diff --git a/src/socket.io/groups.js b/src/socket.io/groups.js
index 9f20203f0f..4e1152b514 100644
--- a/src/socket.io/groups.js
+++ b/src/socket.io/groups.js
@@ -4,6 +4,7 @@ const groups = require('../groups');
 const user = require('../user');
 const utils = require('../utils');
 const events = require('../events');
+const privileges = require('../privileges');
 const api = require('../api');
 const sockets = require('.');
 
@@ -241,12 +242,11 @@ SocketGroups.loadMore = async (socket, data) => {
 };
 
 SocketGroups.searchMembers = async (socket, data) => {
-	const [isOwner, isMember, isAdmin] = await Promise.all([
-		groups.ownership.isOwner(socket.uid, data.groupName),
-		groups.isMember(socket.uid, data.groupName),
-		user.isAdministrator(socket.uid),
-	]);
-	if (!isOwner && !isMember && !isAdmin) {
+	if (!data.groupName) {
+		throw new Error('[[error:invalid-data]]');
+	}
+	await canSearchMembers(socket.uid, data.groupName);
+	if (!await privileges.global.can('search:users', socket.uid)) {
 		throw new Error('[[error:no-privileges]]');
 	}
 	return await groups.searchMembers({
@@ -260,18 +260,7 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
 	if (!data.groupName || !utils.isNumber(data.after) || parseInt(data.after, 10) < 0) {
 		throw new Error('[[error:invalid-data]]');
 	}
-	const [isHidden, isAdmin, isGlobalMod] = await Promise.all([
-		groups.isHidden(data.groupName),
-		user.isAdministrator(socket.uid),
-		user.isGlobalModerator(socket.uid),
-	]);
-	if (isHidden && !isAdmin && !isGlobalMod) {
-		const isMember = await groups.isMember(socket.uid, data.groupName);
-		if (!isMember) {
-			throw new Error('[[error:no-privileges]]');
-		}
-	}
-
+	await canSearchMembers(socket.uid, data.groupName);
 	data.after = parseInt(data.after, 10);
 	const users = await groups.getOwnersAndMembers(data.groupName, socket.uid, data.after, data.after + 9);
 	return {
@@ -280,6 +269,20 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
 	};
 };
 
+async function canSearchMembers(uid, groupName) {
+	const [isHidden, isMember, isAdmin, isGlobalMod, viewGroups] = await Promise.all([
+		groups.isHidden(groupName),
+		groups.isMember(uid, groupName),
+		user.isAdministrator(uid),
+		user.isGlobalModerator(uid),
+		privileges.global.can('view:groups', uid),
+	]);
+
+	if (!viewGroups || (isHidden && !isMember && !isAdmin && !isGlobalMod)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+}
+
 SocketGroups.cover = {};
 
 SocketGroups.cover.update = async (socket, data) => {