,11 +10,20 @@ class UserSearch
     @topic_allowed_users = opts[:topic_allowed_users]
     @searching_user = opts[:searching_user]
     @limit = opts[:limit] || 20
+    @group = opts[:group]
+    @guardian = Guardian.new(@searching_user)
+    @guardian.ensure_can_see_group!(@group) if @group
   end
 
   def scoped_users
     users = User.where(active: true, staged: false)
 
+    if @group
+      users = users.where('users.id IN (
+        SELECT user_id FROM group_users WHERE group_id = ?
+      )', @group.id)
+    end
+
     unless @searching_user && @searching_user.staff?
       users = users.not_suspended
     end

spec/models/user_search_spec.rb

@@ -43,6 +43,16 @@ describe UserSearch do
     expect(search_for("under_").length).to eq(1)
   end
 
+  it 'allows filtering by group' do
+    group = Fabricate(:group)
+    sam = Fabricate(:user, username: 'sam')
+    _samantha = Fabricate(:user, username: 'samantha')
+    group.add(sam)
+
+    results = search_for("sam", group: group)
+    expect(results.count).to eq(1)
+  end
+
   # this is a seriously expensive integration test,
   # re-creating this entire test db is too expensive reuse
   it "operates correctly" do