jedcunningham commented on pull request #18222:
URL: https://github.com/apache/airflow/pull/18222#issuecomment-919408132
> it feels misleading for that 403 page to say "user has no roles and/**or**
permissions" if we really are only checking roles.
It's actually checking both given t
jedcunningham commented on pull request #18222:
URL: https://github.com/apache/airflow/pull/18222#issuecomment-919193243
I mean, both Airflow's `get_current_user_permissions` and FAB overall assume
permissions come from roles. If someone is trying to subclass away roles, seems
reasonable t