PT-491 cross-project epic-children listing
GET/api/tasks/:epicId/children
PT-491 cross-project epic-children listing. Lists every task whose epicId points at the given EPIC, across every project in the tenant (the epicId edge is tenant-scoped as of PT-446), PLUS the subtasks (parentTaskId) of those readable children so the Child Issues panel can render a nested task → subtask tree (PT-528). The project-scoped GET /api/projects/:id/tasks?epicId= filter is unchanged and only returns children in that one project — this route is its cross-project complement. Requires full tasks.read (the list is not ownership-scoped) AND projects.read (or .own) plus an active membership. Envelope: the caller must be able to read the EPIC itself — a non-existent, cross-tenant, or unreadable-project epic all return 403 (no existence oracle); a readable non-EPIC target returns 400. Children in projects the caller cannot read are redacted to an opaque id + the PT-283 sentinels (taskKey/projectId/issueType/progress dropped, title/status sentinelled, isCrossProject=true), so the real key/title never leak. Only a full org-wide projects.read holder sees every child un-redacted. Readable rows also carry parentTaskId (PT-528); a parent edge is nulled when its parent is unreadable, and a subtask of an unreadable child — or one in a project the caller cannot read — is omitted, so no cross-project parent–child relationship leaks.
Request
Responses
- 200
- 400
- 401
- 403
Successful response
Bad Request — malformed epic id, or the target is not an EPIC
Unauthorized — authentication credentials are missing or invalid
Forbidden — requires full tasks.read and projects.read (or .own) plus an active membership, and the caller must be able to read the epic (not-found / cross-tenant / unreadable-project epics all collapse here)