diff --git a/modules/users/tests/server/user.server.routes.tests.js b/modules/users/tests/server/user.server.routes.tests.js
new file mode 100644
index 0000000000..e897691aef
--- /dev/null
+++ b/modules/users/tests/server/user.server.routes.tests.js
@@ -0,0 +1,107 @@
+'use strict';
+
+var should = require('should'),
+	request = require('supertest'),
+	path = require('path'),
+	mongoose = require('mongoose'),
+	User = mongoose.model('User'),
+	express = require(path.resolve('./config/lib/express'));
+
+/**
+ * Globals
+ */
+var app, agent, credentials, user, admin;
+
+/**
+ * User routes tests
+ */
+describe('User CRUD tests', function () {
+	before(function (done) {
+		// Get application
+		app = express.init(mongoose);
+		agent = request.agent(app);
+
+		done();
+	});
+
+	beforeEach(function (done) {
+		// Create user credentials
+		credentials = {
+			username: 'username',
+			password: 'password'
+		};
+
+		// Create a new user
+		user = new User({
+			firstName: 'Full',
+			lastName: 'Name',
+			displayName: 'Full Name',
+			email: 'test@test.com',
+			username: credentials.username,
+			password: credentials.password,
+			provider: 'local'
+		});
+
+		// Save a user to the test db and create new article
+		user.save(function () {
+			done();
+		});
+	});
+
+	it('should not be able to retrieve a list of users if not admin', function (done) {
+		agent.post('/api/auth/signin')
+			.send(credentials)
+			.expect(200)
+			.end(function (signinErr, signinRes) {
+				// Handle signin error
+				if (signinErr) {
+					return done(signinErr);
+				}
+
+				// Save a new article
+				agent.get('/api/users')
+					.expect(403)
+					.end(function (usersGetErr, usersGetRes) {
+						if (usersGetErr) {
+							return done(usersGetErr);
+						}
+
+						return done();
+					});
+			});
+	});
+
+	it('should be able to retrieve a list of users if admin', function (done) {
+		user.roles = ['user', 'admin'];
+
+		user.save(function () {
+			agent.post('/api/auth/signin')
+				.send(credentials)
+				.expect(200)
+				.end(function (signinErr, signinRes) {
+					// Handle signin error
+					if (signinErr) {
+						return done(signinErr);
+					}
+
+					// Save a new article
+					agent.get('/api/users')
+						.expect(200)
+						.end(function (usersGetErr, usersGetRes) {
+							if (usersGetErr) {
+								return done(usersGetErr);
+							}
+
+							usersGetRes.body.should.be.instanceof(Array).and.have.lengthOf(1);
+
+							// Call the assertion callback
+							done();
+						});
+				});
+		});
+	});
+
+	afterEach(function (done) {
+		User.remove().exec(done);
+	});
+});