Content
View differences
Updated by Parimal Satyal about 1 year ago
* Administration: there are new role permissions:
* View comments with restricted visibility
* Write comments with restricted visibility
* Edit own comments with restricted visibility
* Edit others' comments with restricted visibility (for moderation)
* When I write a comment, I can choose to restrict its visibility
* There is a checkbox to enable this
* There is a "More info" button that takes the user to the documentation of the feature.
* The background colour of the comment box will change the to same colour as top info line of the restricted-visibility comments in the Activity stream to reassure the user that this mode is indeed active active, with a clear visual signal.
* [Primer colours](https://primer.style/foundations/color/base-scales) to use:
* **Background ~~**Background info line:** `display-brown-bgColor-muted` base-color-orange-1~~
* **Background ~~**Background body**: `bgColor-default` base-color-orange-0~~
* **Text:** `fgColor-default` ~~**Stroke info line**: base-color-orange-1~~
* **Outline:** `display-brown-borderColor-emphasis` ~~**Stroke body**: base-color-orange-1~~
* These colours will automatically adjust to dark mode (Primer feature)
* If a comment is restricted-visibility, it is easily distinguishable from other comments (that are public) so I can be reassured that they can't be publicly visible.
* Restricted-visibility comments appear in a different background colour scheme (defined above)
* There is a lock icon on the top right corner to the left of the More icon.
* There is an alt text: "Only visible to a limited group of members."
* _This will eventually show a Primer tooltip and lead to the Members page on click. See out of scope._
* If there is also an unread badge, this will appear to the _left_ of the lock icon
* Normal (public) comments with _not_ have an unlocked icon
* Quoting is possible. However, when quoting a comment with restricted visibility, that comment must also be confidential by default
* The 'Restrict visibility' checkbox is checked
* _Risk: the user inadvertently some how unchecks this but leaks the comment. But they could just also well copy/paste a restricted comment._
* This is to limit the risk of accidental/inadvertent leaking of the comment.
* Notifications: restricted visibility comments will also appear in the notification center just like comments if I have access to them
* Same with email notifications
* It should not be possible to _@mention_ users who will not be able to view the comment with restricted visibilty (i.e, the drop-down needs to exclude users without the requisite permissions)
* If a user who does not have the permissions to view restricted-visibility comments is mentioned in a regular comment and the 'Restrict visibility' checkbox is _then_ checked, the @mention is turned into plain text.
* Unchecking the "Restrict visibility" checkbox will _not_ re-convert previously stripped @mentions back to links.
* If were part of a role that afforded you the ability to view restricted visibility comments and you are subsequently removed from this role such that you no longer have this permission:
* You can no longer view or post such comments in the Activity tab
* The Notification centre should not break (because it can no longer find the missing notification)
* The notifications will stop, but for unread and past notifications:
* Restricted visibilty comments are now hidden
* No other changes (to # of notifications, badges...)
* _Risk: Any email notification sent cannot obviously be retracted._ retracted.r_
* There is no visible numbering of activity comments anymore for all comments (restricted visibilty or otherwise),
* Ideally, old links with `#activity-<comment-number>` still work.
* Copying the URL of a comment will have a new URL scheme including a real, persistent ID and not a generated number anymore so that it stays the same even when other comments are added or removed from the activity, e.g. #comment-<journal-id>
* When that URL is opened the browser will auto-scroll to have the comment in the visible viewport.
* When there is not Enterprise token, or the token does not allow this feature:
* We still show the permissions in the role administration and leave them editable.
* We don't show the toggle/checkbox to make a new comment a restricted comment.
* We show a banner at the project setting for enabling the feature.
* Restricted visibility comments can be enabed/disabled at a project level
* There will be in a new tab called 'Activity' in the new consolidated 'Work packages' page in Project settings.
* In this tab, there is a single checkbox with:
* Label: "Enable restricted visibility comments"
* Caption: "Restricted comments allow an internal team to communicate amongst themselves privately. These are only visible to select roles that have the necessary permissions and will not be visible publicly. Read more."
* The "Read more" is a link that links to the documentation for this feature.
**Mobile specificities**
* On narrow screens, comments with restricted on the timeline are displayed the same way as the mobile rendering of normal comments, but with the additional elements:
* Different background colours
* The lock icon
* When writing a comment, the "Restrict visibilty" action uses the same string, but the 'Reed more' link "Restricted visibility" checkbox label is hidden shorted to just "Restricted"
* The "More info" button is not visible on mobile
* View comments with restricted visibility
* Write comments with restricted visibility
* Edit own comments with restricted visibility
* Edit others' comments with restricted visibility (for moderation)
* When I write a comment, I can choose to restrict its visibility
* There is a checkbox to enable this
* There is a "More info" button that takes the user to the documentation of the feature.
* The background colour of the comment box will change the to same colour as top info line of
* [Primer colours](https://primer.style/foundations/color/base-scales) to use:
* **Background
* **Background
* **Text:** `fgColor-default`
* **Outline:** `display-brown-borderColor-emphasis`
* These colours will automatically adjust to dark mode (Primer feature)
* If a comment is restricted-visibility, it is easily distinguishable from other comments (that are public) so I can be reassured that they can't be publicly visible.
* Restricted-visibility comments appear in a different
* There is a lock icon on the top right corner to the left of the More icon.
* There is an alt text: "Only visible to a limited group of members."
* _This will eventually show a Primer tooltip and lead to the Members page on click. See out of scope._
* If there is also an unread badge, this will appear to the _left_ of the lock icon
* Normal (public) comments with _not_ have an unlocked icon
* Quoting is possible. However, when quoting a comment with restricted visibility, that comment must also be confidential by default
* The 'Restrict visibility' checkbox is checked
* _Risk: the user inadvertently some how unchecks this but leaks the comment. But they could just also well copy/paste a restricted comment._
* This is to limit the risk of accidental/inadvertent leaking of the comment.
* Notifications: restricted visibility comments will also appear in the notification center just like comments if I have access to them
* Same with email notifications
* It should not be possible to _@mention_ users who will not be able to view the comment with restricted visibilty (i.e, the drop-down needs to exclude users without the requisite permissions)
* Unchecking the "Restrict visibility" checkbox will _not_ re-convert previously stripped @mentions back to links.
* If were part of a role that afforded you the ability to view restricted visibility comments and you are subsequently removed from this role such that you no longer have this permission:
* You can no longer view or post such comments in the Activity tab
* The Notification centre should not break (because it can no longer find the missing notification)
* The notifications will stop, but for unread and past notifications:
* Restricted visibilty comments are now hidden
* No other changes (to # of notifications, badges...)
* _Risk: Any email notification sent cannot obviously be retracted._
* There is no visible numbering of activity comments anymore for all comments (restricted visibilty or otherwise),
* Ideally, old links with `#activity-<comment-number>` still work.
* Copying the URL of a comment will have a new URL scheme including a real, persistent ID and not a generated number anymore so that it stays the same even when other comments are added or removed from the activity, e.g. #comment-<journal-id>
* When that URL is opened the browser will auto-scroll to have the comment in the visible viewport.
* When there is not Enterprise token, or the token does not allow this feature:
* We still show the permissions in the role administration and leave them editable.
* We don't show the toggle/checkbox to make a new comment a restricted comment.
* We show a banner at the project setting for enabling the feature.
* Restricted visibility comments can be enabed/disabled at a project level
* There will be in a new tab called 'Activity' in the new consolidated 'Work packages' page in Project settings.
* In this tab, there is a single checkbox with:
* Label: "Enable restricted visibility comments"
* Caption: "Restricted comments allow an internal team to communicate amongst themselves privately. These are only visible to select roles that have the necessary permissions and will not be visible publicly. Read more."
* The "Read more" is a link that links to the documentation for this feature.
**Mobile specificities**
* On narrow screens, comments with restricted on the timeline are displayed the same way as the mobile rendering of normal comments, but with the additional elements:
* Different background colours
* The lock icon
* When writing a comment, the "Restrict visibilty" action uses the same string, but the 'Reed more' link
* The "More info" button is not visible on mobile