separate user_attrs into privileged so other methods can run

ja5087 · ja5087 · commit f72177ce6b26 · 2019-04-20T23:48:53.000-07:00
diff --git a/ocflib/account/creation.py b/ocflib/account/creation.py
@@ -274,7 +274,7 @@ def validate_calnet_uid(uid):
         raise ValidationError(
             'CalNet UID already has account: ' + str(existing_accounts))
 
-    attrs = search.user_attrs_ucb(uid)
+    attrs = search.user_attrs_ucb_privileged(uid)
 
     if not attrs:
         raise ValidationError("CalNet UID can't be found in university LDAP.")
diff --git a/ocflib/account/search.py b/ocflib/account/search.py
@@ -56,6 +56,11 @@ def user_attrs_ucb(uid):
                       base=UCB_LDAP_PEOPLE)
 
 
+def user_attrs_ucb_privileged(uid):
+    return user_attrs(uid, connection=ldap.ldap_ucb_privileged,
+                      base=UCB_LDAP_PEOPLE)
+
+
 def user_exists(account):
     """Returns whether username is an OCF account."""
     return bool(user_attrs(account))
diff --git a/ocflib/vhost/web.py b/ocflib/vhost/web.py
@@ -3,7 +3,7 @@
 import requests
 
 from ocflib.account.search import user_attrs
-from ocflib.account.search import user_attrs_ucb
+from ocflib.account.search import user_attrs_ucb_privileged
 
 VHOST_DB_PATH = '/home/s/st/staff/vhost/vhost.conf'
 VHOST_DB_URL = 'https://www.ocf.berkeley.edu/~staff/vhost.conf'
@@ -86,9 +86,9 @@ def eligible_for_vhost(user):
     if 'callinkOid' in attrs:
         return True
     elif 'calnetUid' in attrs:
-        attrs_ucb = user_attrs_ucb(attrs['calnetUid'])
-        # TODO: Uncomment when we get a privileged LDAP bind.
-        if attrs_ucb:  # and 'EMPLOYEE-TYPE-ACADEMIC' in attrs_ucb['berkeleyEduAffiliations']:
+        attrs_ucb = user_attrs_ucb_privileged(attrs['calnetUid'])
+
+        if attrs_ucb and 'EMPLOYEE-TYPE-ACADEMIC' in attrs_ucb['berkeleyEduAffiliations']:
             return True
 
     return False
diff --git a/tests/account/creation_test.py b/tests/account/creation_test.py
@@ -444,7 +444,7 @@ def fake_credentials(mock_rsa_key):
 @pytest.yield_fixture
 def mock_valid_calnet_uid():
     with mock.patch(
-        'ocflib.account.search.user_attrs_ucb',
+        'ocflib.account.search.user_attrs_ucb_privileged',
         return_value={'berkeleyEduAffiliations': ['STUDENT-TYPE-REGISTERED']}
     ):
         yield
@@ -453,7 +453,7 @@ def mock_valid_calnet_uid():
 @pytest.yield_fixture
 def mock_invalid_calnet_uid():
     with mock.patch(
-        'ocflib.account.search.user_attrs_ucb',
+        'ocflib.account.search.user_attrs_ucb_privileged',
         return_value={'berkeleyEduAffiliations': ['STUDENT-STATUS-EXPIRED']},
     ):
         yield
