mattrco
commented
4 years ago 🐛 There's a stray __init__.pyc here.
Closed cimi closed 4 years ago
mattrco
commented
4 years ago 🐛 There's a stray __init__.pyc here.
mattrco
commented
4 years ago @cimi this is great, thank you!
Although we've locked down the incident_doc view, private incidents will still be visible through the API (which is also what our internal UI uses to render data). We'll need to add a filter (private=False) to some of the view functions in core/views.py to achieve this. Happy to help with this if you'd like 👍
cimi
commented
4 years ago Thanks for the review @mattrco! I've addressed your comments 😄
We'll need to add a filter (private=False) to some of the view functions in
core/views.pyto achieve this. Happy to help with this if you'd like 👍
Should we do this in a separate PR? I'm at a conference today and tomorrow, if you have time to do the API update it would be great - we can release this feature sooner. No worries if not, I'll do it early next week.
mattrco
commented
4 years ago @cimi I'm happy to merge this as-is and we can tackle the API later - although it's not quite complete, I think we need to do some test refactoring at the same time as it isn't very clear how the API views are tested vs. the HTML response.
Allows marking incidents to signal they contain private information. This can be done on creation or later when editing the incident. Once the flag is set to true it cannot be undone.
Private incidents are not omitted when listing all incidents. The incident summary, impact, severity etc. can still be edited from Slack after an incident is made private.
Incident details can no longer be retrieved from the API once an incident is made private (always returns HTTP 403).
Marking an incident as private does not automatically change the comms channel privacy settings, this needs to be done manually.