**As a** project member
**I want to** add internal/confidential comments to work packages
**So that I** can add context information that I only share with certain people (and that I know that it remains internal)

### **Acceptance criteria**

* Administration: there are new role permissions:

* View confidential note

* Write confidential note

* Edit own confidential notes

* Edit others' confidential notes (for moderation)

* When I write a comment, I can choose to make it confidential

* When I make my comment confidential (via a checkbox, for example), show a note that makes it clear what this means (i.e, that its visibility is limited to users with the requisite permissions)

* There Begin of the insertionis a link that lets the user view _who_ can view these restricted comments.

* This will take the user to the Members page of that project with the 'View confidential note' permission filter enabled. (This feature does not yet exist, we'll create a ticket for it).

* ThereEnd of the insertion should be a strong visual code that reassures me that my comment _will_ in fact be confidential, to avoid any chance that I accidentally write a confidential comment publicly.

* If a note is confidential, it is easily distinguishable from other comments (that are public) so I can be reassured that a comment is indeed confidential

* The comment should appear in a different background colour Begin of the insertion

* ThereEnd of the insertion Begin of the deletion and the label "confidential"End of the deletion should be Begin of the insertiona lock icon

End of the insertion Begin of the deletion clearly present

End of the deletion * Begin of the insertionHovering on the lock icon (on non-mobile screens) should display a tooltip: "Only visible to certain members. Click for more info."

* Clicking on this lock icon will take the user to the Members page of that project with the 'View confidential note' permission filter enabled.

* End of the insertion Quoting is possible. However, when quoting a confidential note, that note must also be confidential (the toggle/checkbox is on and Begin of the insertiondisabled)End of the insertion Begin of the deletion deactivated).End of the deletion

* The "Show everything" view filter on the top right has two additional options:

* "Confidential notes only"

* Begin of the deletion "Hide confidential notes" orEnd of the deletion "Show Begin of the insertioneverything publicly visible"End of the insertion Begin of the deletion public activity only"End of the deletion

* Notifications: Confidential notes will also appear in the notification center just like comments if I have access to them

* Same with email notifications

* It should not be possible to @mention users who will not be able to view the confidential note (i.e, the drop-down needs to exclude users without the requisite permissions)

* There is no visible numbering of activity comments anymore, even for non-restricted comments.

* Ideally, old links with `#activity-<comment-number>` still work.

* Copying the URL of a comment will have a new URL scheme including a real, persistent ID and not a generated number anymore so that it stays the same even when other comments are added or removed from the activity, e.g. #comment-&lt;journal-id&gt;

* When that URL is opened the browser will auto-scroll to have the comment in the visible viewport.

* When there is not Enterprise token, or the token does not allow this feature:

* We still show the permissions in the role administration and leave them editable.

* We don&#39;t show the toggle/checkbox to make a new comment a restricted comment.

* We show a banner at the project setting for enabling the feature. Begin of the insertion

* Confidential notes can be enabed/disabled at a project level

* \[Project settings to be determined\]End of the insertion


### Open questions

* ~~\[open\] We remove IDs on comments so we don&#39;t have to deal with parallel set of numbers for comments and confidential notes.~~

* ~~The idea is to do it a bit like how GitHub does it, which is a cleaner interface~~

* ~~Need to figure out how to link to existing comments~~

* \[open\] Data model: confidential notes are both like comments (in structure) but have special permissions and visibility attached to them

* Begin of the insertion~~\[open\]End of the insertion Begin of the deletion \[open\]End of the deletion Do we provide additional hints about who can see the Begin of the insertionmessage?~~End of the insertion Begin of the deletion message?End of the deletion

* Begin of the insertion~~CanEnd of the insertion Begin of the deletion CanEnd of the deletion we produce a list of all members (in the project) who have a certain permission (via their roles)? The idea would be to be able to display who exactly can see the confidential Begin of the insertioncomment.~~End of the insertion Begin of the deletion comment.End of the deletion

* \[open\] There is a project setting to enable or disable confidential notes.

* Eg. public projects can have it enabled by default, private projects can have them disabled by default.

* Migration: what if a work package is moved from a project that has confidential notes enabled to one that has it disabled?

* Proposition: Information cannot be lost, perhaps display existing but not allow the creation of new until feature is enabled in project?

* Begin of the insertion~~\[open\]End of the insertion Begin of the deletion \[open\]End of the deletion There is a role permission group &quot;Confidential notes&quot; that, when enabled, enables all confidential features Begin of the insertion(read/write/edit).~~End of the insertion Begin of the deletion (read/write/edit).End of the deletion

* \[open\] Begin of the deletion New project settings:

* New entry: &quot;Communications&quot;?

* Private notes enabled by default for private projects/disabled for public ones

* \[open\]End of the deletion In what Enterprise plan will this feature be included?

* \[open\] <mention class="mention" data-id="72513" data-type="user" data-text="@Parimal Satyal">@Parimal Satyal</mention>, we need to define the upsale banners. Begin of the insertion

End of the insertion Begin of the deletion





End of the deletion * \[open\] How do Out of scope

* The ability to specify a custom scope per confidential note (eg. selecting individual users or groups)


### Begin of the insertionNamingEnd of the insertion Begin of the deletion Phrasing and translationEnd of the deletion

Begin of the insertionPlease see open point: ###60852End of the insertion Begin of the deletion Preferred term in English: **Confidential**.End of the deletion

Begin of the insertion<br>End of the insertion Begin of the deletion Unlike &quot;private&quot;, which can imply something personal and thus could potentially be understood as something personal and possibly even unrelated to work, &quot;confidential&quot; implies that the subject matter is not to be disclosed outside of a certain context.

(Other alternatives that were considered: Private, Internal, Restricted)

<figure class="table op-uc-figure_align-center op-uc-figure" style="height:47.9948px;width:100%;"><table class="op-uc-table"><thead class="op-uc-table--head"><tr class="op-uc-table--row"><th class="op-uc-table--cell op-uc-table--cell_head" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">English (source)</p></th><th class="op-uc-table--cell op-uc-table--cell_head" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">German</p></th><th class="op-uc-table--cell op-uc-table--cell_head" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">French</p></th><th class="op-uc-table--cell op-uc-table--cell_head" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">Spanish</p></th><th class="op-uc-table--cell op-uc-table--cell_head"><p class="op-uc-p">Comments</p></th></tr></thead><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">Confidential note</p></td><td class="op-uc-table--cell" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">Vertrauliche Notiz</p></td><td class="op-uc-table--cell" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">Note confidentielle</p></td><td class="op-uc-table--cell" style="height:23.9974px;width:19.8263%;"><p class="op-uc-p">Nota confidencial</p></td><td class="op-uc-table--cell"><p class="op-uc-p">More distinguishing from "comment" (as a verb, especially). Not bad, potential option.&nbsp;</p><p class="op-uc-p">Also have to think about it from the larger POV of a larger idea of notes we can attach to other things.</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell" style="width:19.8263%;"><p class="op-uc-p">Confidential comment</p></td><td class="op-uc-table--cell" style="width:19.8263%;"><p class="op-uc-p"><br></p></td><td class="op-uc-table--cell" style="width:19.8263%;"><p class="op-uc-p">Commentaire confidentiel&nbsp;</p></td><td class="op-uc-table--cell" style="width:19.8263%;"><p class="op-uc-p"><br></p></td><td class="op-uc-table--cell"><p class="op-uc-p">Continuity, variation of comment (of a different kind)</p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr></tbody></table></figure>End of the deletion

### **Example use case:**

* A client or partner should have access to a work package to collaborate closely. However this partner should not have access to all information.