chore: add new icons to abac rooms

[MartinSchoeler]

Proposed changes (including videos or screenshots)

ABAC-71

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Refactor

  • Removed the ABAC header tag from room headers; ABAC status is now indicated by room icons (team-shield or hash-shield).

• Tests

  • Deleted component tests for the removed header tag.
  • Added tests for room icon selection logic, including ABAC scenarios.

• Chores

  • Updated icon dependency version.
  • Removed related localization entries.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: e9d47f9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Removed the ABACHeaderTag component and its tests and i18n keys, added ABAC-aware icon selection to room icon logic (hook and private room type), updated an icons dependency, and removed ABACHeaderTag usage from room header views.

Changes

Cohort / File(s)	Change Summary
ABACHeaderTag removal apps/meteor/client/components/ABAC/ABACHeaderTag.tsx, apps/meteor/client/components/ABAC/ABACHeaderTag.spec.tsx	Deleted the ABACHeaderTag component and its test file (including snapshots and jest-axe accessibility tests).
Room header usage removal apps/meteor/client/views/room/Header/RoomHeader.tsx, apps/meteor/client/views/room/HeaderV2/RoomHeader.tsx	Removed import and JSX usage of ABACHeaderTag.
Icon selection logic apps/meteor/client/hooks/useRoomIcon.tsx, apps/meteor/client/lib/rooms/roomTypes/private.ts	Added early ABAC checks: if room.abacAttributes exists return team-shield when room.teamMain is true, otherwise hash-shield. This short-circuits prior icon branches.
Icon selection tests apps/meteor/client/hooks/useRoomIcon.spec.tsx	Added tests exercising icon selection across room variants including ABAC cases.
Dependency apps/meteor/package.json	Bumped @rocket.chat/icons from ~0.44.0 to ~0.45.0.
Localization packages/i18n/src/locales/en.i18n.json, packages/i18n/src/locales/nb.i18n.json	Removed ABAC_header_tag_title and ABAC_header_tag entries (en); removed ABAC_header_tag_title (nb).

Sequence Diagram(s)

sequenceDiagram
    participant RoomComp as Room Component
    participant Hook as useRoomIcon
    participant IconLogic as Icon Selection

    RoomComp->>Hook: useRoomIcon(room)
    Hook->>IconLogic: evaluate room.abacAttributes?
    rect rgb(230,245,230)
    alt abacAttributes present
        IconLogic->>IconLogic: check room.teamMain
        alt teamMain true
            IconLogic-->>Hook: "team-shield"
        else teamMain false
            IconLogic-->>Hook: "hash-shield"
        end
    else no abacAttributes
        Note right of IconLogic: proceed with existing checks (federated, prid, team, default)
        IconLogic-->>Hook: other icon id
    end
    end
    Hook-->>RoomComp: icon identifier

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Review TypeScript suppression around room.abacAttributes access in useRoomIcon.
• Confirm all imports/usages of the removed ABACHeaderTag are cleared.
• Validate the new useRoomIcon.spec.tsx covers ABAC branches and edge cases.

Possibly related PRs

• PR #37126: Removes the ABACHeaderTag component, its tests, translations, and header usage — closely related to this change.

Suggested reviewers

• tassoevan
• dougfabris
• cardoso

Poem

🐇 I hopped through code to swap the tag for shield,
ABAC now whispers where the icons yield,
Team or hash — a tiny, tidy sign,
Tests follow paths where guarded branches shine,
A rabbit nods: the header's trimmed and healed. ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: add new icons to abac rooms' accurately reflects the main changes: adding ABAC icons to the icon selection logic and removing the text-based ABACHeaderTag component.
Linked Issues check	✅ Passed	The PR addresses the core requirements from ABAC-71: icons are added to useRoomIcon and private room types for ABAC channels/teams, and the text tag component is removed from room headers.
Out of Scope Changes check	✅ Passed	All changes are scoped to ABAC icon implementation: icon logic additions, component removals, and supporting updates (i18n, icon package version bump) are all directly related to replacing the text tag with icons.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.03%. Comparing base (b27e9fb) to head (e9d47f9).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #37424      +/-   ##
===========================================
+ Coverage    68.99%   69.03%   +0.04%     
===========================================
  Files         3357     3356       -1     
  Lines       114243   114227      -16     
  Branches     20531    20571      +40     
===========================================
+ Hits         78820    78855      +35     
+ Misses       33339    33287      -52     
- Partials      2084     2085       +1     

Flag	Coverage Δ
e2e	57.48% <0.00%> (-0.03%)	⬇️
e2e-api	43.85% <ø> (+1.06%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

apps/meteor/client/lib/rooms/roomTypes/private.ts (1)

85-91: Consider consolidating duplicate ABAC icon logic.

The ABAC icon selection logic (lines 86-91) duplicates the same logic in apps/meteor/client/hooks/useRoomIcon.tsx (lines 12-17). Consider extracting this into a shared utility function to maintain DRY principles and ensure consistent behavior.

Example refactor:

// In a shared utility file (e.g., utils/abacIcons.ts)
export function getAbacIcon(room: { abacAttributes?: unknown; teamMain?: boolean }): string | null {
  if (!room.abacAttributes) {
    return null;
  }
  return room.teamMain ? 'team-shield' : 'hash-shield';
}

Then use it in both locations:

const abacIcon = getAbacIcon(room);
if (abacIcon) {
  return { name: abacIcon };
}

apps/meteor/client/hooks/useRoomIcon.spec.tsx (1)

1-83: Good test coverage for ABAC icon selection.

The test suite effectively validates icon selection across various room types including ABAC-enabled rooms. The structure using mock rooms and expected results makes it easy to verify behavior.

Consider adding edge case tests for:

• ABAC attributes with falsy values (empty object, null)
• Direct message rooms with a single user (testing ReactiveUserStatus component return)
• Private rooms (type 'p') with ABAC attributes

Example addition:

abacPrivateRoom: createFakeRoom({
  t: 'p',
  name: 'abac-private',
  teamMain: false,
  // @ts-expect-error TODO: Implement ABAC attributes in rooms
  abacAttributes: true,
}),

With expected result:

abacPrivateRoom: { name: 'hash-shield' },

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 18f83d1 and b0173ad.

⛔ Files ignored due to path filters (2)

• apps/meteor/client/components/ABAC/__snapshots__/ABACHeaderTag.spec.tsx.snap is excluded by !**/*.snap
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (12)

• apps/meteor/client/components/ABAC/ABACHeaderTag.spec.tsx (0 hunks)
• apps/meteor/client/components/ABAC/ABACHeaderTag.tsx (0 hunks)
• apps/meteor/client/hooks/useRoomIcon.spec.tsx (1 hunks)
• apps/meteor/client/hooks/useRoomIcon.tsx (1 hunks)
• apps/meteor/client/lib/rooms/roomTypes/private.ts (1 hunks)
• apps/meteor/client/views/omnichannel/components/AutoCompleteDepartmentMultiple.tsx (2 hunks)
• apps/meteor/client/views/omnichannel/components/AutoCompleteMonitors.tsx (2 hunks)
• apps/meteor/client/views/room/Header/RoomHeader.tsx (0 hunks)
• apps/meteor/client/views/room/HeaderV2/RoomHeader.tsx (0 hunks)
• apps/meteor/package.json (2 hunks)
• packages/i18n/src/locales/en.i18n.json (0 hunks)
• packages/i18n/src/locales/nb.i18n.json (0 hunks)

💤 Files with no reviewable changes (6)

• apps/meteor/client/views/room/Header/RoomHeader.tsx
• apps/meteor/client/views/room/HeaderV2/RoomHeader.tsx
• apps/meteor/client/components/ABAC/ABACHeaderTag.spec.tsx
• packages/i18n/src/locales/en.i18n.json
• packages/i18n/src/locales/nb.i18n.json
• apps/meteor/client/components/ABAC/ABACHeaderTag.tsx

🧰 Additional context used

🧠 Learnings (13)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• apps/meteor/package.json
• apps/meteor/client/lib/rooms/roomTypes/private.ts
• apps/meteor/client/hooks/useRoomIcon.tsx

📚 Learning: 2025-09-19T15:15:04.642Z

Learnt from: rodrigok
Repo: RocketChat/Rocket.Chat PR: 36991
File: apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts:219-221
Timestamp: 2025-09-19T15:15:04.642Z
Learning: The Federation_Matrix_homeserver_domain setting in apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts is part of the old federation system and is being deprecated/removed, so configuration issues with this setting should not be flagged for improvement.

Applied to files:

• apps/meteor/package.json

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• apps/meteor/client/lib/rooms/roomTypes/private.ts
• apps/meteor/client/hooks/useRoomIcon.tsx

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• apps/meteor/client/lib/rooms/roomTypes/private.ts
• apps/meteor/client/hooks/useRoomIcon.tsx

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: UserBridge.doGetUserRoomIds in packages/apps-engine/src/server/bridges/UserBridge.ts has a bug where it implicitly returns undefined when the app lacks read permission (missing return statement in the else case of the permission check).

Applied to files:

• apps/meteor/client/lib/rooms/roomTypes/private.ts
• apps/meteor/client/hooks/useRoomIcon.tsx

📚 Learning: 2025-09-16T22:08:51.490Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-09-16T22:08:51.490Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Use descriptive test names that clearly communicate expected behavior

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.spec.tsx

📚 Learning: 2025-09-16T22:08:51.490Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-09-16T22:08:51.490Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Group related tests in the same file

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.spec.tsx

📚 Learning: 2025-09-16T22:08:51.490Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-09-16T22:08:51.490Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Maintain test isolation between test cases

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.spec.tsx

📚 Learning: 2025-09-16T22:08:51.490Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-09-16T22:08:51.490Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Utilize Playwright fixtures (test, page, expect) consistently

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.spec.tsx

📚 Learning: 2025-09-16T22:08:51.490Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-09-16T22:08:51.490Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : All Playwright test files must be located under apps/meteor/tests/e2e/ and use the .spec.ts extension (e.g., login.spec.ts)

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.spec.tsx

📚 Learning: 2025-09-16T22:08:51.490Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-09-16T22:08:51.490Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Ensure tests run reliably in parallel without shared state conflicts

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.spec.tsx

📚 Learning: 2025-09-16T22:08:51.490Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-09-16T22:08:51.490Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Use expect matchers (toEqual, toContain, toBeTruthy, toHaveLength, etc.) instead of assert statements

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.spec.tsx

🧬 Code graph analysis (1)

apps/meteor/client/hooks/useRoomIcon.spec.tsx (2)

apps/meteor/tests/mocks/data.ts (1)

• createFakeRoom (46-61)

apps/meteor/client/hooks/useRoomIcon.tsx (1)

• useRoomIcon (8-57)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] (5/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] (2/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] (4/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (4/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (5/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (2/5)

🔇 Additional comments (7)

apps/meteor/client/hooks/useRoomIcon.tsx (1)

12-17: ABAC icon logic implemented correctly.

The ABAC-aware icon selection properly distinguishes between team rooms ('team-shield') and regular channels ('hash-shield') when ABAC attributes are present. The early return ensures ABAC rooms display the correct icon before other room type checks.

apps/meteor/package.json (1)

257-257: No evidence found for the stated icon references in the codebase.

The package versions @rocket.chat/icons@~0.45.0 and @rocket.chat/fuselage@~0.68.0 both exist in the npm registry. However, the new ABAC icons 'team-shield' and 'hash-shield' are not referenced anywhere in the codebase—no TypeScript, JavaScript, JSON files, or configuration files contain these icon names. While ABAC features are actively being developed (with dedicated admin components, i18n translations, and room member logic), the specific icons mentioned are not yet integrated.

Likely an incorrect or invalid review comment.

apps/meteor/client/views/omnichannel/components/AutoCompleteDepartmentMultiple.tsx (2)

4-4: Ref import mirrors AutoCompleteMonitors pattern.

This change is consistent with the similar modification in AutoCompleteMonitors.tsx. If the ref forwarding approach is validated as correct, the consistency across these components is good.

However, the same concerns about type assertions apply here. Please verify that this pattern is the correct approach for enabling ref forwarding to CheckOption components.

---

56-69: Unable to verify external library behavior without source access.

The Option and CheckOption components are imported from @rocket.chat/fuselage (external dependency), which is not available in the codebase. While the code pattern suggests the type assertion may be intentional—only applied where seemingly needed—I cannot definitively verify whether:

• Option's type definition already includes the correct ref type (making assertion unnecessary)
• CheckOption requires explicit casting due to different type expectations
• Both should have assertions for consistency

The concern warrants manual verification against the @rocket.chat/fuselage component documentation or source code to confirm the ref forwarding is correctly handled.

apps/meteor/client/views/omnichannel/components/AutoCompleteMonitors.tsx (3)

1-46: Verify scope inconsistency: omnichannel component changes unrelated to stated ABAC icon PR objectives.

The ref forwarding changes to AutoCompleteMonitors.tsx appear to be legitimate refactoring—they mirror the existing pattern in AutoCompleteDepartmentMultiple.tsx (which already uses ref={props.ref as Ref<HTMLOptionElement>}). However, these changes remain in the omnichannel scope and have no connection to the ABAC functionality described in the PR objectives (room icons, user attributes, etc.).

Clarify whether:

1. These omnichannel component updates should be in this PR, or
2. They were included by mistake and should be removed

---

34-41: Type assertion pattern is consistent across all CheckOption usages, but root cause verification requires manual inspection of fuselage library types.

The type assertion as Ref<HTMLOptionElement> appears in exactly 2 locations within the codebase—both with CheckOption in omnichannel components (AutoCompleteMonitors.tsx and AutoCompleteDepartmentMultiple.tsx). This is a 100% consistent pattern: every CheckOption usage employs the same assertion, suggesting it's intentional rather than an oversight.

However, without access to fuselage's (v~0.68.0) type definitions or library documentation, I cannot definitively determine whether:

• The assertion is a known, necessary workaround for a limitation in CheckOption's ref typing
• It's correctly addressing a type incompatibility between PaginatedMultiSelectFiltered's renderItem prop and CheckOption's ref requirements
• It's masking an underlying type issue that should be resolved

To address the original concern properly, you should verify the fuselage library's CheckOption and PaginatedMultiSelectFiltered type definitions to confirm whether the assertion represents a legitimate workaround or if a deeper fix (such as wrapping CheckOption with forwardRef or updating parameter types) would be more appropriate.

---

3-3: Unable to verify necessity of Ref import without access to @rocket.chat/fuselage package definitions.

The Ref type is used exclusively for a type assertion on line 37 (props.ref as Ref<HTMLOptionElement>). However, whether this assertion is necessary depends on how CheckOption from @rocket.chat/fuselage (~0.66.4) types its ref prop in the renderItem callback, which cannot be verified in this environment.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

apps/meteor/client/hooks/useRoomIcon.tsx (1)

11-11: Complete the TODO: Add abacAttributes to IRoom type definition.

This issue has already been flagged in a previous review. The @ts-expect-error directive should be removed once abacAttributes is properly defined in the IRoom type from @rocket.chat/core-typings.

apps/meteor/client/lib/rooms/roomTypes/private.ts (1)

85-85: Complete the TODO: Add abacAttributes to room type.

This issue has already been flagged in a previous review. The @ts-expect-error directive should be removed once abacAttributes is properly defined in the IRoom type from @rocket.chat/core-typings.

🧹 Nitpick comments (1)

apps/meteor/client/lib/rooms/roomTypes/private.ts (1)

85-91: Consider extracting ABAC icon logic to a shared utility.

The ABAC icon selection logic here is identical to the logic in apps/meteor/client/hooks/useRoomIcon.tsx (lines 11-17). While both serve valid purposes in different contexts, extracting this logic to a shared utility function would reduce duplication and improve maintainability.

Example shared utility in a new file (e.g., apps/meteor/client/lib/rooms/getABACIcon.ts):

import type { IRoom } from '@rocket.chat/core-typings';

export const getABACIcon = (room: Pick<IRoom, 'abacAttributes' | 'teamMain'>): string | null => {
  // @ts-expect-error TODO: Implement ABAC attributes in rooms
  if (!room.abacAttributes) {
    return null;
  }
  
  return room.teamMain ? 'team-shield' : 'hash-shield';
};

Then both useRoomIcon and PrivateRoomType.getIcon could call this utility:

const abacIcon = getABACIcon(room);
if (abacIcon) {
  return { name: abacIcon };
}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b0173ad and 662cc95.

⛔ Files ignored due to path filters (2)

• apps/meteor/client/components/ABAC/__snapshots__/ABACHeaderTag.spec.tsx.snap is excluded by !**/*.snap
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (10)

• apps/meteor/client/components/ABAC/ABACHeaderTag.spec.tsx (0 hunks)
• apps/meteor/client/components/ABAC/ABACHeaderTag.tsx (0 hunks)
• apps/meteor/client/hooks/useRoomIcon.spec.tsx (1 hunks)
• apps/meteor/client/hooks/useRoomIcon.tsx (1 hunks)
• apps/meteor/client/lib/rooms/roomTypes/private.ts (1 hunks)
• apps/meteor/client/views/room/Header/RoomHeader.tsx (0 hunks)
• apps/meteor/client/views/room/HeaderV2/RoomHeader.tsx (0 hunks)
• apps/meteor/package.json (1 hunks)
• packages/i18n/src/locales/en.i18n.json (0 hunks)
• packages/i18n/src/locales/nb.i18n.json (0 hunks)

💤 Files with no reviewable changes (6)

• apps/meteor/client/views/room/Header/RoomHeader.tsx
• apps/meteor/client/views/room/HeaderV2/RoomHeader.tsx
• packages/i18n/src/locales/nb.i18n.json
• packages/i18n/src/locales/en.i18n.json
• apps/meteor/client/components/ABAC/ABACHeaderTag.spec.tsx
• apps/meteor/client/components/ABAC/ABACHeaderTag.tsx

🚧 Files skipped from review as they are similar to previous changes (2)

• apps/meteor/client/hooks/useRoomIcon.spec.tsx
• apps/meteor/package.json

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.tsx
• apps/meteor/client/lib/rooms/roomTypes/private.ts

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.tsx
• apps/meteor/client/lib/rooms/roomTypes/private.ts

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.tsx
• apps/meteor/client/lib/rooms/roomTypes/private.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: UserBridge.doGetUserRoomIds in packages/apps-engine/src/server/bridges/UserBridge.ts has a bug where it implicitly returns undefined when the app lacks read permission (missing return statement in the else case of the permission check).

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.tsx
• apps/meteor/client/lib/rooms/roomTypes/private.ts

📚 Learning: 2025-10-30T19:30:46.541Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Applied to files:

• apps/meteor/client/hooks/useRoomIcon.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (1)

apps/meteor/client/hooks/useRoomIcon.tsx (1)

11-17: ABAC icon precedence is correct; edge cases don't apply.

Verification confirms ABAC rooms cannot be federated or discussion rooms. The codebase shows no instances of these combinations, and the learnings confirm ABAC attributes only exist on private rooms (type 'p'). The early return appropriately prioritizes the security indicator. The icon choices correctly differentiate teams ('team-shield') from channels ('hash-shield').