Steps to reproduce:
- create a private task and add it to some project
- visit the workboard with a user who has the right to open the task
- visit the workboard with a user who does not (I just used incognito mode)
Expected results: the unprivileged user sees some kind of placeholder without learning the title or other details of the task
Actual results: there is no sign of the task existing. Even the story point total (on sprint boards) is different.
Pro: safer (one can't use workboards to learn that there is a security task, what projects it belongs to, how many story points it takes, what stage of completion it is at).
Con: sprint planning is somewhat confusing with different people seeing different things.