Handle creation/updating of projects with external authorization enabled.
The classification label of a project is not verified during creation or updating a project.
We currently allow a user to update the classification label to one he does not have access to. We also allow them to create a project (using the default label) and then deny access once the external service denies access.
I think we should:
- Check access to the default label before creation.
- Check access to both the original and updated label when updating a project: This would mean 2 requests to the external service in this case.