diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
new file mode 100644
index 0000000000000000000000000000000000000000..11af9895261f1a683df092e4f03d9dad02a6e0c5
--- /dev/null
+++ b/app/controllers/autocomplete_controller.rb
@@ -0,0 +1,30 @@
+class AutocompleteController < ApplicationController
+  def users
+    @users =
+      if params[:project_id].present?
+        project = Project.find(params[:project_id])
+
+        if can?(current_user, :read_project, project)
+          project.team.users
+        end
+      elsif params[:group_id]
+        group = Group.find(params[:group_id])
+
+        if can?(current_user, :read_group, group)
+          group.users
+        end
+      else
+        User.all
+      end
+
+    @users = @users.search(params[:search]) if params[:search].present?
+    @users = @users.active
+    @users = @users.page(params[:page]).per(PER_PAGE)
+    render json: @users, only: [:name, :username, :id], methods: [:avatar_url]
+  end
+
+  def user
+    @user = User.find(params[:id])
+    render json: @user, only: [:name, :username, :id], methods: [:avatar_url]
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index c30cd768572678808b9faab80fb1e809293139a8..388858d2670ae582440b2b18762f0b7f431bf033 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -8,6 +8,11 @@ Gitlab::Application.routes.draw do
                 authorizations: 'oauth/authorizations'
   end
 
+  # Autocomplete
+  get '/autocomplete/users' => 'autocomplete#users'
+  get '/autocomplete/users/:id' => 'autocomplete#user'
+
+
   # Search
   get 'search' => 'search#show'
   get 'search/autocomplete' => 'search#autocomplete', as: :search_autocomplete
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..a0909cec3bd6f77f916aa1e86b9284441e1b8ecc
--- /dev/null
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe AutocompleteController do
+  let!(:project) { create(:project) }
+  let!(:user)    { create(:user) }
+  let!(:user2)   { create(:user) }
+
+  context 'project members' do
+    before do
+      sign_in(user)
+      project.team << [user, :master]
+
+      get(:users, project_id: project.id)
+    end
+
+    let(:body) { JSON.parse(response.body) }
+
+    it { body.should be_kind_of(Array) }
+    it { body.size.should eq(1) }
+    it { body.first["username"].should == user.username }
+  end
+
+  context 'group members' do
+    let(:group) { create(:group) }
+
+    before do
+      sign_in(user)
+      group.add_owner(user)
+
+      get(:users, group_id: group.id)
+    end
+
+    let(:body) { JSON.parse(response.body) }
+
+    it { body.should be_kind_of(Array) }
+    it { body.size.should eq(1) }
+    it { body.first["username"].should == user.username }
+  end
+
+  context 'all users' do
+    before do
+      sign_in(user)
+      get(:users)
+    end
+
+    let(:body) { JSON.parse(response.body) }
+
+    it { body.should be_kind_of(Array) }
+    it { body.size.should eq(User.count) }
+  end
+end