On Wed, Apr 24, 2019 at 7:17 PM Daniel Beck <
m...@beckweb.net> wrote:
> What is the correct behavior for authorization realms here? Should Overall/* permissions be inherited by all ACLs?
It should not really matter since any code even calling
`hasPermission` / `checkPermission` against a permission using
`PermissionScope.JENKINS` on something other than `Jenkins.instance`
is a bug. Ideally we could enforce `PermissionScope`s at runtime to
catch mistakes like that. (There are some weird cases, some of which I
have tried to fix in the past, if you look up my PRs: `RUN` and `ITEM`
sometimes get confused, and `COMPUTER` is confusingly applied either
to `Computer` or `Node`.)