On Wed, Apr 24, 2019 at 7:17 PM Daniel Beck <[email protected]> wrote: > What is the correct behavior for authorization realms here? Should Overall/* > permissions be inherited by all ACLs?
It should not really matter since any code even calling `hasPermission` / `checkPermission` against a permission using `PermissionScope.JENKINS` on something other than `Jenkins.instance` is a bug. Ideally we could enforce `PermissionScope`s at runtime to catch mistakes like that. (There are some weird cases, some of which I have tried to fix in the past, if you look up my PRs: `RUN` and `ITEM` sometimes get confused, and `COMPUTER` is confusingly applied either to `Computer` or `Node`.) -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr0RGEoRpt-ZC9_XV2n9FUaFhD1kMZRdBneNpccJYY4rdw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
