diff --git a/apps/files_sharing/lib/Controller/ShareesController.php b/apps/files_sharing/lib/Controller/ShareesController.php
index 8dd2bb8ee409..1a58ce204ad9 100644
--- a/apps/files_sharing/lib/Controller/ShareesController.php
+++ b/apps/files_sharing/lib/Controller/ShareesController.php
@@ -76,6 +76,9 @@ class ShareesController extends OCSController  {
 	/** @var bool */
 	protected $shareeEnumeration = true;
 
+	/** @var bool */
+	protected $shareeEnumerationGroupMembers = false;
+
 	/** @var int */
 	protected $offset = 0;
 
@@ -137,7 +140,7 @@ protected function getUsers($search) {
 		$this->result['users'] = $this->result['exact']['users'] = $users = [];
 
 		$userGroups = [];
-		if ($this->shareWithGroupOnly) {
+		if ($this->shareWithGroupOnly || $this->shareeEnumerationGroupMembers) {
 			// Search in all the groups this user is part of
 			$userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
 			foreach ($userGroups as $userGroup) {
@@ -228,7 +231,7 @@ protected function getGroups($search) {
 		}
 
 		$userGroups =  [];
-		if (!empty($groups) && $this->shareWithGroupOnly) {
+		if (!empty($groups) && ($this->shareWithGroupOnly || $this->shareeEnumerationGroupMembers)) {
 			// Intersect all the groups that match with the groups this user is a member of
 			$userGroups = $this->groupManager->getUserGroups($this->userSession->getUser(), 'sharing');
 			$userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups);
@@ -469,6 +472,11 @@ public function search($search = '', $itemType = null, $page = 1, $perPage = 200
 
 		$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
 		$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
+		if ($this->shareeEnumeration) {
+			$this->shareeEnumerationGroupMembers = $this->config->getAppValue('core', 'shareapi_share_dialog_user_enumeration_group_members', 'no') === 'yes';
+		} else {
+			$this->shareeEnumerationGroupMembers = false;
+		}
 		$this->limit = (int) $perPage;
 		$this->offset = $perPage * ($page - 1);
 
diff --git a/apps/files_sharing/tests/API/ShareesTest.php b/apps/files_sharing/tests/API/ShareesTest.php
index b74c6b0c5d1f..450b9b871b20 100644
--- a/apps/files_sharing/tests/API/ShareesTest.php
+++ b/apps/files_sharing/tests/API/ShareesTest.php
@@ -413,6 +413,55 @@ public function dataGetUsers() {
 				true,
 				false,
 			],
+			// share enumeration limited to group memberships
+			[
+				// search for user in same group
+				'ano',
+				false,
+				true,
+				// memberships
+				['group1', 'group2'],
+				// args and user response for "displayNamesInGroup" call
+				[
+					['group1', 'ano', 2, 0, [
+						'another1' => 'Another One',
+					]],
+					['group2', 'ano', 2, 0, [
+					]],
+				],
+				// exact expected
+				[],
+				// fuzzy match expected
+				[
+					['label' => 'Another One', 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => 'another1']],
+				],
+				true,
+				false,
+				true,
+			],
+			[
+				// pick user directly by name
+				'another1',
+				false,
+				true,
+				// memberships
+				['group1', 'group2'],
+				// args and user response for "displayNamesInGroup" call
+				[
+					// no such user in member groups
+					['group1', 'another1', 2, 0, []],
+					['group2', 'another1', 2, 0, []],
+				],
+				// exact expected
+				[
+					['label' => 'Another One', 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => 'another1']],
+				],
+				// fuzzy match expected
+				[],
+				true,
+				$this->getUserMock('another1', 'Another One'),
+				true,
+			],
 		];
 	}
 
@@ -422,31 +471,47 @@ public function dataGetUsers() {
 	 * @param string $searchTerm
 	 * @param bool $shareWithGroupOnly
 	 * @param bool $shareeEnumeration
-	 * @param array $groupResponse
-	 * @param array $userResponse
-	 * @param array $exactExpected
-	 * @param array $expected
+	 * @param array $groupResponse user's group memberships
+	 * @param array $userResponse user manager's search response
+	 * @param array $exactExpected exact expected result
+	 * @param array $expected non-exact expected result
 	 * @param bool $reachedEnd
-	 * @param mixed $singleUser
+	 * @param mixed $singleUser false for testing search or user mock when we are testing a direct match
+	 * @param mixed $shareeEnumerationGroupMembers restrict enumeration to group members
 	 */
-	public function testGetUsers($searchTerm, $shareWithGroupOnly, $shareeEnumeration, $groupResponse, $userResponse, $exactExpected, $expected, $reachedEnd, $singleUser) {
+	public function testGetUsers(
+		$searchTerm,
+		$shareWithGroupOnly,
+		$shareeEnumeration,
+		$groupResponse,
+		$userResponse,
+		$exactExpected,
+		$expected,
+		$reachedEnd,
+		$singleUser,
+		$shareeEnumerationGroupMembers = false
+	) {
 		$this->invokePrivate($this->sharees, 'limit', [2]);
 		$this->invokePrivate($this->sharees, 'offset', [0]);
 		$this->invokePrivate($this->sharees, 'shareWithGroupOnly', [$shareWithGroupOnly]);
 		$this->invokePrivate($this->sharees, 'shareeEnumeration', [$shareeEnumeration]);
+		$this->invokePrivate($this->sharees, 'shareeEnumerationGroupMembers', [$shareeEnumerationGroupMembers]);
 
 		$user = $this->getUserMock('admin', 'Administrator');
 		$this->session->expects($this->any())
 			->method('getUser')
 			->willReturn($user);
 
-		if (!$shareWithGroupOnly) {
+		if (!$shareWithGroupOnly && !$shareeEnumerationGroupMembers) {
 			$this->userManager->expects($this->once())
 				->method('searchDisplayName')
 				->with($searchTerm, $this->invokePrivate($this->sharees, 'limit'), $this->invokePrivate($this->sharees, 'offset'))
 				->willReturn($userResponse);
 		} else {
-			if ($singleUser !== false) {
+			if ($singleUser !== false && !$shareeEnumerationGroupMembers) {
+				// first call is for the current user's group memberships
+				// second call happens later for an exact match to check whether
+				// that match also is member of the same groups
 				$this->groupManager->expects($this->exactly(2))
 					->method('getUserGroupIds')
 					->withConsecutive(
@@ -773,6 +838,44 @@ public function dataGetGroups() {
 				true,
 				$this->getGroupMock('test'),
 			],
+			// group enumeration restricted to group memberships
+			[
+				// partial search
+				'test', false, true,
+				// group results
+				[
+					$this->getGroupMock('test0'),
+				],
+				// user group memberships
+				[$this->getGroupMock('test0'), $this->getGroupMock('anothergroup')],
+				// exact expected
+				[],
+				// non-exact expected
+				[
+					['label' => 'test0', 'value' => ['shareType' => Share::SHARE_TYPE_GROUP, 'shareWith' => 'test0']],
+				],
+				true,
+				false,
+				true
+			],
+			[
+				// exact match
+				'test0', false, true,
+				// group results
+				[],
+				// user group memberships
+				[$this->getGroupMock('test')],
+				// exact expected
+				[
+					['label' => 'test0', 'value' => ['shareType' => Share::SHARE_TYPE_GROUP, 'shareWith' => 'test0']],
+				],
+				// non-exact expected
+				[],
+				true,
+				// exact match to test for
+				$this->getGroupMock('test0'),
+				true
+			],
 		];
 	}
 
@@ -782,18 +885,30 @@ public function dataGetGroups() {
 	 * @param string $searchTerm
 	 * @param bool $shareWithGroupOnly
 	 * @param bool $shareeEnumeration
-	 * @param array $groupResponse
-	 * @param array $userGroupsResponse
+	 * @param array $groupResponse group manager search response
+	 * @param array $userGroupsResponse user's group memberships
 	 * @param array $exactExpected
 	 * @param array $expected
 	 * @param bool $reachedEnd
-	 * @param mixed $singleGroup
+	 * @param mixed $singleGroup false when testing a search or group mock when testing direct match
 	 */
-	public function testGetGroups($searchTerm, $shareWithGroupOnly, $shareeEnumeration, $groupResponse, $userGroupsResponse, $exactExpected, $expected, $reachedEnd, $singleGroup) {
+	public function testGetGroups(
+		$searchTerm,
+		$shareWithGroupOnly,
+		$shareeEnumeration,
+		$groupResponse,
+		$userGroupsResponse,
+		$exactExpected,
+		$expected,
+		$reachedEnd,
+		$singleGroup,
+		$shareeEnumerationGroupMembers = false
+	) {
 		$this->invokePrivate($this->sharees, 'limit', [2]);
 		$this->invokePrivate($this->sharees, 'offset', [0]);
 		$this->invokePrivate($this->sharees, 'shareWithGroupOnly', [$shareWithGroupOnly]);
 		$this->invokePrivate($this->sharees, 'shareeEnumeration', [$shareeEnumeration]);
+		$this->invokePrivate($this->sharees, 'shareeEnumerationGroupMembers', [$shareeEnumerationGroupMembers]);
 
 		$this->groupManager->expects($this->once())
 			->method('search')
@@ -807,7 +922,7 @@ public function testGetGroups($searchTerm, $shareWithGroupOnly, $shareeEnumerati
 				->willReturn($singleGroup);
 		}
 
-		if ($shareWithGroupOnly) {
+		if ($shareWithGroupOnly || $shareeEnumerationGroupMembers) {
 			$user = $this->getUserMock('admin', 'Administrator');
 			$this->session->expects($this->any())
 				->method('getUser')
diff --git a/settings/Panels/Admin/FileSharing.php b/settings/Panels/Admin/FileSharing.php
index 8dbf8fc0b47b..88c8729a195d 100644
--- a/settings/Panels/Admin/FileSharing.php
+++ b/settings/Panels/Admin/FileSharing.php
@@ -56,6 +56,7 @@ public function getPanel() {
 		$template->assign('onlyShareWithGroupMembers', $this->helper->shareWithGroupMembersOnly());
 		$template->assign('allowMailNotification', $this->config->getAppValue('core', 'shareapi_allow_mail_notification', 'no'));
 		$template->assign('allowShareDialogUserEnumeration', $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'));
+		$template->assign('shareDialogUserEnumerationGroupMembers', $this->config->getAppValue('core', 'shareapi_share_dialog_user_enumeration_group_members', 'no'));
 		$excludeGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes' ? true : false;
 		$template->assign('shareExcludeGroups', $excludeGroups);
 		$excludedGroupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
diff --git a/settings/templates/panels/admin/filesharing.php b/settings/templates/panels/admin/filesharing.php
index 27168ced0ef3..632d4cd8b03c 100644
--- a/settings/templates/panels/admin/filesharing.php
+++ b/settings/templates/panels/admin/filesharing.php
@@ -84,4 +84,9 @@
 			<?php if ($_['allowShareDialogUserEnumeration'] === 'yes') print_unescaped('checked="checked"'); ?> />
 		<label for="shareapi_allow_share_dialog_user_enumeration"><?php p($l->t('Allow username autocompletion in share dialog. If this is disabled the full username needs to be entered.'));?></label><br />
 	</p>
+	<p class="indent <?php if ($_['shareAPIEnabled'] === 'no') p('hidden');?>">
+		<input type="checkbox" name="shareapi_share_dialog_user_enumeration_group_members" value="1" id="shareapi_share_dialog_user_enumeration_group_members" class="checkbox"
+			<?php if ($_['shareDialogUserEnumerationGroupMembers'] === 'yes') print_unescaped('checked="checked"'); ?> />
+		<label for="shareapi_share_dialog_user_enumeration_group_members"><?php p($l->t('Restrict enumeration to group members'));?></label><br />
+	</p>
 </div>
diff --git a/tests/integration/features/bootstrap/ShareesContext.php b/tests/integration/features/bootstrap/ShareesContext.php
index f5e5e7b94ff2..279c2a07912c 100644
--- a/tests/integration/features/bootstrap/ShareesContext.php
+++ b/tests/integration/features/bootstrap/ShareesContext.php
@@ -68,6 +68,7 @@ public function getArrayOfShareesResponded(ResponseInterface $response, $shareeT
 	protected function resetAppConfigs() {
 		$this->modifyServerConfig('core', 'shareapi_only_share_with_group_members', 'no');
 		$this->modifyServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
+		$this->modifyServerConfig('core', 'shareapi_share_dialog_user_enumeration_group_members', 'no');
 		$this->modifyServerConfig('core', 'shareapi_allow_group_sharing', 'yes');
 	}
 }
diff --git a/tests/integration/sharees_features/sharees.feature b/tests/integration/sharees_features/sharees.feature
index 58570cfc5f19..6348e1dc70a6 100644
--- a/tests/integration/sharees_features/sharees.feature
+++ b/tests/integration/sharees_features/sharees.feature
@@ -1,240 +1,308 @@
 Feature: sharees
-  Background:
-    Given using api version "1"
-    And user "test" exists
-    And user "Sharee1" exists
-    And group "ShareeGroup" exists
-    And user "test" belongs to group "ShareeGroup"
-
-  Scenario: Search without exact match
-    Given As an "test"
-    When getting sharees for
-      | search | Sharee |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned are
-      | ShareeGroup | 1 | ShareeGroup |
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search without exact match not-exact casing
-    Given As an "test"
-    When getting sharees for
-      | search | sharee |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned are
-      | ShareeGroup | 1 | ShareeGroup |
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search only with group members - denied
-    Given As an "test"
-    And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
-    When getting sharees for
-      | search | sharee |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned is empty
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned are
-      | ShareeGroup | 1 | ShareeGroup |
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search only with group members - allowed
-    Given As an "test"
-    And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
-    And user "Sharee1" belongs to group "ShareeGroup"
-    When getting sharees for
-      | search | sharee |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned are
-      | ShareeGroup | 1 | ShareeGroup |
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search only with group members - no group as non-member
-    Given As an "Sharee1"
-    And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
-    When getting sharees for
-      | search | sharee |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned is empty
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned is empty
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search without exact match no iteration allowed
-    Given As an "test"
-    And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
-    When getting sharees for
-      | search | Sharee |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned is empty
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned is empty
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search with exact match no iteration allowed
-    Given As an "test"
-    And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
-    When getting sharees for
-      | search | Sharee1 |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    And "users" sharees returned is empty
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned is empty
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search with exact match group no iteration allowed
-    Given As an "test"
-    And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
-    When getting sharees for
-      | search | ShareeGroup |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned is empty
-    And "exact groups" sharees returned are
-      | ShareeGroup | 1 | ShareeGroup |
-    And "groups" sharees returned is empty
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
-
-  Scenario: Search with exact match
-    Given As an "test"
-    When getting sharees for
-      | search | Sharee1 |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    Then "exact users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    Then "users" sharees returned is empty
-    Then "exact groups" sharees returned is empty
-    Then "groups" sharees returned is empty
-    Then "exact remotes" sharees returned is empty
-    Then "remotes" sharees returned is empty
-
-  Scenario: Search with exact match not-exact casing
-    Given As an "test"
-    When getting sharees for
-      | search | sharee1 |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    Then "exact users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    Then "users" sharees returned is empty
-    Then "exact groups" sharees returned is empty
-    Then "groups" sharees returned is empty
-    Then "exact remotes" sharees returned is empty
-    Then "remotes" sharees returned is empty
-
-  Scenario: Search with exact match not-exact casing group
-    Given As an "test"
-    When getting sharees for
-      | search | shareegroup |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    Then "exact users" sharees returned is empty
-    Then "users" sharees returned is empty
-    Then "exact groups" sharees returned are
-      | ShareeGroup | 1 | ShareeGroup |
-    Then "groups" sharees returned is empty
-    Then "exact remotes" sharees returned is empty
-    Then "remotes" sharees returned is empty
-
-  Scenario: Search with "self"
-    Given As an "Sharee1"
-    When getting sharees for
-      | search | Sharee1 |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    Then "exact users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    Then "users" sharees returned is empty
-    Then "exact groups" sharees returned is empty
-    Then "groups" sharees returned is empty
-    Then "exact remotes" sharees returned is empty
-    Then "remotes" sharees returned is empty
-
-  Scenario: Remote sharee for files
-    Given As an "test"
-    When getting sharees for
-      | search | test@localhost |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    Then "exact users" sharees returned is empty
-    Then "users" sharees returned is empty
-    Then "exact groups" sharees returned is empty
-    Then "groups" sharees returned is empty
-    Then "exact remotes" sharees returned are
-      | test@localhost | 6 | test@localhost |
-    Then "remotes" sharees returned is empty
-
-  Scenario: Remote sharee for calendars not allowed
-    Given As an "test"
-    When getting sharees for
-      | search | test@localhost |
-      | itemType | calendar |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    Then "exact users" sharees returned is empty
-    Then "users" sharees returned is empty
-    Then "exact groups" sharees returned is empty
-    Then "groups" sharees returned is empty
-    Then "exact remotes" sharees returned is empty
-    Then "remotes" sharees returned is empty
-
-  Scenario: Group sharees not returned when group sharing is disabled
-    Given As an "test"
-    And parameter "shareapi_allow_group_sharing" of app "core" is set to "no"
-    When getting sharees for
-      | search | sharee |
-      | itemType | file |
-    Then the OCS status code should be "100"
-    And the HTTP status code should be "200"
-    And "exact users" sharees returned is empty
-    And "users" sharees returned are
-      | Sharee1 | 0 | Sharee1 |
-    And "exact groups" sharees returned is empty
-    And "groups" sharees returned is empty
-    And "exact remotes" sharees returned is empty
-    And "remotes" sharees returned is empty
+	Background:
+		Given using api version "1"
+		And user "test" exists
+		And user "Sharee1" exists
+		And group "ShareeGroup" exists
+		And user "test" belongs to group "ShareeGroup"
+
+	Scenario: Search without exact match
+		Given As an "test"
+		When getting sharees for
+			| search | Sharee |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned are
+			| ShareeGroup | 1 | ShareeGroup |
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search without exact match not-exact casing
+		Given As an "test"
+		When getting sharees for
+			| search | sharee |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned are
+			| ShareeGroup | 1 | ShareeGroup |
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search only with group members - denied
+		Given As an "test"
+		And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+		When getting sharees for
+			| search | sharee |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned are
+			| ShareeGroup | 1 | ShareeGroup |
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search only with group members - allowed
+		Given As an "test"
+		And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+		And user "Sharee1" belongs to group "ShareeGroup"
+		When getting sharees for
+			| search | sharee |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned are
+			| ShareeGroup | 1 | ShareeGroup |
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search only with group members - no group as non-member
+		Given As an "Sharee1"
+		And parameter "shareapi_only_share_with_group_members" of app "core" is set to "yes"
+		When getting sharees for
+			| search | sharee |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search without exact match no iteration allowed
+		Given As an "test"
+		And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+		When getting sharees for
+			| search | Sharee |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search with exact match no iteration allowed
+		Given As an "test"
+		And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+		When getting sharees for
+			| search | Sharee1 |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search with exact match group no iteration allowed
+		Given As an "test"
+		And parameter "shareapi_allow_share_dialog_user_enumeration" of app "core" is set to "no"
+		When getting sharees for
+			| search | ShareeGroup |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned are
+			| ShareeGroup | 1 | ShareeGroup |
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Search with exact match
+		Given As an "test"
+		When getting sharees for
+			| search | Sharee1 |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		Then "exact users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		Then "users" sharees returned is empty
+		Then "exact groups" sharees returned is empty
+		Then "groups" sharees returned is empty
+		Then "exact remotes" sharees returned is empty
+		Then "remotes" sharees returned is empty
+
+	Scenario: Search with exact match not-exact casing
+		Given As an "test"
+		When getting sharees for
+			| search | sharee1 |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		Then "exact users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		Then "users" sharees returned is empty
+		Then "exact groups" sharees returned is empty
+		Then "groups" sharees returned is empty
+		Then "exact remotes" sharees returned is empty
+		Then "remotes" sharees returned is empty
+
+	Scenario: Search with exact match not-exact casing group
+		Given As an "test"
+		When getting sharees for
+			| search | shareegroup |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		Then "exact users" sharees returned is empty
+		Then "users" sharees returned is empty
+		Then "exact groups" sharees returned are
+			| ShareeGroup | 1 | ShareeGroup |
+		Then "groups" sharees returned is empty
+		Then "exact remotes" sharees returned is empty
+		Then "remotes" sharees returned is empty
+
+	Scenario: Search with "self"
+		Given As an "Sharee1"
+		When getting sharees for
+			| search | Sharee1 |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		Then "exact users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		Then "users" sharees returned is empty
+		Then "exact groups" sharees returned is empty
+		Then "groups" sharees returned is empty
+		Then "exact remotes" sharees returned is empty
+		Then "remotes" sharees returned is empty
+
+	Scenario: Remote sharee for files
+		Given As an "test"
+		When getting sharees for
+			| search | test@localhost |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		Then "exact users" sharees returned is empty
+		Then "users" sharees returned is empty
+		Then "exact groups" sharees returned is empty
+		Then "groups" sharees returned is empty
+		Then "exact remotes" sharees returned are
+			| test@localhost | 6 | test@localhost |
+		Then "remotes" sharees returned is empty
+
+	Scenario: Remote sharee for calendars not allowed
+		Given As an "test"
+		When getting sharees for
+			| search | test@localhost |
+			| itemType | calendar |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		Then "exact users" sharees returned is empty
+		Then "users" sharees returned is empty
+		Then "exact groups" sharees returned is empty
+		Then "groups" sharees returned is empty
+		Then "exact remotes" sharees returned is empty
+		Then "remotes" sharees returned is empty
+
+	Scenario: Group sharees not returned when group sharing is disabled
+		Given As an "test"
+		And parameter "shareapi_allow_group_sharing" of app "core" is set to "no"
+		When getting sharees for
+			| search | sharee |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Enumerate only group members - only show partial results from member groups
+		Given As an "test"
+		And user "Another" exists
+		And user "Another" belongs to group "ShareeGroup"
+		And parameter "shareapi_share_dialog_user_enumeration_group_members" of app "core" is set to "yes"
+		When getting sharees for
+			| search | ano |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned are
+			| Another | 0 | Another |
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Enumerate only group members - accept exact match from non-member groups
+		Given As an "test"
+		And parameter "shareapi_share_dialog_user_enumeration_group_members" of app "core" is set to "yes"
+		When getting sharees for
+			| search | Sharee1 |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned are
+			| Sharee1 | 0 | Sharee1 |
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Enumerate only group members - only show partial results from member groups
+		Given As an "test"
+		And parameter "shareapi_share_dialog_user_enumeration_group_members" of app "core" is set to "yes"
+		When getting sharees for
+			| search | ShareeG |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned is empty
+		And "groups" sharees returned are
+			| ShareeGroup | 1 | ShareeGroup |
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+
+	Scenario: Enumerate only group members - only accept exact group match from non-memberships
+		Given As an "test"
+		And group "ShareeGroupNonMember" exists
+		And parameter "shareapi_share_dialog_user_enumeration_group_members" of app "core" is set to "yes"
+		When getting sharees for
+			| search | ShareeGroupNonMember |
+			| itemType | file |
+		Then the OCS status code should be "100"
+		And the HTTP status code should be "200"
+		And "exact users" sharees returned is empty
+		And "users" sharees returned is empty
+		And "exact groups" sharees returned are
+			| ShareeGroupNonMember | 1 | ShareeGroupNonMember |
+		And "groups" sharees returned is empty
+		And "exact remotes" sharees returned is empty
+		And "remotes" sharees returned is empty
+