--- /dev/null
+use strict;
+use warnings;
+use RT::Test tests => undef;
+
+my $root = RT::Test->load_or_create_user( Name => 'root', );
+my $user_foo = RT::Test->load_or_create_user(
+ Name => 'foo',
+ Password => 'password',
+);
+my $user_bar = RT::Test->load_or_create_user( Name => 'bar' );
+my $user_baz = RT::Test->load_or_create_user( Name => 'baz' );
+$user_baz->SetDisabled(1);
+
+my ( $baseurl, $m ) = RT::Test->started_ok;
+
+ok( $m->login, 'logged in' );
+
+search_users_ok(
+ { query => 'id = ' . $user_foo->id },
+ [ $user_foo->id . ': foo' ],
+ 'search by id'
+);
+
+search_users_ok(
+ {
+ query => 'Name = ' . $user_foo->Name,
+ format => 's',
+ fields => 'id,name'
+ },
+ [ "id\tName", $user_foo->id . "\tfoo" ],
+ 'search by name with customized fields'
+);
+
+
+search_users_ok(
+ { query => 'foo = 3' },
+ ['Invalid field specification: foo'],
+ 'invalid field'
+);
+
+search_users_ok(
+ { query => 'id foo 3' },
+ ['Invalid operator specification: foo'],
+ 'invalid op'
+);
+
+search_users_ok(
+ { query => 'password = foo' },
+ ['Invalid field specification: password'],
+ "can't search password"
+);
+
+search_users_ok(
+ { query => '', orderby => 'id' },
+ [ $root->id . ': root', $user_foo->id . ': foo', $user_bar->id . ': bar', ],
+ 'order by id'
+);
+
+search_users_ok(
+ { query => '', orderby => 'name' },
+ [ $user_bar->id . ': bar', $user_foo->id . ': foo', $root->id . ': root' ],
+ 'order by name'
+);
+
+search_users_ok(
+ { query => '', orderby => '+name' },
+ [ $user_bar->id . ': bar', $user_foo->id . ': foo', $root->id . ': root' ],
+ 'order by +name'
+);
+
+search_users_ok(
+ { query => '', orderby => '-name' },
+ [ $root->id . ': root', $user_foo->id . ': foo', $user_bar->id . ': bar' ],
+ 'order by -name'
+);
+
+search_users_ok(
+ { query => 'Disabled = 0', orderby => 'id' },
+ [ $root->id . ': root', $user_foo->id . ': foo', $user_bar->id . ': bar', ],
+ 'enabled users'
+);
+
+search_users_ok(
+ { query => 'Disabled = 1', orderby => 'id' },
+ [ $user_baz->id . ': baz', ],
+ 'disabled users'
+);
+
+ok( $m->login( 'foo', 'password', logout => 1 ), 'logged in as foo' );
+search_users_ok(
+ { query => 'id = ' . $user_foo->id },
+ [ 'Permission denied' ],
+ "can't search without permission"
+);
+
+sub search_users_ok {
+ local $Test::Builder::Level = $Test::Builder::Level + 1;
+ my $query = shift;
+ my $expected = shift;
+ my $name = shift || 'search users';
+
+ my $uri = URI->new("$baseurl/REST/1.0/search/user");
+ $uri->query_form(%$query);
+ $m->get_ok($uri);
+
+ my @lines = split /\n/, $m->content;
+ shift @lines; # header
+ shift @lines; # empty line
+
+ is_deeply( \@lines, $expected, $name );
+
+}
+
+undef $m;
+done_testing();