When participant logson with google account, actual profile is that of creator

[TjerkNan]

Describe the bug When I log in with a new google account to become a participant, I'm able to create projects, thus I have creator privileges. When I log in with email/password I don't have these privileges.

To Reproduce Steps to reproduce the behavior:

1. logon as participant with google account (not used)
2. Observe privileges

Expected behavior To have participant privileges not creator privileges when logging on with google account.

Screenshots N/A.

Desktop (please complete the following information):

• Safari

[TjerkNan]

@mellelieuwes when I login with one of my test participants acounts with both google and email I get full access like a researcher (able to create projects). If this is not what we want, the bug is not solved.

If this is what we want, why do we have a login screen that is distinct for a participant and a researcher, apart from the sign-in with surfconext?

[mellelieuwes]

@mellelieuwes did you create a completely new participant account before testing?

[TjerkNan]

@mellelieuwes did you create a completely new participant account before testing?

No, I was assuming that this would be fixed for existing participant accounts, but a new account works as expected. Do you consider this issue closed because of this result?

P.S. it seems that this issue was not related to just google accounts, a new email-based participant account will also be limited, but existing email-based participant accounts have creator privileges

[mellelieuwes]

@TjerkNan Access rights are appointed on account registration not login. Google and SURFconnext have an implicit registration step. First login is also a registration, so this might confuse things. We might need to create an explicit registration step for all auth platforms as well.

The main reason for the participant/researcher login separation is to not confuse the users with options.

[TjerkNan]

@mellelieuwes I understand the context, my question was if existing participant accounts that have similar privileges as creator accounts should have their privileges reduced, which requires additional work, or do we accept that existing participant accounts have elevated privileges. I don't have an opinion on what the choice should be, just that the choice is clear to me. If we don't want to touch older participant accounts with 'elevated' privileges this issue is closed, right?

[mellelieuwes]

Participant accounts are only used in Benchmark Challenge on prod. It will be a thing for Panl when we launch that feature. For the existing Participant accounts on prod it is not a problem if they have creator rigths. So this issue can be closed.