Allow for searching user by email for users with ManageUser

app/tokens.go

@@ -29,10 +29,11 @@ WHERE token = ? LIMIT 1`,
 		)
 	updateTokens <- t.ID
 	if priv8 {
-		tokenPrivsRaw = common.PrivilegeReadConfidential | common.PrivilegeWrite
+		// all privileges, they'll get removed by canOnly anyway.
+		tokenPrivsRaw = (common.PrivilegeBeatmap << 1) - 1
 	}
-	t.TokenPrivileges = common.Privileges(tokenPrivsRaw)
 	t.UserPrivileges = common.UserPrivileges(userPrivsRaw)
+	t.TokenPrivileges = common.Privileges(tokenPrivsRaw).CanOnly(t.UserPrivileges)
 	switch {
 	case err == sql.ErrNoRows:
 		return common.Token{}, false

app/v1/user.go

@@ -395,8 +395,15 @@ func UserLookupGET(md common.MethodData) common.CodeMessager {
 	}
 	name = "%" + name + "%"
 
-	rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE username_safe LIKE ? AND "+
-		md.User.OnlyUserPublic(true)+" LIMIT 25", name)
+	var email string
+	if md.User.TokenPrivileges&common.PrivilegeManageUser != 0 &&
+		strings.Contains(md.Query("name"), "@") {
+		email = md.Query("name")
+	}
+
+	rows, err := md.DB.Query("SELECT users.id, users.username FROM users WHERE "+
+		"(username_safe LIKE ? OR email = ?) AND "+
+		md.User.OnlyUserPublic(true)+" LIMIT 25", name, email)
 	if err != nil {
 		md.Err(err)
 		return Err500