Backend: Implement Private Project Notes with Role-Based Access Control #1325
Description
Important Points to Note
- I agree to adhere to the project's Code of Conduct.
- I have reviewed and understood the project's Contributing Guidelines.
- I have checked the existing issues and can confirm that this is not a duplicate.
- I have reviewed and understood the project's Issue Creation Guidelines.
Category
Behaviour Updating
Enhancement Description
Overview
This issue focuses on implementing the backend functionality for private, project-specific notes. These notes should only be visible to authorized project members.
Requirements
1. Role Updates
Extend the User schema to support the following roles:
- USER
- COLLABORATOR
- MAINTAINER
- ADMIN
2. Notes Schema
Create a new schema/model to store private notes:
- projectId
- authorId
- note content
- timestamps
3. Access Control
Notes must be visible only to:
- Project Owner
- Collaborators
- Maintainers
- Admins
Access level:
- COLLABORATOR → Read-only
- MAINTAINER & ADMIN → Read + Write
- USER → No access
4. API Endpoints
Implement the following routes:
- POST /projects/:id/notes → Add note (Maintainer/Admin only)
- PUT /projects/:projectId/notes/:noteId → Edit note (Maintainer/Admin only)
- GET /projects/:id/notes → View notes (Collaborator/Maintainer/Admin)
5. Middleware
Add role-based permission checks for:
- Reading notes
- Adding/updating notes
Goal
Provide a secure backend foundation for managing private notes within each project.
Screenshots or Logs
Not applicable for this backend enhancement.
Priority
Up to 2 days
Open Source Program
None
Would you like to work on this issue?
Yes