Properly handle confidentiality for tasks when an issue's confidentiality is toggled off or on
Problem
- I create a confidential issue
- I create a task inside that confidential issue
- The task is accessible by anybody
As tasks open inside the issue, and the only way to navigate to them is through the issue, users will expect that their information is secured through the parent issues status as confidential. This is also how the Epic and Issue confidentiality model works, so the current Task experience is inconsistent.
Example:
- Confidential issue https://gitlab.com/mvanremmerden/gitdock/-/issues/133
- Non-confidential task inside that issue: https://gitlab.com/mvanremmerden/gitdock/-/work_items/111707284
Proposal
- Don't allow setting confidentiality on a parent unless its children are all confidential
- If a parent work item is confidential, prevent child work items from toggling confidentiality off.
- If a parent work item is confidential, items related from it will be confidential.
Feature flag
- This work can be behind the already used
:work_items
feature flag.
Edited by Nick Leonard