diff --git a/src/applications/people/controller/PhabricatorPeopleListController.php b/src/applications/people/controller/PhabricatorPeopleListController.php
index da3f2dd9dc..d1b8598f6c 100644
--- a/src/applications/people/controller/PhabricatorPeopleListController.php
+++ b/src/applications/people/controller/PhabricatorPeopleListController.php
@@ -1,110 +1,35 @@
 <?php
 
-final class PhabricatorPeopleListController extends PhabricatorPeopleController
-  implements PhabricatorApplicationSearchResultsControllerInterface {
+final class PhabricatorPeopleListController
+  extends PhabricatorPeopleController {
 
   private $key;
 
   public function shouldAllowPublic() {
     return true;
   }
 
   public function shouldRequireAdmin() {
     return false;
   }
 
   public function willProcessRequest(array $data) {
     $this->key = idx($data, 'key');
   }
 
   public function processRequest() {
     $request = $this->getRequest();
     $viewer = $request->getUser();
 
     $this->requireApplicationCapability(
       PeopleCapabilityBrowseUserDirectory::CAPABILITY);
 
     $controller = id(new PhabricatorApplicationSearchController($request))
       ->setQueryKey($this->key)
       ->setSearchEngine(new PhabricatorPeopleSearchEngine())
       ->setNavigation($this->buildSideNavView());
 
     return $this->delegateToController($controller);
   }
 
-  public function renderResultsList(
-    array $users,
-    PhabricatorSavedQuery $query) {
-
-    assert_instances_of($users, 'PhabricatorUser');
-
-    $request = $this->getRequest();
-    $viewer = $request->getUser();
-
-    $list = new PHUIObjectItemListView();
-
-    $is_approval = ($query->getQueryKey() == 'approval');
-
-    foreach ($users as $user) {
-      $primary_email = $user->loadPrimaryEmail();
-      if ($primary_email && $primary_email->getIsVerified()) {
-        $email = pht('Verified');
-      } else {
-        $email = pht('Unverified');
-      }
-
-      $item = new PHUIObjectItemView();
-      $item->setHeader($user->getFullName())
-        ->setHref('/p/'.$user->getUsername().'/')
-        ->addAttribute(hsprintf('%s %s',
-            phabricator_date($user->getDateCreated(), $viewer),
-            phabricator_time($user->getDateCreated(), $viewer)))
-        ->addAttribute($email)
-        ->setImageURI($user->getProfileImageURI());
-
-      if ($is_approval && $primary_email) {
-        $item->addAttribute($primary_email->getAddress());
-      }
-
-      if ($user->getIsDisabled()) {
-        $item->addIcon('disable', pht('Disabled'));
-      }
-
-      if (!$is_approval) {
-        if (!$user->getIsApproved()) {
-          $item->addIcon('perflab-grey', pht('Needs Approval'));
-        }
-      }
-
-      if ($user->getIsAdmin()) {
-        $item->addIcon('highlight', pht('Admin'));
-      }
-
-      if ($user->getIsSystemAgent()) {
-        $item->addIcon('computer', pht('Bot/Script'));
-      }
-
-      if ($viewer->getIsAdmin()) {
-        $user_id = $user->getID();
-        if ($is_approval) {
-          $item->addAction(
-            id(new PHUIListItemView())
-              ->setIcon('fa-ban')
-              ->setName(pht('Disable'))
-              ->setWorkflow(true)
-              ->setHref($this->getApplicationURI('disapprove/'.$user_id.'/')));
-          $item->addAction(
-            id(new PHUIListItemView())
-              ->setIcon('fa-thumbs-o-up')
-              ->setName(pht('Approve'))
-              ->setWorkflow(true)
-              ->setHref($this->getApplicationURI('approve/'.$user_id.'/')));
-        }
-      }
-
-      $list->addItem($item);
-    }
-
-    return $list;
-  }
 }
diff --git a/src/applications/people/query/PhabricatorPeopleSearchEngine.php b/src/applications/people/query/PhabricatorPeopleSearchEngine.php
index 9b5ea5337d..7d16b4fb73 100644
--- a/src/applications/people/query/PhabricatorPeopleSearchEngine.php
+++ b/src/applications/people/query/PhabricatorPeopleSearchEngine.php
@@ -1,173 +1,266 @@
 <?php
 
 final class PhabricatorPeopleSearchEngine
   extends PhabricatorApplicationSearchEngine {
 
+  public function getApplicationClassName() {
+    return 'PhabricatorApplicationPeople';
+  }
+
   public function getCustomFieldObject() {
     return new PhabricatorUser();
   }
 
   public function buildSavedQueryFromRequest(AphrontRequest $request) {
     $saved = new PhabricatorSavedQuery();
 
     $saved->setParameter('usernames', $request->getStrList('usernames'));
     $saved->setParameter('nameLike', $request->getStr('nameLike'));
     $saved->setParameter('isAdmin', $request->getStr('isAdmin'));
     $saved->setParameter('isDisabled', $request->getStr('isDisabled'));
     $saved->setParameter('isSystemAgent', $request->getStr('isSystemAgent'));
     $saved->setParameter('needsApproval', $request->getStr('needsApproval'));
     $saved->setParameter('createdStart', $request->getStr('createdStart'));
     $saved->setParameter('createdEnd', $request->getStr('createdEnd'));
 
     $this->readCustomFieldsFromRequest($request, $saved);
 
     return $saved;
   }
 
   public function buildQueryFromSavedQuery(PhabricatorSavedQuery $saved) {
     $query = id(new PhabricatorPeopleQuery())
       ->needPrimaryEmail(true)
       ->needProfileImage(true);
 
+    $viewer = $this->requireViewer();
+
+    // If the viewer can't browse the user directory, restrict the query to
+    // just the user's own profile. This is a little bit silly, but serves to
+    // restrict users from creating a dashboard panel which essentially just
+    // contains a user directory anyway.
+    $can_browse = PhabricatorPolicyFilter::hasCapability(
+      $viewer,
+      $this->getApplication(),
+      PeopleCapabilityBrowseUserDirectory::CAPABILITY);
+    if (!$can_browse) {
+      $query->withPHIDs(array($viewer->getPHID()));
+    }
+
     $usernames = $saved->getParameter('usernames', array());
     if ($usernames) {
       $query->withUsernames($usernames);
     }
 
     $like = $saved->getParameter('nameLike');
     if ($like) {
       $query->withNameLike($like);
     }
 
     $is_admin = $saved->getParameter('isAdmin');
     $is_disabled = $saved->getParameter('isDisabled');
     $is_system_agent = $saved->getParameter('isSystemAgent');
     $needs_approval = $saved->getParameter('needsApproval');
     $no_disabled = $saved->getParameter('noDisabled');
 
     if ($is_admin) {
       $query->withIsAdmin(true);
     }
 
     if ($is_disabled) {
       $query->withIsDisabled(true);
     } else if ($no_disabled) {
       $query->withIsDisabled(false);
     }
 
     if ($is_system_agent) {
       $query->withIsSystemAgent(true);
     }
 
     if ($needs_approval) {
       $query->withIsApproved(false);
     }
 
     $start = $this->parseDateTime($saved->getParameter('createdStart'));
     $end = $this->parseDateTime($saved->getParameter('createdEnd'));
 
     if ($start) {
       $query->withDateCreatedAfter($start);
     }
 
     if ($end) {
       $query->withDateCreatedBefore($end);
     }
 
     $this->applyCustomFieldsToQuery($query, $saved);
 
     return $query;
   }
 
   public function buildSearchForm(
     AphrontFormView $form,
     PhabricatorSavedQuery $saved) {
 
     $usernames = $saved->getParameter('usernames', array());
     $like = $saved->getParameter('nameLike');
 
     $is_admin = $saved->getParameter('isAdmin');
     $is_disabled = $saved->getParameter('isDisabled');
     $is_system_agent = $saved->getParameter('isSystemAgent');
     $needs_approval = $saved->getParameter('needsApproval');
 
     $form
       ->appendChild(
         id(new AphrontFormTextControl())
           ->setName('usernames')
           ->setLabel(pht('Usernames'))
           ->setValue(implode(', ', $usernames)))
       ->appendChild(
         id(new AphrontFormTextControl())
           ->setName('nameLike')
           ->setLabel(pht('Name Contains'))
           ->setValue($like))
       ->appendChild(
         id(new AphrontFormCheckboxControl())
           ->setLabel('Role')
           ->addCheckbox(
             'isAdmin',
             1,
             pht('Show only administrators.'),
             $is_admin)
           ->addCheckbox(
             'isDisabled',
             1,
             pht('Show only disabled users.'),
             $is_disabled)
           ->addCheckbox(
             'isSystemAgent',
             1,
             pht('Show only bots.'),
             $is_system_agent)
           ->addCheckbox(
             'needsApproval',
             1,
             pht('Show only users who need approval.'),
             $needs_approval));
 
     $this->appendCustomFieldsToForm($form, $saved);
 
     $this->buildDateRange(
       $form,
       $saved,
       'createdStart',
       pht('Joined After'),
       'createdEnd',
       pht('Joined Before'));
   }
 
   protected function getURI($path) {
     return '/people/'.$path;
   }
 
   public function getBuiltinQueryNames() {
     $names = array(
       'all' => pht('All'),
     );
 
     $viewer = $this->requireViewer();
     if ($viewer->getIsAdmin()) {
       $names['approval'] = pht('Approval Queue');
     }
 
     return $names;
   }
 
   public function buildSavedQueryFromBuiltin($query_key) {
     $query = $this->newSavedQuery();
     $query->setQueryKey($query_key);
 
     switch ($query_key) {
       case 'all':
         return $query;
       case 'approval':
         return $query
           ->setParameter('needsApproval', true)
           ->setParameter('noDisabled', true);
     }
 
     return parent::buildSavedQueryFromBuiltin($query_key);
   }
 
+  protected function renderResultList(
+    array $users,
+    PhabricatorSavedQuery $query,
+    array $handles) {
+
+    assert_instances_of($users, 'PhabricatorUser');
+
+    $request = $this->getRequest();
+    $viewer = $this->requireViewer();
+
+    $list = new PHUIObjectItemListView();
+
+    $is_approval = ($query->getQueryKey() == 'approval');
+
+    foreach ($users as $user) {
+      $primary_email = $user->loadPrimaryEmail();
+      if ($primary_email && $primary_email->getIsVerified()) {
+        $email = pht('Verified');
+      } else {
+        $email = pht('Unverified');
+      }
+
+      $item = new PHUIObjectItemView();
+      $item->setHeader($user->getFullName())
+        ->setHref('/p/'.$user->getUsername().'/')
+        ->addAttribute(phabricator_datetime($user->getDateCreated(), $viewer))
+        ->addAttribute($email)
+        ->setImageURI($user->getProfileImageURI());
+
+      if ($is_approval && $primary_email) {
+        $item->addAttribute($primary_email->getAddress());
+      }
+
+      if ($user->getIsDisabled()) {
+        $item->addIcon('fa-ban', pht('Disabled'));
+      }
+
+      if (!$is_approval) {
+        if (!$user->getIsApproved()) {
+          $item->addIcon('fa-clock-o', pht('Needs Approval'));
+        }
+      }
+
+      if ($user->getIsAdmin()) {
+        $item->addIcon('fa-star', pht('Admin'));
+      }
+
+      if ($user->getIsSystemAgent()) {
+        $item->addIcon('fa-desktop', pht('Bot/Script'));
+      }
+
+      if ($viewer->getIsAdmin()) {
+        $user_id = $user->getID();
+        if ($is_approval) {
+          $item->addAction(
+            id(new PHUIListItemView())
+              ->setIcon('fa-ban')
+              ->setName(pht('Disable'))
+              ->setWorkflow(true)
+              ->setHref($this->getApplicationURI('disapprove/'.$user_id.'/')));
+          $item->addAction(
+            id(new PHUIListItemView())
+              ->setIcon('fa-thumbs-o-up')
+              ->setName(pht('Approve'))
+              ->setWorkflow(true)
+              ->setHref($this->getApplicationURI('approve/'.$user_id.'/')));
+        }
+      }
+
+      $list->addItem($item);
+    }
+
+    return $list;
+  }
+
 }