diff --git a/shapeworks_cloud/core/models.py b/shapeworks_cloud/core/models.py
index de6d0532..90b40e87 100644
--- a/shapeworks_cloud/core/models.py
+++ b/shapeworks_cloud/core/models.py
@@ -20,11 +20,14 @@ class Dataset(TimeStampedModel, models.Model):
     publications = models.TextField(blank=True, default='')
 
     def get_contents(self):
-        ret = []
+        ret = []  # type: ignore
 
         def truncate_filename(filename):
             return filename.split('/')[-1]
 
+        def truncate_anatomy(anatomy_type):
+            return anatomy_type.replace('anatomy_', '')
+
         group_list = [
             Segmentation.objects.filter(subject__dataset=self),
             Mesh.objects.filter(subject__dataset=self),
@@ -34,12 +37,24 @@ def truncate_filename(filename):
 
         for shape_group in group_list:
             for shape in shape_group:
-                ret.append(
-                    {
+                if hasattr(shape, 'anatomy_type'):
+                    anatomy = truncate_anatomy(shape.anatomy_type)
+                    label = 'shape_'
+                else:
+                    anatomy = shape.modality  # type: ignore
+                    label = 'image_'
+                if shape.subject.name in [s['name'] for s in ret]:  # type: ignore
+                    subject = next(
+                        (s for s in ret if s['name'] == shape.subject.name), None  # type: ignore
+                    )
+                    subject[label + anatomy] = truncate_filename(shape.file.name)  # type: ignore
+                else:
+                    subject = {
                         'name': shape.subject.name,  # type: ignore
-                        'shape_1': truncate_filename(shape.file.name),  # type: ignore
+                        label + anatomy: truncate_filename(shape.file.name),  # type: ignore
                     }
-                )
+                    ret.append(subject)
+
         return ret
 
 
diff --git a/shapeworks_cloud/core/rest.py b/shapeworks_cloud/core/rest.py
index d226be62..657cffea 100644
--- a/shapeworks_cloud/core/rest.py
+++ b/shapeworks_cloud/core/rest.py
@@ -227,6 +227,13 @@ def get_serializer_class(self):
         else:
             return serializers.ProjectSerializer
 
+    def edit_allowed(self, request, **kwargs):
+        project = self.get_object()
+        user = self.request.user
+        if project.readonly and not user.is_staff:
+            return False
+        return True
+
     def create(self, request, **kwargs):
         data = request.data
         if 'creator' not in data:
@@ -283,6 +290,11 @@ def clone(self, request, **kwargs):
         methods=['POST'],
     )
     def set_thumbnail(self, request, **kwargs):
+        if not self.edit_allowed(request, **kwargs):
+            return Response(
+                'Project is read only.',
+                status=status.HTTP_403_FORBIDDEN,
+            )
         project = self.get_object()
         form_data = request.data
         encoded_thumbnail = form_data.get('encoding')
@@ -312,6 +324,11 @@ def download(self, request, **kwargs):
         methods=['POST'],
     )
     def set_landmarks(self, request, **kwargs):
+        if not self.edit_allowed(request, **kwargs):
+            return Response(
+                'Project is read only.',
+                status=status.HTTP_403_FORBIDDEN,
+            )
         project = self.get_object()
         form_data = request.data
         landmarks_info = form_data.get('info')
@@ -372,6 +389,11 @@ def set_landmarks(self, request, **kwargs):
         methods=['POST'],
     )
     def set_constraints(self, request, **kwargs):
+        if not self.edit_allowed(request, **kwargs):
+            return Response(
+                'Project is read only.',
+                status=status.HTTP_403_FORBIDDEN,
+            )
         project = self.get_object()
         form_data = request.data
         constraints_locations = form_data.get('locations')
@@ -411,6 +433,11 @@ def set_constraints(self, request, **kwargs):
         methods=['POST'],
     )
     def groom(self, request, **kwargs):
+        if not self.edit_allowed(request, **kwargs):
+            return Response(
+                'Project is read only.',
+                status=status.HTTP_403_FORBIDDEN,
+            )
         project = self.get_object()
         form_data = request.data
         form_data = {k: str(v) for k, v in form_data.items()}
@@ -437,6 +464,11 @@ def groom(self, request, **kwargs):
         methods=['POST'],
     )
     def optimize(self, request, **kwargs):
+        if not self.edit_allowed(request, **kwargs):
+            return Response(
+                'Project is read only.',
+                status=status.HTTP_403_FORBIDDEN,
+            )
         project = self.get_object()
         form_data = request.data
         form_data = {k: str(v) for k, v in form_data.items()}
@@ -475,6 +507,11 @@ def optimize(self, request, **kwargs):
         methods=['POST'],
     )
     def analyze(self, request, **kwargs):
+        if not self.edit_allowed(request, **kwargs):
+            return Response(
+                'Project is read only.',
+                status=status.HTTP_403_FORBIDDEN,
+            )
         project = self.get_object()
 
         params = request.data
@@ -518,6 +555,11 @@ def analyze(self, request, **kwargs):
         methods=['POST'],
     )
     def deepssm_run(self, request, **kwargs):
+        if not self.edit_allowed(request, **kwargs):
+            return Response(
+                'Project is read only.',
+                status=status.HTTP_403_FORBIDDEN,
+            )
         project = self.get_object()
         form_data = request.data
         form_data = {k: str(v) for k, v in form_data.items()}
diff --git a/web/shapeworks/src/components/Analysis/PCA.vue b/web/shapeworks/src/components/Analysis/PCA.vue
index 0fa62aec..e7901be7 100644
--- a/web/shapeworks/src/components/Analysis/PCA.vue
+++ b/web/shapeworks/src/components/Analysis/PCA.vue
@@ -192,7 +192,8 @@ import { groupBy } from '../../helper';
         pcaInfo,
         animate,
         menu,
-        showConfirmation
+        showConfirmation,
+        selectedProject,
       };
     },
   };
@@ -230,7 +231,7 @@ import { groupBy } from '../../helper';
           bottom
           right
         >
-          <template v-slot:activator="{ on, attrs }">
+          <template v-slot:activator="{ on, attrs }" v-if="selectedProject && !selectedProject.readonly">
             <v-btn
               dark
               icon
diff --git a/web/shapeworks/src/components/DeepSSM/DeepSSMTab.vue b/web/shapeworks/src/components/DeepSSM/DeepSSMTab.vue
index e9c65c8f..b231196a 100644
--- a/web/shapeworks/src/components/DeepSSM/DeepSSMTab.vue
+++ b/web/shapeworks/src/components/DeepSSM/DeepSSMTab.vue
@@ -180,6 +180,7 @@ export default {
         });
 
         return {
+            selectedProject,
             openExpansionPanel,
             controlsTabs,
             prepData,
@@ -257,7 +258,7 @@ export default {
     <div class="pa-3" v-else>
         <div class="loading-dialog"><v-dialog v-model="deepSSMLoadingData" width="10%">Fetching results...  <v-progress-circular indeterminate align-center></v-progress-circular></v-dialog></div>
         <v-expansion-panels v-model="openExpansionPanel">
-            <v-expansion-panel>
+            <v-expansion-panel v-if="selectedProject && !selectedProject.readonly">
                 <v-expansion-panel-header>Controls</v-expansion-panel-header>
                 <v-expansion-panel-content>
                     <v-tabs v-model="controlsTabs">
diff --git a/web/shapeworks/src/views/Main.vue b/web/shapeworks/src/views/Main.vue
index 9ed8ce06..24db4fec 100644
--- a/web/shapeworks/src/views/Main.vue
+++ b/web/shapeworks/src/views/Main.vue
@@ -603,7 +603,14 @@ export default {
                         </v-tab-item>
                         <v-tab href="#info">Info</v-tab>
                         <v-tab-item value="info">
-                            <info-tab />
+                            <span
+                                v-if="selectedProject && selectedProject.readonly"
+                                class="red--text pa-3"
+                            >
+                                This project is read only.
+                                No operations may be performed.
+                            </span>
+                            <info-tab v-else />
                         </v-tab-item>
                         <v-tab href="#groom">Groom</v-tab>
                         <v-tab-item value="groom">