From 6f4e6386fb0dc4f407e70e3d904bee1b09d54728 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 26 Dec 2016 09:38:34 -0500
Subject: Don't autocomplete users by email (#4896)

---
 api/user.go      | 12 +++++++++++-
 api/user_test.go |  9 +++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/api/user.go b/api/user.go
index 7e5a50fc4..5c44ec1f6 100644
--- a/api/user.go
+++ b/api/user.go
@@ -2859,7 +2859,17 @@ func autocompleteUsersInTeam(c *Context, w http.ResponseWriter, r *http.Request)
 func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) {
 	term := r.URL.Query().Get("term")
 
-	uchan := Srv.Store.User().Search("", term, map[string]bool{})
+	searchOptions := map[string]bool{}
+
+	hideFullName := !utils.Cfg.PrivacySettings.ShowFullName
+	if hideFullName && !HasPermissionToContext(c, model.PERMISSION_MANAGE_SYSTEM) {
+		searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
+		c.Err = nil
+	} else {
+		searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
+	}
+
+	uchan := Srv.Store.User().Search("", term, searchOptions)
 
 	var profiles []*model.User
 
diff --git a/api/user_test.go b/api/user_test.go
index 65bdcb653..ecfd81ee1 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -2387,6 +2387,15 @@ func TestAutocompleteUsers(t *testing.T) {
 		}
 	}
 
+	if result, err := Client.AutocompleteUsers("amazonses"); err != nil {
+		t.Fatal(err)
+	} else {
+		users := result.Data.([]*model.User)
+		if len(users) != 0 {
+			t.Fatal("should have returned 0 users - email should not autocomplete")
+		}
+	}
+
 	if result, err := Client.AutocompleteUsers(""); err != nil {
 		t.Fatal(err)
 	} else {
-- 
cgit v1.2.3-1-g7c22