Two co-mingled sets of changes:
1) Implement the latest dataset read/write access settings from frontend to backend. Also updates for simultaneous read-only usage. 2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN. The first changes the way that projects and users are treated at the CM. When set, we create real accounts (marked as nonlocal) for users and also create real projects (also marked as nonlocal). Users are added to those projects according to their credentials. The underlying experiment is thus owned by the user and in the project, although all the work is still done by the geniuser pseudo user. The advantage of this approach is that we can use standard emulab access checks to control access to objects like datasets. Maybe images too at some point. NOTE: Users are not removed from projects once they are added; we are going to need to deal with this, perhaps by adding an expiration stamp to the groups_membership tables, and using the c...
Showing with 902 additions and 349 deletions