profile: Allow marking contact methods as private

[mastercactapus]

Description:
Adds the ability for contact methods to be marked as private, making the details only available to the owner.

This opt-in feature does not retroactively change existing contact methods. Users can edit existing contact methods to mark them as private (or the reverse), but the default is the current behavior.

The private flag is off by default when creating a new contact method.

Which issue(s) this PR fixes:
Closes #2584

Screenshots:

Owner:

Others:

note: non-private contact methods will display as they do today

Describe any introduced user-facing changes:

• (PRIVATE) label for contact methods
• Notification rule list will now show PRIVATE if contact method is unavailable

Describe any introduced API changes:

• a new private field for contact methods

[Copilot]

Pull Request Overview

This PR introduces a new "private" flag for contact methods, ensuring that private contact methods are only visible to their owners while maintaining the current behavior by default. Key changes include adding a "private" field in the contact method models and forms (create, edit, GraphQL schema), updating associated database migrations and queries, and integrating a filtering mechanism in the contact method retrieval logic.

Reviewed Changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
web/src/app/users/UserContactMethod*.tsx	Added UI handling to toggle and display the new private flag.
user/contactmethod/*.go	Updated business logic and database access to include the private field, including filtering in FindAll.
graphql2/*	Updated GraphQL schema, resolvers, and generated files to support the private flag.
migrate/*	Added migrations to add the private column with a default value of false.
test/smoke/privatecm_test.go	Added tests to verify visibility rules for private contact methods.
gadb/*	Adjusted SQL queries and models to include the private field.

Comments suppressed due to low confidence (2)

user/notificationrule/store.go:127

• Review the use of 'permission.All' here to ensure that it does not unintentionally allow lower-privileged users access to notification rules, which may reference private contact methods.

err = permission.LimitCheckAny(ctx, permission.All)

user/contactmethod/store.go:294

• The updated FindAll function now returns an additional omitted count. Ensure that all callers of this API are updated to correctly handle the new return signature.

func (s *Store) FindAll(ctx context.Context, dbtx gadb.DBTX, userID string) ([]ContactMethod, int, error) {

[stale]

This pull request has been automatically marked as stale because it has not had recent activity. Thank you for your contributions.