Code:
on [color:green]@[/color]1:DEOP:#:{
  if ([color:green]$remove($address($opnick,1),$chr(42),$chr(33)) == ident@hostmask.com[/color]) {
    mode # +o $opnick

    if ([color:green]$nick ison #[/color]) {
      mode # -o $nick
    }
  }
}


@ - The @ prefix means that it will not execute unless YOU are opped.


$remove($address($opnick,1),$chr(42),$chr(33)) == [email]ident@hostmask.com[/email] - This is essentially the same as what you were doing.

$address($opnick,1) - Returns the opnick's address in the form *!*ident@hostmask.
We aren't interested in the *!* part so I used $remove to take out those characters.
$chr(44) is the * and $chr(33) is the !
Thus the address format, after doing the removal results in this form [email]ident@hostmask[/email]


$nick ison # - This checks if the user who did the deop is still on the channel and if so, it will deop him.


-------------------------------------

Regarding the user list. This is quite simple to do and more practical if you're dealing with many addresses.

Press Alt + R and switch to the Users tab

In this window you can add users with the following format (one per line)
AccessLevel:nick!ident@hostmask

You can use wildcards here.

The default AccessLevel for all nicks is 1, so if you make use of this be sure to give a higher number than 1.

So for example lets say we have an user who's nick is MircUser, his ident is mirc and his hostmask is 127-0-0-1.client.isp.com

We'd like to give him an access level of 5 according to his hostmask, so in the user list we add this line

5:*!*@127-0-0-1.client.isp.com I will use this particular form of access in describing the integration further down

If we wanted to make it a bit more restricted, we could also make it include his ident, so you would add this line in place of the previous one

5:*!mirc@127-0-0-1.client.isp.com

I think you should understand where I'm going with this so I'll stop with the users part here.




Onto making the script work with the user list. Remember, in the users list we have 5:*!*@127-0-0-1.client.isp.com

We want it to only trigger if the opnick has an AccessLevel of 5.

So, we replace this line:

if ($remove($address($opnick,1),$chr(42),$chr(33)) == [email]ident@hostmask.com)[/email] {

with the following:

if ($ulist($address($opnick,2),5,1) != $null) {

This will obtain the opnick's address in the form of *!*@127-0-0-1.client.isp.com, it then searches the user list for "*!*@127-0-0-1.client.isp.com" and sees if it matches to an access level of 5.
If an address is found, then it deop's the deopper and re-ops the deopped nick.

If an address if not found, it does nothing.

Here is the code if you're using the user list.


Code:
on @1:DEOP:#:{
  if ($ulist($address($opnick,2),5,1) != $null) {
    mode # +o $opnick
    if ($nick ison #) {
      mode # -o $nick
    }
  }
}