Comments visibility should be linked to related content visibility: if I have read permission on the linked document, I have read permission on the linked comment. If I haven't read permission on the linked document, I haven't read permission on the linked comment.
More generally permissions around comments should be:
- Read: users having Read on the linked document (including inherited permission) and administrators
- Edit: user being the creator of the comment, users members of the administrators group. In the future we will also add users having « Manage everything » permission on the document. But we should offer an opportunity to see that the comment was edited, which is not the case now.
- Add a comment: Users having read access to the document. In the future we may add a « Comment » permission.
- Delete a comment: Creator of the comment, members of group Administrators, people having « Manage everything » permission on the linked document.
- is related to
-
NEV-72 Readonly user should be able to annotate content
-
- Resolved
-
-
-
- Resolved
-
-
JAVACLIENT-175 Add get comments endpoint in annotation adapter
-
- Resolved
-
- is required by
-
JAVACLIENT-173 Release java client 3.2.0
-
- Resolved
-
(1 mentioned in)
