• Leigh B Stoller's avatar
    Tighten up permissions granted to geni users coming from the GPO Portal. · 105c42e1
    Leigh B Stoller authored
    We now ask the portal for a the user's project membership list, and if the
    user is not a member of any (unexpired) projects, we do not allow them to
    create experiments (or much of anything else) in the Cloud Portal. I did
    this by setting the local holding project trust to "user" and setting the
    webonly bit in the users table. The user can use the picker to see public
    profiles, but the create button tells them no dice, go join a project at
    the GPO portal.
    We make the project check each time the user logs in via the trusted
quickvm_sup.php 24.4 KB