Read and write User "Admin notes" via API
Problem to solve
"Admin notes" on a user are not readable or writable via API.
Further details
The current, most efficient to communicate about user account status and actions between a large administrative team is using the "Admin notes" associated with a user.
When doing bulk user blocks at the scale of GitLab.com, it is prohibitive to use the UI to add/edit the note for each user. This should be accomplishable via the API.
Proposal
Add "user_admin_notes" to the fields available to an admin for reading and writing through the "/users/" endpoint.
The naming is odd because it is just :note on a User, but called "Admin notes" in the UI.
Security and Permissions
user_admin_notes must only be available to admin users. It must be filtered out of the results for GET /api/v4/users for any non-admin user.
What does success look like, and how can we measure that?
Decreased response times for support and security when working with blocked or otherwise admin modified accounts since more history of the actions will be available.
Links / references
Most recent slack thread (GitLab internal only): https://gitlab.slack.com/archives/C248YCNCW/p1541440608153300