Content
View differences
Updated by Parimal Satyal over 1 year ago
* Administration: there are new role permissions:
* View comments with restricted visibility
* Write comments with restricted visibility
* Edit own comments with restricted visibility
* Edit others' comments with restricted visibility (for moderation)
* When I write a comment, I can choose to restrict its visibility
* There is a checkbox to enable this
* When checked, it shows a caption that explains the limited scope of visibility.
* There is a "Who?" link that takes the user to the documentation of the feature.
* The background colour of the comment box will change the to same colour as the restricted-visibility comments in the Activity stream to reassure the user that this mode is indeed active, with a clear visual signal.
* [Primer colours](https://primer.style/foundations/color/base-scales) to use:
* **Background info line:** base-color-orange-1
* **Background body**: base-color-orange-0
* **Stroke info line**: base-color-orange-1
* **Stroke body**: base-color-orange-1
* These colours will automatically adjust to dark mode (Primer feature)
* If a comment is restricted-visibility, it is easily distinguishable from other comments (that are public) so I can be reassured that they can't be publicly visible.
* Restricted-visibility comments appear in a different background colour (defined above)
* There is a lock icon on the top right corner to the left of the More icon.
* There is an alt text: "Only visible to a limited group of members."
* _This will eventually show a Primer tooltip and lead to the Members page on click. See out of scope._
* If there is also an unread badge, this will appear to the _left_ of the lock icon
* Normal (public) comments with _not_ have an unlocked icon
* Quoting is possible. However, when quoting a comment with restricted visibility, that comment must also be confidential by default
* The 'Restrict visibility' checkbox is checked
* _Risk: the user inadvertently some how unchecks this but leaks the comment. But they could just also well copy/paste a restricted comment._
* This is to limit the risk of accidental/inadvertent leaking of the comment.
* Notifications: restricted visibility comments will also appear in the notification center just like comments if I have access to them
* Same with email notifications
* It should not be possible to _@mention_ users who will not be able to view the comment with restricted visibilty (i.e, the drop-down needs to exclude users without the requisite permissions)
* If were part of a role that afforded you the ability to view restricted visibility comments and you are subsequently removed from this role such that you no longer have this permission:
* You can no longer view or post such comments in the Activity tab
* The Notification centre should not break (because it can no longer find the missing notification)
* The notifications will stop, but for unread and past notifications:
* Restricted visibilty comments are now hidden
* No other changes (to # of notifications, badges...)
* _Risk: Any email notification sent cannot obviously be retracted.r_
* There is no visible numbering of activity comments anymore for all comments (restricted visibilty or otherwise),
* Ideally, old links with `#activity-<comment-number>` still work.
* Copying the URL of a comment will have a new URL scheme including a real, persistent ID and not a generated number anymore so that it stays the same even when other comments are added or removed from the activity, e.g. #comment-<journal-id>
* When that URL is opened the browser will auto-scroll to have the comment in the visible viewport.
* When there is not Enterprise token, or the token does not allow this feature:
* We still show the permissions in the role administration and leave them editable.
* We don't show the toggle/checkbox to make a new comment a restricted comment.
* We show a banner at the project setting for enabling the feature.
* Restricted visibility comments can be enabed/disabled at a project level
* \[Project settings to be determined\]
**Mobile specificies**
* TBD
* View comments with restricted visibility
* Write comments with restricted visibility
* Edit own comments with restricted visibility
* Edit others' comments with restricted visibility (for moderation)
* When I write a comment, I can choose to restrict its visibility
* There is a checkbox to enable this
* When checked, it shows a caption that explains the limited scope of visibility.
* There is a "Who?" link that takes the user to the documentation of the feature.
* The background colour of the comment box will change the to same colour as the restricted-visibility comments in the Activity stream to reassure the user that this mode is indeed active, with a clear visual signal.
* [Primer colours](https://primer.style/foundations/color/base-scales) to use:
* **Background info line:** base-color-orange-1
* **Background body**: base-color-orange-0
* **Stroke info line**: base-color-orange-1
* **Stroke body**: base-color-orange-1
* These colours will automatically adjust to dark mode (Primer feature)
* If a comment is restricted-visibility, it is easily distinguishable from other comments (that are public) so I can be reassured that they can't be publicly visible.
* Restricted-visibility comments appear in a different background colour (defined above)
* There is a lock icon on the top right corner to the left of the More icon.
* There is an alt text: "Only visible to a limited group of members."
* _This will eventually show a Primer tooltip and lead to the Members page on click. See out of scope._
* If there is also an unread badge, this will appear to the _left_ of the lock icon
* Normal (public) comments with _not_ have an unlocked icon
* Quoting is possible. However, when quoting a comment with restricted visibility, that comment must also be confidential by default
* The 'Restrict visibility' checkbox is checked
* _Risk: the user inadvertently some how unchecks this but leaks the comment. But they could just also well copy/paste a restricted comment._
* This is to limit the risk of accidental/inadvertent leaking of the comment.
* Notifications: restricted visibility comments will also appear in the notification center just like comments if I have access to them
* Same with email notifications
* It should not be possible to _@mention_ users who will not be able to view the comment with restricted visibilty (i.e, the drop-down needs to exclude users without the requisite permissions)
* If were part of a role that afforded you the ability to view restricted visibility comments and you are subsequently removed from this role such that you no longer have this permission:
* You can no longer view or post such comments in the Activity tab
* The Notification centre should not break (because it can no longer find the missing notification)
* The notifications will stop, but for unread and past notifications:
* Restricted visibilty comments are now hidden
* No other changes (to # of notifications, badges...)
* _Risk: Any email notification sent cannot obviously be retracted.r_
* There is no visible numbering of activity comments anymore for all comments (restricted visibilty or otherwise),
* Ideally, old links with `#activity-<comment-number>` still work.
* Copying the URL of a comment will have a new URL scheme including a real, persistent ID and not a generated number anymore so that it stays the same even when other comments are added or removed from the activity, e.g. #comment-<journal-id>
* When that URL is opened the browser will auto-scroll to have the comment in the visible viewport.
* When there is not Enterprise token, or the token does not allow this feature:
* We still show the permissions in the role administration and leave them editable.
* We don't show the toggle/checkbox to make a new comment a restricted comment.
* We show a banner at the project setting for enabling the feature.
* Restricted visibility comments can be enabed/disabled at a project level
* \[Project settings to be determined\]
**Mobile specificies**
* TBD