Update elastic search filter for confidential notes

Felipe Cardozorequested to merge
issue_363045-update_elastic_search_for_confidential_notes into master

What does this MR do and why?

We did change the permissions of confidential notes with !98588 (merged), now only users with Reporter+ roles are allowed to create or read confidential notes.

This follow-up implements the same change on elastic search, allowing only Reporter+ to find confidential notes.

related to #363045 (closed)

How to set up and validate locally

  1. Enable elastic search locally following these steps. Make sure to also enable it on admin area as the previous link describes.
  2. Create a project and add a guest member to it
  3. Create an issue and assign the guest user to it
  4. Login with the guest user and create another issue
  5. Login with the project creator and create one internal note "XYZ" on both issues created before
  6. Login with the guest user again and search for "XYZ" using the search field at the top bar
  7. Go to the comments tab, no comments matching "XYZ" should be visible

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Felipe Cardozo

Merge request reports