Closed cimi closed 4 years ago
🐛 There's a stray __init__.pyc
here.
@cimi this is great, thank you!
Although we've locked down the incident_doc
view, private incidents will still be visible through the API (which is also what our internal UI uses to render data). We'll need to add a filter (private=False
) to some of the view functions in core/views.py
to achieve this. Happy to help with this if you'd like 👍
Thanks for the review @mattrco! I've addressed your comments 😄
We'll need to add a filter (private=False) to some of the view functions in
core/views.py
to achieve this. Happy to help with this if you'd like 👍
Should we do this in a separate PR? I'm at a conference today and tomorrow, if you have time to do the API update it would be great - we can release this feature sooner. No worries if not, I'll do it early next week.
@cimi I'm happy to merge this as-is and we can tackle the API later - although it's not quite complete, I think we need to do some test refactoring at the same time as it isn't very clear how the API views are tested vs. the HTML response.
Allows marking incidents to signal they contain private information. This can be done on creation or later when editing the incident. Once the flag is set to true it cannot be undone.
Private incidents are not omitted when listing all incidents. The incident summary, impact, severity etc. can still be edited from Slack after an incident is made private.
Incident details can no longer be retrieved from the API once an incident is made private (always returns HTTP 403).
Marking an incident as private does not automatically change the comms channel privacy settings, this needs to be done manually.