userId used to retrieve project from `safeStorage` ignored by `project.getTags`

[brollb]

The following router code fails when authentication is enabled:

const userId = projectId.split("+").shift();  // guarantee user should have permissions to view the project
const project = await safeStorage.openProject({
  username: userId,
  projectId,
});
const tagDict = await project.getTags();  // Error - user does not have the permissions to access the project!

Adding a debug log in safeStorage confirms that getTags is not receiving userId but is using the guest account.

I have been able to work around this by using the following code but still wanted to report it since the behavior surprised me.

const tagDict = await safeStorage.getTags({projectId, username: userId});

[pmeijer]

This holds for all methods on the "directly connected" project - that is a project that connects directly to the database. It was technically not a bug, rather a bad design decision since there is a method setUser on the project instance. Currently that is called in each place (the bin scripts essentially) where it's being called. But it's not a very intuitive approach (I recall it being an afterthought when it came to the storage redesign way back). Anyhow now, the #320 sets it directly from the storage.