diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 5c44637fdee22180638311cd185c545ed25b6092..5f13353baa11877951033488fb659f6bcd7602cc 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -11,7 +11,7 @@ class AutocompleteController < ApplicationController
     @users = @users.reorder(:name)
     @users = @users.page(params[:page])
 
-    if params[:todo_filter].present?
+    if params[:todo_filter].present? && current_user
       @users = @users.todo_authors(current_user.id, params[:todo_state_filter])
     end
 
diff --git a/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml b/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml
new file mode 100644
index 0000000000000000000000000000000000000000..862de7c5db17126ae858207af34c2cdff25ca485
--- /dev/null
+++ b/changelogs/unreleased/25031-do-not-raise-error-in-autocomplete.yml
@@ -0,0 +1,4 @@
+---
+title: Do not raise error in AutocompleteController#users when not authorized
+merge_request: 7817
+author: Semyon Pupkov
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
index 0d1545040f1b80ea5c45e13ba3baf2bf386ab27f..ea2fd90a9b013d02983d24cc7135794709a10b87 100644
--- a/spec/controllers/autocomplete_controller_spec.rb
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -144,6 +144,15 @@ describe AutocompleteController do
         it { expect(body).to be_kind_of(Array) }
         it { expect(body.size).to eq 0 }
       end
+
+      describe 'GET #users with todo filter' do
+        it 'gives an array of users' do
+          get :users, todo_filter: true
+
+          expect(response.status).to eq 200
+          expect(body).to be_kind_of(Array)
+        end
+      end
     end
 
     context 'author of issuable included' do