From 62612cfdb877cdb8d413c6f297857006955774ae Mon Sep 17 00:00:00 2001
From: Morgan Bazalgette <the@howl.moe>
Date: Mon, 12 Dec 2016 21:35:18 +0100
Subject: [PATCH] Allow for searching user by email for users with ManageUser

---
 app/tokens.go  |  5 +++--
 app/v1/user.go | 11 +++++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/app/tokens.go b/app/tokens.go
index 071532b..42d15bb 100644
--- a/app/tokens.go
+++ b/app/tokens.go
@@ -29,10 +29,11 @@ WHERE token = ? LIMIT 1`,
 		)
 	updateTokens <- t.ID
 	if priv8 {
-		tokenPrivsRaw = common.PrivilegeReadConfidential | common.PrivilegeWrite
+		// all privileges, they'll get removed by canOnly anyway.
+		tokenPrivsRaw = (common.PrivilegeBeatmap << 1) - 1
 	}
-	t.TokenPrivileges = common.Privileges(tokenPrivsRaw)
 	t.UserPrivileges = common.UserPrivileges(userPrivsRaw)
+	t.TokenPrivileges = common.Privileges(tokenPrivsRaw).CanOnly(t.UserPrivileges)
 	switch {
 	case err == sql.ErrNoRows:
 		return common.Token{}, false
diff --git a/app/v1/user.go b/app/v1/user.go
index 5709fd7..e8b1027 100644
--- a/app/v1/user.go
+++ b/app/v1/user.go
@@ -395,8 +395,15 @@ func UserLookupGET(md common.MethodData) common.CodeMessager {
 	}
 	name = "%" + name + "%"
 
-	rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE username_safe LIKE ? AND "+
-		md.User.OnlyUserPublic(true)+" LIMIT 25", name)
+	var email string
+	if md.User.TokenPrivileges&common.PrivilegeManageUser != 0 &&
+		strings.Contains(md.Query("name"), "@") {
+		email = md.Query("name")
+	}
+
+	rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE "+
+		"(username_safe LIKE ? OR email = ?) AND "+
+		md.User.OnlyUserPublic(true)+" LIMIT 25", name, email)
 	if err != nil {
 		md.Err(err)
 		return Err500