EZPPFarm/ripple-api
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow for searching user by email for users with ManageUser

Browse Source
This commit is contained in:
Morgan Bazalgette 2016-12-12 21:35:18 +01:00
parent e4af28b8ff
commit 62612cfdb8
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/tokens.go
View File

@ -29,10 +29,11 @@ WHERE token = ? LIMIT 1`,
) )
updateTokens <- t.ID updateTokens <- t.ID
if priv8 { if priv8 {
tokenPrivsRaw = common.PrivilegeReadConfidential | common.PrivilegeWrite // all privileges, they'll get removed by canOnly anyway.
tokenPrivsRaw = (common.PrivilegeBeatmap << 1) - 1
} }
t.TokenPrivileges = common.Privileges(tokenPrivsRaw)
t.UserPrivileges = common.UserPrivileges(userPrivsRaw) t.UserPrivileges = common.UserPrivileges(userPrivsRaw)
t.TokenPrivileges = common.Privileges(tokenPrivsRaw).CanOnly(t.UserPrivileges)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return common.Token{}, false return common.Token{}, false

11
app/v1/user.go
View File

@ -395,8 +395,15 @@ func UserLookupGET(md common.MethodData) common.CodeMessager {
} }
name = "%" + name + "%" name = "%" + name + "%"
rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE username_safe LIKE ? AND "+ var email string
md.User.OnlyUserPublic(true)+" LIMIT 25", name) if md.User.TokenPrivileges&common.PrivilegeManageUser != 0 &&
strings.Contains(md.Query("name"), "@") {
email = md.Query("name")
}
rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE "+
"(username_safe LIKE ? OR email = ?) AND "+
md.User.OnlyUserPublic(true)+" LIMIT 25", name, email)
if err != nil { if err != nil {
md.Err(err) md.Err(err)
return Err500 return Err500