regression(ABAC): Display correct values on user info

[MartinSchoeler]

Proposed changes (including videos or screenshots)

Instead of showing attribute names, show the values from all attributes that the user has

Issue(s)

ABAC-91

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Updates
  • ABAC attribute handling updated: the component now accepts structured attributes (key + multiple values) instead of a simple string list.
  • Multiple values per attribute are rendered individually for clearer display.
  • Example/story updated to show two explicit ABAC attributes and removed the prior placeholder/temporary comment.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 051b3ae

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The PR changes ABAC attributes from a string array to structured objects ({ key, values[] }) across the UserInfo story and components, and updates rendering to iterate attribute.values (showing values) instead of attribute keys.

Changes

Cohort / File(s)	Summary
Story: ABAC example data apps/meteor/client/components/UserInfo/UserInfo.stories.tsx	Replaced abacAttributes: string[] example with abacAttributes: { key: string; values: string[] }[]; removed // @ts-expect-error``; added two attribute entries.
Parent component prop forwarding apps/meteor/client/components/UserInfo/UserInfo.tsx	Stopped mapping abacAttributes to keys; now passes full attribute objects to UserInfoABACAttributes, updating public prop shape.
Rendering & types apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx	Prop type changed from string[] to IAbacAttributeDefinition[]; rendering now iterates attribute.values and renders each value with composite keys. Imported IAbacAttributeDefinition.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Review the IAbacAttributeDefinition type to confirm shape matches usage.
• Verify composite keys and rendering of duplicate values.
• Ensure stories reflect realistic attribute shapes.

Possibly related PRs

• chore: new field for ABAC Attributes on user info #37135 — earlier ABAC attributes work that modified UserInfo ABAC props from string[] to structured attribute objects.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• tassoevan
• dougfabris

Poem

🐰
Keys hopped away, values took their place,
I nibbled bugs and tuned the trace.
Two attributes now, tidy and bright,
Values displayed just right tonight. ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the regression fix for ABAC attribute display in user info, accurately summarizing the main change from displaying keys to displaying values.
Linked Issues check	✅ Passed	The changes address ABAC-91 by updating component logic to display attribute values instead of keys across UserInfo, UserInfoABACAttributes, and the story examples.
Out of Scope Changes check	✅ Passed	All changes focus on fixing the ABAC attribute rendering regression; no unrelated modifications are present outside the scope of ABAC-91.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/render-correct-data

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f4c2d24 and 051b3ae.

⛔ Files ignored due to path filters (1)

• apps/meteor/client/components/UserInfo/__snapshots__/UserInfo.spec.tsx.snap is excluded by !**/*.snap

📒 Files selected for processing (3)

• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx (1 hunks)
• apps/meteor/client/components/UserInfo/UserInfo.tsx (1 hunks)
• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx
• apps/meteor/client/components/UserInfo/UserInfo.tsx

🧠 Learnings (4)

📓 Common learnings

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx
• apps/meteor/client/components/UserInfo/UserInfo.tsx

📚 Learning: 2025-10-30T19:30:46.541Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Applied to files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.tsx

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (3)

apps/meteor/client/components/UserInfo/UserInfo.tsx (1)

192-196: Passing full ABAC attribute objects fixes the value-vs-key regression

Wiring abacAttributes directly into UserInfoABACAttributes under the non-empty guard lets the child render actual attribute values instead of just keys, matching ABAC-91’s intent. The conditional on abacAttributes && abacAttributes.length > 0 also keeps behavior consistent with other ABAC views that only render when attributes are present. Based on learnings, this aligns with existing ABAC attribute handling patterns.

apps/meteor/client/components/UserInfo/UserInfo.stories.tsx (1)

45-54: Story args correctly reflect the new { key, values[] } ABAC shape

WithABACAttributes now uses the structured { key, values }[] form and demonstrates attributes with multiple values, matching the updated UserInfo/UserInfoABACAttributes API and helping validate the fixed rendering path.

apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx (1)

1-21: ABAC values are rendered correctly

The nested mapping over abacAttributes and attribute.values cleanly exposes each value to UserInfoABACAttribute, which resolves the "names vs values" regression.

The current key ${attribute.key}-${value}-${index} is sufficient. The ABAC backend deduplicates attribute.values using Set operations before transmission, guaranteeing that values within a single attribute are always unique. No additional key improvements are needed.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.2GiB	1.2GiB	+12MiB
rocketchat	360MiB	349MiB	+12MiB
omnichannel-transcript-service	132MiB	132MiB	+13KiB
queue-worker-service	132MiB	132MiB	+11KiB
ddp-streamer-service	126MiB	126MiB	+9.0KiB
account-service	113MiB	113MiB	+9.8KiB
authorization-service	111MiB	111MiB	+69KiB
stream-hub-service	111MiB	111MiB	+9.4KiB
presence-service	111MiB	111MiB	+8.6KiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/15 22:28", "11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 16:35", "12/10 17:30 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]
  line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]

Loading

Statistics (last 17 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.2GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.2GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37748
• Baseline: develop
• Timestamp: 2025-12-10 17:30:00 UTC
• Historical data points: 17

---

Updated: Wed, 10 Dec 2025 17:30:01 GMT

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx (1)

1-8: Rendering logic correctly uses attribute values; refine keys to avoid collisions

Using IAbacAttributeDefinition[] and iterating over attribute.values so that UserInfoABACAttribute receives the value string is aligned with the goal of showing attribute values instead of names.

One small improvement: the current key={${attribute.key}-${value}-${index}} uses only the outer index, so if an attribute has duplicate values, those siblings will share the same key. To avoid potential key collisions in the list, include the inner index as well:

-				{abacAttributes.map((attribute, index) =>
-					attribute.values.map((value) => (
-						<Margins inline={2} blockEnd={4} key={`${attribute.key}-${value}-${index}`}>
+				{abacAttributes.map((attribute, attributeIndex) =>
+					attribute.values.map((value, valueIndex) => (
+						<Margins
+							inline={2}
+							blockEnd={4}
+							key={`${attribute.key}-${value}-${attributeIndex}-${valueIndex}`}
 						>
 							<UserInfoABACAttribute attribute={value} />
 						</Margins>
 					)),
 				)}

This keeps the implementation concise while ensuring stable, unique keys even if values repeat.

Also applies to: 14-20

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d48f55d and f4c2d24.

⛔ Files ignored due to path filters (1)

• apps/meteor/client/components/UserInfo/__snapshots__/UserInfo.spec.tsx.snap is excluded by !**/*.snap

📒 Files selected for processing (3)

• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx (1 hunks)
• apps/meteor/client/components/UserInfo/UserInfo.tsx (1 hunks)
• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.tsx
• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx

🧠 Learnings (4)

📓 Common learnings

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.tsx
• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx

📚 Learning: 2025-10-30T19:30:46.541Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Applied to files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.tsx

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx
• apps/meteor/client/components/UserInfo/UserInfo.stories.tsx

🧬 Code graph analysis (1)

apps/meteor/client/components/UserInfo/UserInfoABACAttributes.tsx (1)

packages/core-typings/src/IAbacAttribute.ts (1)

• IAbacAttributeDefinition (3-14)

🔇 Additional comments (2)

apps/meteor/client/components/UserInfo/UserInfo.tsx (1)

192-197: ABAC attributes wiring now correctly passes full definitions

Forwarding abacAttributes directly into UserInfoABACAttributes (behind the existing null/length guard) aligns the parent with the new prop type and ensures the child can access attribute values instead of just keys. This matches the regression fix goal.

apps/meteor/client/components/UserInfo/UserInfo.stories.tsx (1)

45-54: Story data shape matches IAbacAttributeDefinition and new rendering

The WithABACAttributes story now uses { key, values }[], which is consistent with IAbacAttributeDefinition and the updated UserInfo/UserInfoABACAttributes props. This will accurately exercise the “render values instead of keys” behavior.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 54.49%. Comparing base (b3fd9fb) to head (051b3ae).
⚠️ Report is 3 commits behind head on feat/abac.

Additional details and impacted files

@@              Coverage Diff              @@
##           feat/abac   #37748      +/-   ##
=============================================
- Coverage      54.50%   54.49%   -0.01%     
=============================================
  Files           2633     2633              
  Lines          50105    50105              
  Branches       11224    11224              
=============================================
- Hits           27308    27304       -4     
- Misses         20607    20613       +6     
+ Partials        2190     2188       -2     

Flag	Coverage Δ
e2e	57.25% <0.00%> (-0.01%)	⬇️
e2e-api	44.67% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.