Content
View differences
Updated by Kabiru Mwenja 12 months ago
Follows ###64166
**As** an API client
**I want to** be able to know if a user has the capability to add internal comments
**so that** I can fully support internal comments in my application
**Acceptance criteria**
* It is possible to check via the [**Capabilities API**](https://www.openproject.org/docs/api/endpoints/actions-capabilities/), whether a user has the capability to add internal comments
* Using the following capability filers
* internal\_comments/create. - Can create internal comments, has "add\_internal\_comments" permission
* internal\_comments/read - Can read internal comments, has "view\_internal\_comments" permission
* internal\_comments/update\_own - Can edit own internal comments, has "edit\_own\_internal\_comments" permission
* internal\_comments/update\_others - Can edit others internal comments, has "edit\_others\_internal\_comments" permission
**Technical notes**
GET /api/v3/capabilities
```json
// ?filters=
[
{
"principal": {
"operator": "=",
"values": [
"435" // The current user ID
]
}
},
{
"context": {
"operator": "=",
"values": [
"p861" // The Project ID
]
}
},
{
"action": {
"operator": "=",
"values": [
"internal_comments/create" "internal_comments/write"
]
}
}
]
```
_Similar Examples: In order to verify whether a user can create a reminder, we check that they are logged in and have the "work\_packages/read" capability E.g._ [_https://github.com/opf/openproject/commit/d10375c8cedcd1c0c58ac9448a5844a5b28d9075_](https://github.com/opf/openproject/commit/d10375c8cedcd1c0c58ac9448a5844a5b28d9075)
_Ref: https://www.openproject.org/docs/api/filters/_
**Permissions and visibility considerations**
* Permission: "[add\_internal\_comments](https://github.com/opf/openproject/blob/dab3a3e18134067758d62dc41791eb1ef1d57fac/config/initializers/permissions.rb#L325)"
* When the user does not have the "Write internal comments" and they attempt to mark a comment as internal, they should receive back an error AND the comment should never be created.
**As** an API client
**I want to** be able to know if a user has the capability to add internal comments
**so that** I can fully support internal comments in my application
**Acceptance criteria**
* It is possible to check via the [**Capabilities API**](https://www.openproject.org/docs/api/endpoints/actions-capabilities/), whether a user has the capability to add internal comments
* Using the following capability filers
* internal\_comments/create. - Can create internal comments, has "add\_internal\_comments" permission
* internal\_comments/read - Can read internal comments, has "view\_internal\_comments" permission
* internal\_comments/update\_own - Can edit own internal comments, has "edit\_own\_internal\_comments" permission
* internal\_comments/update\_others - Can edit others internal comments, has "edit\_others\_internal\_comments" permission
GET /api/v3/capabilities
```json
// ?filters=
[
{
"principal": {
"operator": "=",
"values": [
"435" // The current user ID
]
}
},
{
"context": {
"operator": "=",
"values": [
"p861" // The Project ID
]
}
},
{
"action": {
"operator": "=",
"values": [
"internal_comments/create"
]
}
}
]
```
_Similar Examples: In order to verify whether a user can create a reminder, we check that they are logged in and have the "work\_packages/read" capability E.g._ [_https://github.com/opf/openproject/commit/d10375c8cedcd1c0c58ac9448a5844a5b28d9075_](https://github.com/opf/openproject/commit/d10375c8cedcd1c0c58ac9448a5844a5b28d9075)
_Ref: https://www.openproject.org/docs/api/filters/_
**Permissions and visibility considerations**
* Permission: "[add\_internal\_comments](https://github.com/opf/openproject/blob/dab3a3e18134067758d62dc41791eb1ef1d57fac/config/initializers/permissions.rb#L325)"
* When the user does not have the "Write internal comments" and they attempt to mark a comment as internal, they should receive back an error AND the comment should never be created.