dhis2 · jbee · Jan 7, 2025
diff --git a/...web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractFullReadOnlyController.java b/...web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractFullReadOnlyController.java
@@ -81,6 +81,7 @@
 import org.hisp.dhis.security.acl.AclService;
 import org.hisp.dhis.system.util.ReflectionUtils;
 import org.hisp.dhis.user.CurrentUser;
+import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserDetails;
 import org.hisp.dhis.user.UserSettingsService;
 import org.hisp.dhis.webapi.mvc.annotation.ApiVersion;
@@ -242,7 +243,7 @@ protected List<UID> getPreQueryMatches(P params) throws ConflictException {
   @Nonnull
   protected List<Criterion> getAdditionalFilters(P params) throws ConflictException {
     List<Criterion> filters = new ArrayList<>();
-    if (params.getQuery() != null && !params.getQuery().isEmpty())
+    if (params.getQuery() != null && !params.getQuery().isEmpty() && getEntityClass() != User.class)
       filters.add(Restrictions.query(getSchema(), params.getQuery()));
     List<UID> matches = getPreQueryMatches(params);
     // Note: null = no special filters, empty = no matches for special filters

diff --git a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java
@@ -217,7 +217,8 @@ public static final class GetUserObjectListParams extends GetObjectListParams {
 
     @JsonIgnore
     boolean isUsingAnySpecialFilters() {
-      return phoneNumber != null
+      return getQuery() != null
+          || phoneNumber != null
           || canManage
           || authSubset
           || lastLogin != null