Content
View differences
Updated by Parimal Satyal over 1 year ago
**As a** project member
**I want to** add work package comments with restricted visibility
**So that I** can add context information that I only share with a subgroup of certain people. So the information is not shared with all project member and non members.
### **Acceptance criteria**
* ### **Acceptance criteria**
* Administration: there are new role permissions:
* View restricted visibility comment
* Write restricted visibility comment
* Edit own restricted visibility comments
* Edit others' restricted visibility comments (for moderation)
* When I write a comment, I can choose to make it confidential
* When I make my comment restricted (via a checkbox, for example), show a note that makes it clear what this means (i.e, that its visibility is limited to users with the requisite permissions)
* There is a link that lets the user view _who_ can view these restricted-visibility comments.
* This will take the user to the Members page of that project with the 'View restricted visibility comment' permission filter enabled. (This feature does not yet exist, we'll create a ticket for it).
* There should be a strong visual code that reassures me that my comment _will_ in fact be confidential, to avoid any chance that I accidentally write a confidential comment publicly.
* If a note is confidential, it is easily distinguishable from other comments (that are public) so I can be reassured that a comment is indeed confidential
* The comment should appear in a different background colour
* There should be a lock icon
* Hovering on the lock icon (on non-mobile screens) should display a tooltip: "Only visible to certain members. Click for more info."
* Clicking on this lock icon will take the user to the Members page of that project with the 'View restricted visibility comment' permission filter enabled.
* Quoting is possible. However, when quoting a restricted visibility comment, that note must also be confidential (the toggle/checkbox is on and disabled)
* The "Show everything" view filter on the top right has two additional options:
* "restricted visibility comments only"
* "Show everything publicly visible"
* Notifications: restricted visibility comments will also appear in the notification center just like comments if I have access to them
* Same with email notifications
* It should not be possible to @mention users who will not be able to view the restricted visibility comment (i.e, the drop-down needs to exclude users without the requisite permissions)
* There is no visible numbering of activity comments anymore, even for non-restricted-visibility comments.
* Ideally, old links with `#activity-<comment-number>` still work.
* Copying the URL of a comment will have a new URL scheme including a real, persistent ID and not a generated number anymore so that it stays the same even when other comments are added or removed from the activity, e.g. #comment-<journal-id>
* When that URL is opened the browser will auto-scroll to have the comment in the visible viewport.
* When there is not Enterprise token, or the token does not allow this feature:
* We still show the permissions in the role administration and leave them editable.
* We don't show the toggle/checkbox to make a new comment a restricted comment.
* We show a banner at the project setting for enabling the feature.
* Restricted visibility comments can be enabed/disabled at a project level
* \[Project settings to be determined\]
### Open questions
* \[open\] Restricted visibility comments can be enabed/disabled at a project level
* Where? Modules page?
* \[open\] There is a project setting to enable or disable confidential notes.
* Eg. public projects can have it enabled by default, private projects can have them disabled by default.
* Migration: what if a work package is moved from a project that has confidential notes enabled to one that has it disabled?
* Proposition: Information cannot be lost, perhaps display existing but not allow the creation of new until feature is enabled in project?
* ~~\[open\] There is a role permission group "Confidential notes" that, when enabled, enables all confidential features (read/write/edit).~~
* \[open\] In what Enterprise plan will this feature be included?
* \[open\] <mention class="mention" data-id="72513" data-type="user" data-text="@Parimal Satyal">@Parimal Satyal</mention>, we need to define the upsale banners.
* \[open\] How do Out of scope
* The ability to specify a custom scope per confidential note (eg. selecting individual users or groups)
* ~~\[open\] We remove IDs on comments so we don't have to deal with parallel set of numbers for comments and confidential notes.~~
* ~~The idea is to do it a bit like how GitHub does it, which is a cleaner interface~~
* ~~Need to figure out how to link to existing comments~~
* \[open\] Data model: confidential notes are both like comments (in structure) but have special permissions and visibility attached to them
* ~~\[open\] Do we provide additional hints about who can see the message?~~
* ~~Can we produce a list of all members (in the project) who have a certain permission (via their roles)? The idea would be to be able to display who exactly can see the confidential comment.~~
### Naming
Please see open point: ###60852
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>Term</strong></p></td><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>French</strong></p></td><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>Spanish</strong></p></td><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>German</strong></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Comments with restricted visibility</strong></p></td><td class="op-uc-p"><strong>Restricted visibility comments</strong></p></td><td class="op-uc-table--cell"><p class="op-uc-p">Commentaire à visibilité restreinte</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Comentarios con visibilidad restringida</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>View comments with restricted visibility</strong><br>Context: visibility comments</strong><br>Context: Permissions</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Lire des commentaires à visibilité restreinte</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Vista de los comentarios con visibilidad restringida</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Show only restricted visibility comments with restricted visibility</strong><br>Context: only</strong><br>Context: Option in drop-down menu in the Activity tab</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Afficher uniquement les commentaires à visibilité restreinte</p></td><td class="op-uc-table--cell"><p class="op-uc-p">Muestra solo los comentarios con visibilidad restringida</p></td><td class="op-uc-table--cell"><p class="op-uc-p"><br></p></td></tr></tbody></table></figure>
### **Example use case:**
* A client or partner should have access to a work package to collaborate closely. However this partner should not have access to all information.
**I want to** add work package comments with restricted visibility
**So that I** can add context information that I only share with a subgroup of certain people. So the information is not shared with all project member and non members.
### **Acceptance criteria**
* ### **Acceptance criteria**
* Administration: there are new role permissions:
* View restricted visibility comment
* Write restricted visibility comment
* Edit own restricted visibility comments
* Edit others' restricted visibility comments (for moderation)
* When I write a comment, I can choose to make it confidential
* When I make my comment restricted (via a checkbox, for example), show a note that makes it clear what this means (i.e, that its visibility is limited to users with the requisite permissions)
* There is a link that lets the user view _who_ can view these restricted-visibility comments.
* This will take the user to the Members page of that project with the 'View restricted visibility comment' permission filter enabled. (This feature does not yet exist, we'll create a ticket for it).
* There should be a strong visual code that reassures me that my comment _will_ in fact be confidential, to avoid any chance that I accidentally write a confidential comment publicly.
* If a note is confidential, it is easily distinguishable from other comments (that are public) so I can be reassured that a comment is indeed confidential
* The comment should appear in a different background colour
* There should be a lock icon
* Hovering on the lock icon (on non-mobile screens) should display a tooltip: "Only visible to certain members. Click for more info."
* Clicking on this lock icon will take the user to the Members page of that project with the 'View restricted visibility comment' permission filter enabled.
* Quoting is possible. However, when quoting a restricted visibility comment, that note must also be confidential (the toggle/checkbox is on and disabled)
* The "Show everything" view filter on the top right has two additional options:
* "restricted visibility comments only"
* "Show everything publicly visible"
* Notifications: restricted visibility comments will also appear in the notification center just like comments if I have access to them
* Same with email notifications
* It should not be possible to @mention users who will not be able to view the restricted visibility comment (i.e, the drop-down needs to exclude users without the requisite permissions)
* There is no visible numbering of activity comments anymore, even for non-restricted-visibility comments.
* Ideally, old links with `#activity-<comment-number>` still work.
* Copying the URL of a comment will have a new URL scheme including a real, persistent ID and not a generated number anymore so that it stays the same even when other comments are added or removed from the activity, e.g. #comment-<journal-id>
* When that URL is opened the browser will auto-scroll to have the comment in the visible viewport.
* When there is not Enterprise token, or the token does not allow this feature:
* We still show the permissions in the role administration and leave them editable.
* We don't show the toggle/checkbox to make a new comment a restricted comment.
* We show a banner at the project setting for enabling the feature.
* Restricted visibility comments can be enabed/disabled at a project level
* \[Project settings to be determined\]
### Open questions
* \[open\] Restricted visibility comments can be enabed/disabled at a project level
* Where? Modules page?
* \[open\] There is a project setting to enable or disable confidential notes.
* Eg. public projects can have it enabled by default, private projects can have them disabled by default.
* Migration: what if a work package is moved from a project that has confidential notes enabled to one that has it disabled?
* Proposition: Information cannot be lost, perhaps display existing but not allow the creation of new until feature is enabled in project?
* ~~\[open\] There is a role permission group "Confidential notes" that, when enabled, enables all confidential features (read/write/edit).~~
* \[open\] In what Enterprise plan will this feature be included?
* \[open\] <mention class="mention" data-id="72513" data-type="user" data-text="@Parimal Satyal">@Parimal Satyal</mention>, we need to define the upsale banners.
* \[open\] How do Out of scope
* The ability to specify a custom scope per confidential note (eg. selecting individual users or groups)
* ~~\[open\] We remove IDs on comments so we don't have to deal with parallel set of numbers for comments and confidential notes.~~
* ~~The idea is to do it a bit like how GitHub does it, which is a cleaner interface~~
* ~~Need to figure out how to link to existing comments~~
* \[open\] Data model: confidential notes are both like comments (in structure) but have special permissions and visibility attached to them
* ~~\[open\] Do we provide additional hints about who can see the message?~~
* ~~Can we produce a list of all members (in the project) who have a certain permission (via their roles)? The idea would be to be able to display who exactly can see the confidential comment.~~
### Naming
Please see open point: ###60852
<figure class="table op-uc-figure_align-center op-uc-figure"><table class="op-uc-table"><tbody><tr class="op-uc-table--row"><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>Term</strong></p></td><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>French</strong></p></td><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>Spanish</strong></p></td><td class="op-uc-table--cell" style="background-color:hsl(0, 0%, 90%);"><p class="op-uc-p"><strong>German</strong></p></td></tr><tr class="op-uc-table--row"><td class="op-uc-table--cell"><p class="op-uc-p"><strong>Comments with restricted visibility</strong></p></td><td
### **Example use case:**
* A client or partner should have access to a work package to collaborate closely. However this partner should not have access to all information.