feat: check field level permission to display internal note

program/serializers.py

@@ -530,14 +530,11 @@ class ShowSerializer(serializers.HyperlinkedModelSerializer):
         ) + read_only_fields
 
     def get_internal_note(self, obj) -> str:
-        """Only members of the privileged group can see the internal note."""
+        """Only users with the permission can see the internal note."""
 
         user = self.context.get("request").user
 
-        if user.groups.filter(name=settings.PRIVILEGED_GROUP).exists():
-            return obj.internal_note
-        else:
-            return ""
+        return obj.internal_note if user and user.has_perm("display__show__internal_note") else ""
 
     def create(self, validated_data):
         """