RocketChat · ggazzo · Aug 4, 2025 · Jul 31, 2025 · Jul 31, 2025 · Aug 1, 2025
@@ -466,11 +466,11 @@ API.v1.addRoute(
 				return API.v1.forbidden();
 			}
 
-			const moderators = (
-				await Subscriptions.findByRoomIdAndRoles(findResult._id, ['moderator'], {
-					projection: { u: 1 },
-				}).toArray()
-			).map((sub: ISubscription) => sub.u);
+			const moderators = await Subscriptions.findByRoomIdAndRoles(findResult._id, ['moderator'], {
+				projection: { u: 1, _id: 0 },
+			})
+				.map((sub) => sub.u)
+				.toArray();
 
 			return API.v1.success({
 				moderators,

@@ -1215,11 +1215,11 @@ API.v1.addRoute(
 				userId: this.userId,
 			});
 
-			const moderators = (
-				await Subscriptions.findByRoomIdAndRoles(findResult.rid, ['moderator'], {
-					projection: { u: 1 },
-				}).toArray()
-			).map((sub: any) => sub.u);
+			const moderators = await Subscriptions.findByRoomIdAndRoles(findResult.rid, ['moderator'], {
+				projection: { u: 1, _id: 0 },
+			})
+				.map((sub) => sub.u)
+				.toArray();
 
 			return API.v1.success({
 				moderators,

@@ -1,7 +1,7 @@
-import { api } from '@rocket.chat/core-services';
+import { api, Authorization } from '@rocket.chat/core-services';
 import type { IRole } from '@rocket.chat/core-typings';
 import { Roles, Users } from '@rocket.chat/models';
-import { isRoleAddUserToRoleProps, isRoleDeleteProps, isRoleRemoveUserFromRoleProps } from '@rocket.chat/rest-typings';
+import { ajv, isRoleAddUserToRoleProps, isRoleDeleteProps, isRoleRemoveUserFromRoleProps } from '@rocket.chat/rest-typings';
 import { check, Match } from 'meteor/check';
 import { Meteor } from 'meteor/meteor';
 
@@ -13,6 +13,7 @@ import { addUserToRole } from '../../../authorization/server/methods/addUserToRo
 import { apiDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger';
 import { notifyOnRoleChanged } from '../../../lib/server/lib/notifyListener';
 import { settings } from '../../../settings/server/index';
+import type { ExtractRoutesFromAPI } from '../ApiClass';
 import { API } from '../api';
 import { getPaginationItems } from '../helpers/getPaginationItems';
 import { getUserFromParams } from '../helpers/getUserFromParams';
@@ -243,3 +244,43 @@ API.v1.addRoute(
 		},
 	},
 );
+
+const rolesRoutes = API.v1.get(
+	'roles.getUsersInPublicRoles',
+	{
+		authRequired: true,
+		response: {
+			200: ajv.compile<{
+				users: {
+					_id: string;
+					username: string;
+					roles: string[];
+				}[];
+			}>({
+				type: 'object',
+				properties: {
+					users: {
+						type: 'array',
+						items: {
+							type: 'object',
+							properties: { _id: { type: 'string' }, username: { type: 'string' }, roles: { type: 'array', items: { type: 'string' } } },
+						},
+					},
+				},
+			}),
+		},
+	},
+
+	async () => {
+		return API.v1.success({
+			users: await Authorization.getUsersFromPublicRoles(),
+		});
+	},
+);
+
+type RolesEndpoints = ExtractRoutesFromAPI<typeof rolesRoutes>;
+
+declare module '@rocket.chat/rest-typings' {
+	// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-interface
+	interface Endpoints extends RolesEndpoints {}
+}
@@ -4,6 +4,7 @@ import { isPrivateRoom, isPublicRoom } from '@rocket.chat/core-typings';
 import { Messages, Rooms, Users, Uploads, Subscriptions } from '@rocket.chat/models';
 import type { Notifications } from '@rocket.chat/rest-typings';
 import {
+	ajv,
 	isGETRoomsNameExists,
 	isRoomsImagesProps,
 	isRoomsMuteUnmuteUserProps,
@@ -23,6 +24,7 @@ import * as dataExport from '../../../../server/lib/dataExport';
 import { eraseRoom } from '../../../../server/lib/eraseRoom';
 import { findUsersOfRoomOrderedByRole } from '../../../../server/lib/findUsersOfRoomOrderedByRole';
 import { openRoom } from '../../../../server/lib/openRoom';
+import type { RoomRoles } from '../../../../server/lib/roles/getRoomRoles';
 import { hideRoomMethod } from '../../../../server/methods/hideRoom';
 import { muteUserInRoom } from '../../../../server/methods/muteUserInRoom';
 import { toggleFavoriteMethod } from '../../../../server/methods/toggleFavorite';
@@ -37,12 +39,14 @@ import { sendFileMessage } from '../../../file-upload/server/methods/sendFileMes
 import { syncRolePrioritiesForRoomIfRequired } from '../../../lib/server/functions/syncRolePrioritiesForRoomIfRequired';
 import { executeArchiveRoom } from '../../../lib/server/methods/archiveRoom';
 import { cleanRoomHistoryMethod } from '../../../lib/server/methods/cleanRoomHistory';
+import { executeGetRoomRoles } from '../../../lib/server/methods/getRoomRoles';
 import { leaveRoomMethod } from '../../../lib/server/methods/leaveRoom';
 import { executeUnarchiveRoom } from '../../../lib/server/methods/unarchiveRoom';
 import { applyAirGappedRestrictionsValidation } from '../../../license/server/airGappedRestrictionsWrapper';
 import type { NotificationFieldType } from '../../../push-notifications/server/methods/saveNotificationSettings';
 import { saveNotificationSettingsMethod } from '../../../push-notifications/server/methods/saveNotificationSettings';
 import { settings } from '../../../settings/server';
+import type { ExtractRoutesFromAPI } from '../ApiClass';
 import { API } from '../api';
 import { composeRoomWithLastMessage } from '../helpers/composeRoomWithLastMessage';
 import { getPaginationItems } from '../helpers/getPaginationItems';
@@ -1005,3 +1009,62 @@ API.v1.addRoute(
 		},
 	},
 );
+
+const isRoomGetRolesPropsSchema = {
+	type: 'object',
+	properties: {
+		rid: { type: 'string' },
+	},
+	additionalProperties: false,
-	additionalProperties: false,
+	additionalProperties: true,
-	additionalProperties: false,
+	additionalProperties: true,
+	required: ['rid'],
+};
+export const roomEndpoints = API.v1.get(
+	'rooms.roles',
+	{
+		authRequired: true,
+		query: ajv.compile<{
+			rid: string;
+		}>(isRoomGetRolesPropsSchema),
+		response: {
+			200: ajv.compile<{
+				roles: RoomRoles[];
+			}>({
+				type: 'object',
+				properties: {
+					roles: {
+						type: 'array',
+						items: {
+							type: 'object',
+							properties: {
+								rid: { type: 'string' },
+								u: {
+									type: 'object',
+									properties: { _id: { type: 'string' }, username: { type: 'string' } },
+									required: ['_id', 'username'],
+								},
+								roles: { type: 'array', items: { type: 'string' } },
+							},
+							required: ['rid', 'u', 'roles'],
+						},
+					},
+				},
+				required: ['roles'],
+			}),
+		},
+	},
+	async function () {
+		const { rid } = this.queryParams;
+		const roles = await executeGetRoomRoles(rid, this.userId);
+
+		return API.v1.success({
+			roles,
+		});
+	},
+);
+
+type RoomEndpoints = ExtractRoutesFromAPI<typeof roomEndpoints>;
+
+declare module '@rocket.chat/rest-typings' {
+	// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-interface
+	interface Endpoints extends RoomEndpoints {}
+}
@@ -1,5 +1,5 @@
 import { MeteorError, Team, api, Calendar } from '@rocket.chat/core-services';
-import type { IExportOperation, ILoginToken, IPersonalAccessToken, IUser, UserStatus } from '@rocket.chat/core-typings';
+import { type IExportOperation, type ILoginToken, type IPersonalAccessToken, type IUser, type UserStatus } from '@rocket.chat/core-typings';
 import { Users, Subscriptions } from '@rocket.chat/models';
 import {
 	isUserCreateParamsPOST,
@@ -176,7 +176,13 @@ API.v1.addRoute(
 						twoFactorMethod: 'password',
 					};
 
-			await executeSaveUserProfile.call(this as unknown as Meteor.MethodThisType, userData, this.bodyParams.customFields, twoFactorOptions);
+			await executeSaveUserProfile.call(
+				this as unknown as Meteor.MethodThisType,
+				this.user,
+				userData,
+				this.bodyParams.customFields,
+				twoFactorOptions,
+			);
 
 			return API.v1.success({
 				user: await Users.findOneById(this.userId, { projection: API.v1.defaultFieldsToExclude }),

@@ -237,11 +237,9 @@ export class AppRoomBridge extends RoomBridge {
 	}
 
 	private async getUsersByRoomIdAndSubscriptionRole(roomId: string, role: string): Promise<IUser[]> {
-		const subs = (await Subscriptions.findByRoomIdAndRoles(roomId, [role], {
+		const subs = await Subscriptions.findByRoomIdAndRoles<{ uid: string }>(roomId, [role], {
 			projection: { uid: '$u._id', _id: 0 },
-		}).toArray()) as unknown as {
-			uid: string;
-		}[];
+		}).toArray();
 		// Was this a bug?
 		const users = await Users.findByIds(subs.map((user: { uid: string }) => user.uid)).toArray();
 		const userConverter = this.orch.getConverters().get('users');

diff --git a/apps/meteor/app/lib/server/functions/saveUser/validateUserEditing.ts b/apps/meteor/app/lib/server/functions/saveUser/validateUserEditing.ts
@@ -45,7 +45,7 @@ export async function validateUserEditing(userId: IUser['_id'], userData: Update
 	if (
 		isEditingField(user.username, userData.username) &&
 		!settings.get('Accounts_AllowUsernameChange') &&
-		(!canEditOtherUserInfo || editingMyself)
+		(!canEditOtherUserInfo || (editingMyself && user.username))
 	) {
 		throw new MeteorError('error-action-not-allowed', 'Edit username is not allowed', {
 			method: 'insertOrUpdateUser',

diff --git a/apps/meteor/app/lib/server/lib/deprecationWarningLogger.ts b/apps/meteor/app/lib/server/lib/deprecationWarningLogger.ts
@@ -1,7 +1,7 @@
 import { Logger } from '@rocket.chat/logger';
 import semver from 'semver';
 
-import { metrics } from '../../../metrics/server';
+import { metrics } from '../../../metrics/server/lib/metrics';
 
 const deprecationLogger = new Logger('DeprecationWarning');
 

diff --git a/apps/meteor/app/lib/server/methods/getRoomRoles.ts b/apps/meteor/app/lib/server/methods/getRoomRoles.ts
@@ -1,17 +1,19 @@
-import type { IRoom, ISubscription } from '@rocket.chat/core-typings';
+import type { IRoom } from '@rocket.chat/core-typings';
 import type { ServerMethods } from '@rocket.chat/ddp-client';
 import { Rooms } from '@rocket.chat/models';
 import { check } from 'meteor/check';
 import { Meteor } from 'meteor/meteor';
 
+import type { RoomRoles } from '../../../../server/lib/roles/getRoomRoles';
 import { getRoomRoles } from '../../../../server/lib/roles/getRoomRoles';
 import { canAccessRoomAsync } from '../../../authorization/server';
 import { settings } from '../../../settings/server';
+import { methodDeprecationLogger } from '../lib/deprecationWarningLogger';
 
 declare module '@rocket.chat/ddp-client' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention
 	interface ServerMethods {
-		getRoomRoles(rid: IRoom['_id']): ISubscription[];
+		getRoomRoles(rid: IRoom['_id']): RoomRoles[];
 	}
 }
 
@@ -36,6 +38,7 @@ export const executeGetRoomRoles = async (rid: IRoom['_id'], fromUserId?: string
 
 Meteor.methods<ServerMethods>({
 	async getRoomRoles(rid) {
+		methodDeprecationLogger.method('getRoomRoles', '8.0.0', 'Use the /v1/room.getRoles endpoint instead');
 		const fromUserId = Meteor.userId();
 
 		return executeGetRoomRoles(rid, fromUserId);

diff --git a/apps/meteor/app/lib/server/methods/getUserRoles.ts b/apps/meteor/app/lib/server/methods/getUserRoles.ts
@@ -1,17 +1,25 @@
 import { Authorization } from '@rocket.chat/core-services';
-import type { IUser, IRocketChatRecord } from '@rocket.chat/core-typings';
+import type { IUser } from '@rocket.chat/core-typings';
 import type { ServerMethods } from '@rocket.chat/ddp-client';
 import { Meteor } from 'meteor/meteor';
 
+import { methodDeprecationLogger } from '../lib/deprecationWarningLogger';
+
 declare module '@rocket.chat/ddp-client' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention
 	interface ServerMethods {
-		getUserRoles(): (IRocketChatRecord & Pick<IUser, '_id' | 'roles' | 'username'>)[];
+		getUserRoles(): Pick<IUser, '_id' | 'roles' | 'username'>[];
 	}
 }
 
 Meteor.methods<ServerMethods>({
 	async getUserRoles() {
+		methodDeprecationLogger.method(
+			'getUserRoles',
+			'8.0.0',
+			'This method is deprecated and will be removed in the future. Use the /v1/roles.getUsersInPublicRoles endpoint instead.',
+		);
+
 		if (!Meteor.userId()) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'getUserRoles' });
 		}

diff --git a/apps/meteor/app/lib/server/methods/saveCustomFields.ts b/apps/meteor/app/lib/server/methods/saveCustomFields.ts
@@ -4,6 +4,7 @@ import { Meteor } from 'meteor/meteor';
 
 import { saveCustomFields } from '../functions/saveCustomFields';
 import { RateLimiter } from '../lib';
+import { methodDeprecationLogger } from '../lib/deprecationWarningLogger';
 
 declare module '@rocket.chat/ddp-client' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention
@@ -14,6 +15,7 @@ declare module '@rocket.chat/ddp-client' {
 
 Meteor.methods<ServerMethods>({
 	async saveCustomFields(fields = {}) {
+		methodDeprecationLogger.method('saveCustomFields', '8.0.0', 'Use the endpoint /v1/users.updateOwnBasicInfo instead');
 		const uid = Meteor.userId();
 		if (!uid) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'saveCustomFields' });

diff --git a/apps/meteor/app/lib/server/methods/setUsername.ts b/apps/meteor/app/lib/server/methods/setUsername.ts
@@ -4,6 +4,7 @@ import { Meteor } from 'meteor/meteor';
 
 import { setUsernameWithValidation } from '../functions/setUsername';
 import { RateLimiter } from '../lib';
+import { methodDeprecationLogger } from '../lib/deprecationWarningLogger';
 
 declare module '@rocket.chat/ddp-client' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention
@@ -14,6 +15,7 @@ declare module '@rocket.chat/ddp-client' {
 
 Meteor.methods<ServerMethods>({
 	async setUsername(username, param = {}) {
+		methodDeprecationLogger.method('setUsername', '8.0.0', 'Use the endpoint /v1/users.updateOwnBasicInfo instead');
 		check(username, String);
 
 		const userId = Meteor.userId();

diff --git a/apps/meteor/app/reactions/server/setReaction.ts b/apps/meteor/app/reactions/server/setReaction.ts
@@ -11,6 +11,7 @@ import { canAccessRoomAsync } from '../../authorization/server';
 import { hasPermissionAsync } from '../../authorization/server/functions/hasPermission';
 import { emoji } from '../../emoji/server';
 import { isTheLastMessage } from '../../lib/server/functions/isTheLastMessage';
+import { methodDeprecationLogger } from '../../lib/server/lib/deprecationWarningLogger';
 import { notifyOnMessageChange } from '../../lib/server/lib/notifyListener';
 
 export const removeUserReaction = (message: IMessage, reaction: string, username: string) => {
@@ -161,6 +162,7 @@ declare module '@rocket.chat/ddp-client' {
 
 Meteor.methods<ServerMethods>({
 	async setReaction(reaction, messageId, shouldReact) {
+		methodDeprecationLogger.method('setReaction', '8.0.0', 'Use the endpoint /v1/chat.react instead');
 		const uid = Meteor.userId();
 		if (!uid) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', { method: 'setReaction' });

@@ -1,6 +1,6 @@
 import { isOmnichannelRoom, type IMessage, type IRoom, type ISubscription } from '@rocket.chat/core-typings';
 import { useFeaturePreview } from '@rocket.chat/ui-client';
-import { useUser, useMethod } from '@rocket.chat/ui-contexts';
+import { useUser, useEndpoint } from '@rocket.chat/ui-contexts';
 import { useCallback } from 'react';
 import { useTranslation } from 'react-i18next';
 
@@ -20,7 +20,7 @@ type ReactionMessageActionProps = {
 const ReactionMessageAction = ({ message, room, subscription }: ReactionMessageActionProps) => {
 	const chat = useChat();
 	const user = useUser();
-	const setReaction = useMethod('setReaction');
+	const setReaction = useEndpoint('POST', '/v1/chat.react');
 	const quickReactionsEnabled = useFeaturePreview('quickReactions');
 	const { quickReactions, addRecentEmoji } = useEmojiPickerData();
 	const { t } = useTranslation();
@@ -44,7 +44,10 @@ const ReactionMessageAction = ({ message, room, subscription }: ReactionMessageA
 	}
 
 	const toggleReaction = (emoji: string) => {
-		setReaction(`:${emoji}:`, message._id);
+		setReaction({
+			emoji: `:${emoji}:`,
+			messageId: message._id,
+		});
 		addRecentEmoji(emoji);
 	};