feat: ABAC Logs Tab

[MartinSchoeler]

Proposed changes (including videos or screenshots)

Issue(s)

ABAC-51

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• New Features

  • Added an ABAC "Logs" tab in administration to view audit activity with actor avatars, readable action labels, ABAC element/name, timestamps, date-range filters, and pagination.

• Localization

  • Added/updated ABAC translation keys for elements, names, empty states, action labels, and "Logs"; removed a legacy room label.

• API

  • Audit logs endpoint response now limited to specific ABAC event types for more consistent results.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 3fdb4a1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Adds an ABAC "Logs" admin tab and UI component that lists ABAC audit events (GET /v1/abac/audit) with date-range filtering and pagination; extends client ABACQueryKeys with a logs namespace; updates English i18n keys; and narrows server-side audit event types in schemas and endpoint response.

Changes

Cohort / File(s)	Summary
Query Keys apps/meteor/client/lib/queryKeys.ts	Added ABACQueryKeys.logs namespace with all() and list(query?: PaginatedRequest) methods to produce consistent query keys for ABAC logs.
ABAC Logs Tab Component apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx	New default-export React component that queries GET /v1/abac/audit, supports start/end date filtering and DateRangePicker, resets pagination on filter change, renders results in a table (User, Action, ABAC Element, Element Name, Timestamp), handles loading/empty states, shows avatars, and wires pagination (offset/count).
ABAC Admin Page Integration apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx	Integrated AdminABACLogs into the ABAC admin page rendering for the 'logs' tab and adjusted Contextualbar import path.
ABAC Tab Navigation apps/meteor/client/views/admin/ABAC/AdminABACTabs.tsx	Added a "Logs" (ABAC_Logs) TabsItem and navigation handling consistent with existing tabs.
Internationalization packages/i18n/src/locales/en.i18n.json	Removed ABAC_Room_Attributes; added ABAC_Room, ABAC_Room_Attribute, ABAC_Element, ABAC_Element_Name, ABAC_Logs, ABAC_No_logs, ABAC_No_logs_description, ABAC_No_attributes, ABAC_No_attributes_description, ABAC_No_rooms, ABAC_No_rooms_description, ABAC_All_Attributes_deleted, ABAC_Key_removed, ABAC_Key_renamed, ABAC_Value_removed, ABAC_Key_added, ABAC_Key_updated, and Updated.
Server: API & Schemas apps/meteor/ee/server/api/abac/index.ts, apps/meteor/ee/server/api/abac/schemas.ts	Narrowed audit response events typing to a union of specific IServerEvents variants (abac.action.performed, abac.attribute.changed, abac.object.attribute.changed, abac.object.attributes.removed) and updated imports to include IServerEvents.
UI import path updates apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBar.tsx, apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBarWithData.tsx	Replaced local Contextualbar component imports with @rocket.chat/ui-client equivalents (import path changes only).

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant AdminUI as Admin ABAC UI
    participant Client as Browser (React)
    participant API as Server API (/v1/abac/audit)
    participant DB as Audit Store
    AdminUI ->> Client: open "Logs" tab or change filters/pagination
    Client ->> API: GET /v1/abac/audit?start=&end=&offset=&count=
    API ->> DB: query audit events (date filters, offset, count)
    DB -->> API: return events + total/count
    API -->> Client: respond with typed ABAC event union (events, total, offset, count)
    Client ->> AdminUI: render table, pagination, avatars, or no-results

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Focus areas:
  • Data-fetching and query construction in AdminABACLogs.tsx
  • Event-to-label mapping and correct i18n key usage
  • Pagination and filter-reset behavior
  • Server schema/endpoint typing changes for IServerEvents union

Possibly related PRs

• feat: Audit ABAC actions #37565 — Touches the ABAC audit endpoint and related typings used by the new logs UI.
• feat: ABAC Rooms attributes tab #37408 — Modifies ABACQueryKeys structure; closely related to the added logs namespace.
• chore: Move ContextualBar and subcomponents to ui-client package #37661 — Shares the Contextualbar import path migration to @rocket.chat/ui-client.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• tassoevan
• dougfabris

Poem

🐰
I hopped through logs both near and far,
Collected traces, each tiny star.
Filters set and pages bright,
ABAC tales displayed this night.
A twitch, a nibble — audit delight!

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Linked Issues check	❓ Inconclusive	Insufficient information is available from the linked issue (ABAC-51) to validate whether code changes meet specific requirements or objectives.	Review the full ABAC-51 issue description to confirm that all coding requirements are met by the implementation of the logs tab, query keys, and API response types.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'feat: ABAC Logs Tab' clearly summarizes the main change by indicating a new feature for ABAC audit logs tab, which aligns with the implementation across queryKeys, components, and translations.
Out of Scope Changes check	✅ Passed	All changes focus on implementing the ABAC Logs Tab feature: new query keys, logs component, tab integration, translations, API schema updates, and import path migrations for UI components—all directly supporting the main objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/ABAC-Logs-page

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ad80378 and 3fdb4a1.

📒 Files selected for processing (3)

• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx (2 hunks)
• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBar.tsx (1 hunks)
• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBarWithData.tsx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBar.tsx
• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBarWithData.tsx

🧠 Learnings (4)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBar.tsx
• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBarWithData.tsx

📚 Learning: 2025-10-30T19:30:46.541Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Applied to files:

• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBar.tsx
• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBarWithData.tsx

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBar.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (2)

apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBarWithData.tsx (1)

1-1: LGTM! Import refactoring aligns with UI component centralization.

The change moves the ContextualbarSkeletonBody import to the centralized @rocket.chat/ui-client package, which is consistent with the broader refactoring pattern applied across ABAC components in this PR. No runtime behavior is affected.

apps/meteor/client/views/admin/ABAC/RoomAttributesContextualBar.tsx (1)

2-2: LGTM! Import path centralization is consistent.

The change moves ContextualbarClose and ContextualbarHeader imports to @rocket.chat/ui-client, matching the refactoring pattern applied in RoomAttributesContextualBarWithData.tsx. The component usage remains unchanged and no runtime behavior is affected.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.2GiB	1.2GiB	+12MiB
rocketchat	359MiB	347MiB	+12MiB
omnichannel-transcript-service	132MiB	132MiB	+12KiB
queue-worker-service	132MiB	132MiB	+8.9KiB
ddp-streamer-service	126MiB	126MiB	+8.8KiB
account-service	113MiB	113MiB	+12KiB
authorization-service	111MiB	111MiB	+67KiB
stream-hub-service	111MiB	111MiB	+9.7KiB
presence-service	111MiB	111MiB	+8.9KiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/15 22:28", "11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 18:29", "12/02 19:40 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]
  line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]

Loading

Statistics (last 11 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.2GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.2GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37633
• Baseline: develop
• Timestamp: 2025-12-02 19:40:42 UTC
• Historical data points: 11

---

Updated: Tue, 02 Dec 2025 19:40:43 GMT

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (7)

packages/i18n/src/locales/en.i18n.json (2)

43-44: Copy tweak for clarity.

Hyphenation reads awkwardly. Prefer simpler phrasing.

-  "ABAC_No_logs_description": "ABAC-management related activity will appear here.",
+  "ABAC_No_logs_description": "ABAC management activity will appear here.",

---

49-58: Align sentence casing with nearby “No …” strings.

“ABAC_No_attributes” uses title case while “ABAC_No_rooms” is sentence case. Make them consistent (sentence case).

-  "ABAC_No_attributes": "No Attributes",
+  "ABAC_No_attributes": "No attributes",

apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx (1)

13-13: Unused import detected.

ContextualbarSkeletonBody is imported but doesn't appear to be used in this file.

-import { ContextualbarDialog, ContextualbarSkeletonBody } from '../../../components/Contextualbar';
+import { ContextualbarDialog } from '../../../components/Contextualbar';

apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (4)

42-45: Remove code comment per coding guidelines.

As per coding guidelines, avoid code comments in TypeScript/JavaScript implementations.

-	// Whenever the user changes the filter or the text, reset the pagination to the first page
 	useEffect(() => {
 		setCurrent(0);
 	}, [startDate, endDate, setCurrent]);

---

94-95: Track the TODO for endpoint improvement.

The @ts-expect-error indicates the endpoint doesn't send the room name. Consider creating an issue to track this improvement so it doesn't get forgotten.

Would you like me to open a new issue to track adding the room name to the /v1/abac/audit endpoint response?

---

130-134: Consider adding a loading state indicator.

When isLoading is true, the table renders empty since data?.events?.map returns nothing. Consider showing a loading skeleton or spinner to improve user experience.

-		{(!data || data.events?.length === 0) && !isLoading ? (
+		{isLoading ? (
+			<Box display='flex' justifyContent='center' alignItems='center' height='full'>
+				{/* Add loading spinner or skeleton here */}
+			</Box>
+		) : !data || data.events?.length === 0 ? (
 			<Box display='flex' justifyContent='center' height='full'>
 				<GenericNoResults icon='extended-view' title={t('ABAC_No_logs')} description={t('ABAC_No_logs_description')} />
 			</Box>

---

52-75: Consider extracting pure helper function.

getActionLabel is a pure function that doesn't depend on component state. Extracting it outside the component avoids recreation on each render.

// Move outside component
const getActionLabel = (t: TFunction, action?: AbacAttributeDefinitionChangeType | null) => {
  switch (action) {
    case 'created':
      return t('Created');
    // ... rest of cases
  }
};

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ea0cbee and c167891.

📒 Files selected for processing (5)

• apps/meteor/client/lib/queryKeys.ts (1 hunks)
• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (1 hunks)
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx (2 hunks)
• apps/meteor/client/views/admin/ABAC/AdminABACTabs.tsx (1 hunks)
• packages/i18n/src/locales/en.i18n.json (4 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/lib/queryKeys.ts
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACTabs.tsx

🧠 Learnings (4)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-27T17:56:26.027Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.027Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/lib/queryKeys.ts
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

🧬 Code graph analysis (1)

apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (5)

apps/meteor/client/components/GenericTable/hooks/usePagination.ts (1)

• usePagination (11-40)

apps/meteor/client/lib/queryKeys.ts (1)

• ABACQueryKeys (121-132)

packages/core-typings/src/ServerAudit/IAuditServerAbacAction.ts (1)

• AbacAttributeDefinitionChangeType (8-17)

packages/rest-typings/src/index.ts (1)

• OperationResult (195-197)

apps/meteor/app/ui-utils/client/lib/RoomHistoryManager.ts (1)

• isLoading (279-282)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (6)

apps/meteor/client/lib/queryKeys.ts (1)

123-126: ABAC logs query keys are consistent and correctly typed

The new ABACQueryKeys.logs namespace mirrors the existing roomAttributes structure, composes from ABACQueryKeys.all, and uses PaginatedRequest with as const tuples consistently with the rest of this file. I don’t see any correctness or typing issues here.

packages/i18n/src/locales/en.i18n.json (2)

128-128: LGTM on ABAC_Logs.

Label reads well and matches the tab intent.

---

5498-5498: No duplicate or collision issues found with the Updated key.

The search confirms that Updated is a distinct key separate from Updated_at (which translates to "Updated at"). There is only one definition of Updated at line 5498, and it's legitimately used in the codebase (e.g., in AdminABACLogs.tsx for a status label). The generic key is appropriate for its intended purpose.

apps/meteor/client/views/admin/ABAC/AdminABACTabs.tsx (1)

23-25: LGTM!

The new "logs" tab follows the established pattern for existing tabs, with consistent use of the translation hook and navigation handler.

apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx (1)

69-69: LGTM!

The logs tab integration follows the established conditional rendering pattern used for other ABAC tabs.

apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (1)

27-50: Data fetching implementation looks good.

The query structure follows best practices with proper cache key management via ABACQueryKeys.logs.logsList(query) and appropriate date defaults.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (1)

1-178: Great work! Previous review feedback has been addressed.

The timestamp handling (lines 90, 100) and date formatting (line 160) have been properly implemented using new Date(event.ts) and formatDate(). The double margin issue has also been resolved.

A few optional UX improvements to consider:

1. Loading state: While the component handles the isLoading flag in the conditional (line 132), users see an empty table during initial load. Consider showing a loading skeleton or spinner.

2. Default date range (lines 28-29): Defaulting both start and end dates to today may not surface historical logs. Consider defaulting to a wider range (e.g., last 7 or 30 days) for better initial UX.

3. Room name display (line 97-98): The TODO is noted. The component currently displays room IDs instead of names, which may confuse users.

Do you want me to help implement any of these improvements, such as generating a loading state component or adjusting the default date range?

packages/i18n/src/locales/en.i18n.json (2)

43-44: Grammar tweak: “ABAC‑related activity …”

Polish the description for readability.

-  "ABAC_No_logs_description": "ABAC-management related activity will appear here.",
+  "ABAC_No_logs_description": "ABAC-related activity will appear here.",

---

49-58: Normalize empty‑state casing for consistency.

Match sentence case used elsewhere (e.g., “No rooms”).

-  "ABAC_No_attributes": "No Attributes",
+  "ABAC_No_attributes": "No attributes",

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b597ba5 and 4c72f4e.

📒 Files selected for processing (3)

• apps/meteor/client/lib/queryKeys.ts (1 hunks)
• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (1 hunks)
• packages/i18n/src/locales/en.i18n.json (4 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx
• apps/meteor/client/lib/queryKeys.ts

🧠 Learnings (6)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-07T14:50:33.544Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37423
File: packages/i18n/src/locales/en.i18n.json:18-18
Timestamp: 2025-11-07T14:50:33.544Z
Learning: Rocket.Chat settings: in apps/meteor/ee/server/settings/abac.ts, the Abac_Cache_Decision_Time_Seconds setting uses invalidValue: 0 as the fallback when ABAC is unlicensed. With a valid license, admins can still set the value to 0 to intentionally disable the ABAC decision cache.

Applied to files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

📚 Learning: 2025-10-30T19:30:46.541Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Applied to files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx
• apps/meteor/client/lib/queryKeys.ts

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

🧬 Code graph analysis (1)

apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (5)

apps/meteor/client/components/GenericTable/hooks/usePagination.ts (1)

• usePagination (11-40)

apps/meteor/client/lib/queryKeys.ts (1)

• ABACQueryKeys (121-132)

packages/core-typings/src/ServerAudit/IAuditServerAbacAction.ts (1)

• AbacAttributeDefinitionChangeType (8-17)

packages/rest-typings/src/index.ts (1)

• OperationResult (195-197)

apps/meteor/app/ui-utils/client/lib/RoomHistoryManager.ts (1)

• isLoading (279-282)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (4)

apps/meteor/client/lib/queryKeys.ts (1)

123-126: LGTM! Query key structure follows established patterns.

The new logs namespace is well-structured and consistent with other query keys in the file. The all() and list(query) pattern matches the existing roomAttributes structure above.

packages/i18n/src/locales/en.i18n.json (3)

28-31: ABAC labels added — looks good; confirm migration from plural key.

New singular keys are clear. Please confirm no remaining UI references to the older “ABAC_Room_Attributes” (Line 127) to avoid mixed labels. If kept for compatibility, consider marking usages for deprecation.

---

128-128: ABAC tab label OK.

“ABAC_Logs”: “Logs” aligns with the new tab. No issues.

---

5498-5498: No action needed. The "Updated" key exists only once in the locales directory at line 5498 and is not duplicated.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (feat/abac@4fc24bd). Learn more about missing BASE report.

Additional details and impacted files

@@             Coverage Diff              @@
##             feat/abac   #37633   +/-   ##
============================================
  Coverage             ?   54.28%           
============================================
  Files                ?     2637           
  Lines                ?    50052           
  Branches             ?    11202           
============================================
  Hits                 ?    27171           
  Misses               ?    20711           
  Partials             ?     2170           

Flag	Coverage Δ
e2e	57.26% <0.00%> (?)
e2e-api	43.69% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/i18n/src/locales/en.i18n.json (1)

43-44: Minor copy tweak: hyphenation.

Suggest “ABAC management–related activity will appear here.” for readability.

-  "ABAC_No_logs_description": "ABAC-management related activity will appear here.",
+  "ABAC_No_logs_description": "ABAC management–related activity will appear here.",

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4c72f4e and a1e6c4f.

📒 Files selected for processing (5)

• apps/meteor/client/lib/queryKeys.ts (1 hunks)
• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (1 hunks)
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx (2 hunks)
• apps/meteor/client/views/admin/ABAC/AdminABACTabs.tsx (1 hunks)
• packages/i18n/src/locales/en.i18n.json (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• apps/meteor/client/views/admin/ABAC/AdminABACTabs.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/lib/queryKeys.ts

🧠 Learnings (5)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/lib/queryKeys.ts

📚 Learning: 2025-11-19T12:32:29.696Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37547
File: packages/i18n/src/locales/en.i18n.json:634-634
Timestamp: 2025-11-19T12:32:29.696Z
Learning: Repo: RocketChat/Rocket.Chat
Context: i18n workflow
Learning: In this repository, new translation keys should be added to packages/i18n/src/locales/en.i18n.json only; other locale files are populated via the external translation pipeline and/or fall back to English. Do not request adding the same key to all locale files in future reviews.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (4)

apps/meteor/client/lib/queryKeys.ts (1)

123-126: LGTM! Past review feedback has been addressed.

The implementation follows the existing ABAC query key pattern and matches the suggestion from the previous review. The logs.list naming is clean and consistent with the nested structure.

packages/i18n/src/locales/en.i18n.json (3)

128-128: ABAC_Logs added — OK.

Matches the new tab label context.

---

5498-5498: Generic “Updated” label — OK.

No issues spotted.

---

28-31: ABAC element labels and casing fix are correct.

ABAC_Element_Name normalization is confirmed in use in AdminABACLogs.tsx, and no stale references to the old casing remain. New audit action labels (Key_removed, Key_renamed, Value_removed, Key_added, Key_updated) and empty-state descriptions (ABAC_No_attributes, ABAC_No_rooms) are properly added with consistent PascalCase naming convention.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (2)

28-43: Initial date computation may be off-by-one in non‑UTC timezones

Using new Date().toISOString().split('T')[0] derives “today” in UTC, not in the user’s local timezone. In many timezones this can result in the date inputs defaulting to tomorrow or yesterday relative to the user’s local day, and the start/end filters (...T00:00:00.000Z / ...T23:59:59.999Z) then query the wrong 24‑hour window.

Consider deriving the local calendar date instead, e.g.:

-const [startDate, setStartDate] = useState<string>(new Date().toISOString().split('T')[0]);
-const [endDate, setEndDate] = useState<string>(new Date().toISOString().split('T')[0]);
+const getTodayLocalDate = () => {
+	const today = new Date();
+	const year = today.getFullYear();
+	const month = String(today.getMonth() + 1).padStart(2, '0');
+	const day = String(today.getDate()).padStart(2, '0');
+	return `${year}-${month}-${day}`;
+};
+
+const [startDate, setStartDate] = useState<string>(getTodayLocalDate);
+const [endDate, setEndDate] = useState<string>(getTodayLocalDate);

and keep the UTC boundaries in the query if that’s the server convention.

---

45-48: Stale comment wording (mentions “text” filter that doesn’t exist)

The comment mentions “filter or the text”, but this component only has date filters. To avoid confusion for future readers, either update it to reference date filters only or remove it (the effect is self‑describing from its dependency array):

-	// Whenever the user changes the filter or the text, reset the pagination to the first page
 	useEffect(() => {
 		setCurrent(0);
 	}, [startDate, endDate, setCurrent]);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a1e6c4f and 2454883.

📒 Files selected for processing (1)

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

🧠 Learnings (4)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-07T14:50:33.544Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37423
File: packages/i18n/src/locales/en.i18n.json:18-18
Timestamp: 2025-11-07T14:50:33.544Z
Learning: Rocket.Chat settings: in apps/meteor/ee/server/settings/abac.ts, the Abac_Cache_Decision_Time_Seconds setting uses invalidValue: 0 as the fallback when ABAC is unlicensed. With a valid license, admins can still set the value to 0 to intentionally disable the ABAC decision cache.

Applied to files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

📚 Learning: 2025-10-30T19:30:46.541Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Applied to files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (2)

apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (2)

1-54: Overall data-fetching and pagination flow looks solid

The integration of usePagination, the memoized query object, and useQuery with ABACQueryKeys.logs.list(query) is consistent and type-safe, and the endpoint wiring via useEndpoint('GET', '/v1/abac/audit') matches the intended contract. No blocking issues in this segment.

---

80-102: Event mapping looks correct; ts-expect-error is acceptable as a temporary workaround

The getEventInfo helper correctly normalizes both attribute-change and room-level events, and returning a Date for timestamp integrates cleanly with useFormatDateAndTime. Using Serialized<OperationResult<...>>['events'][number] is a nice way to stay aligned with the REST typings.

The @ts-expect-error around event.data?.find((item) => item.key === 'room')?.value?.name is understandable given the current REST typings; just ensure ABAC-84 eventually tightens the type and lets you remove this suppression.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apps/meteor/ee/server/api/abac/schemas.ts (1)

1-1: Narrowing events to ABAC-specific IServerEvents looks correct

Importing IServerEvents and typing events as a union of the four ABAC audit event shapes aligns with the /abac/audit query filter and will give the client a tighter, more accurate type surface. No functional issues spotted.

If you want to reduce future drift, consider factoring the ABAC audit event keys into a shared const (e.g. ABAC_AUDIT_EVENT_TYPES) and using it both in this union and in the server query, so adding a new ABAC event only needs a single update.

Also applies to: 228-235

apps/meteor/ee/server/api/abac/index.ts (1)

3-3: Typed cast of ABAC audit events matches query filter

Using IServerEvents and casting events to the union of the four ABAC audit event types is consistent with the $in filter on t and with the updated response schema. This tightens the API typing without changing runtime behavior.

To keep things maintainable, consider extracting the ABAC audit event type keys into a shared const and deriving both the $in array and the response type from it, e.g.:

const ABAC_AUDIT_EVENT_TYPES = [
  'abac.action.performed',
  'abac.attribute.changed',
  'abac.object.attribute.changed',
  'abac.object.attributes.removed',
] as const;

type AbacAuditEvent = IServerEvents[(typeof ABAC_AUDIT_EVENT_TYPES)[number]];

Then reuse ABAC_AUDIT_EVENT_TYPES in the Mongo query and AbacAuditEvent[] in the response, avoiding future mismatches.

Also applies to: 381-408

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 2454883 and f911b20.

📒 Files selected for processing (3)

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx (1 hunks)
• apps/meteor/ee/server/api/abac/index.ts (2 hunks)
• apps/meteor/ee/server/api/abac/schemas.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/meteor/client/views/admin/ABAC/AdminABACLogs.tsx

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/ee/server/api/abac/schemas.ts
• apps/meteor/ee/server/api/abac/index.ts

🧠 Learnings (5)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/ee/server/api/abac/schemas.ts
• apps/meteor/ee/server/api/abac/index.ts

📚 Learning: 2025-11-07T14:50:33.544Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37423
File: packages/i18n/src/locales/en.i18n.json:18-18
Timestamp: 2025-11-07T14:50:33.544Z
Learning: Rocket.Chat settings: in apps/meteor/ee/server/settings/abac.ts, the Abac_Cache_Decision_Time_Seconds setting uses invalidValue: 0 as the fallback when ABAC is unlicensed. With a valid license, admins can still set the value to 0 to intentionally disable the ABAC decision cache.

Applied to files:

• apps/meteor/ee/server/api/abac/schemas.ts
• apps/meteor/ee/server/api/abac/index.ts

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• apps/meteor/ee/server/api/abac/schemas.ts

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• apps/meteor/ee/server/api/abac/schemas.ts
• apps/meteor/ee/server/api/abac/index.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

[KevLehman]

approving my own changes 🥇