fix: RoomForm returning only private rooms and not teams

[KevLehman]

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• New Features
  • Admin endpoint to view and filter private rooms and teams with pagination, sorting, and name filtering.
• API Changes
  • Updated rooms.roles response shape to include detailed role entries.
  • Autocomplete in admin room forms now queries the new private-rooms admin endpoint.
• Tests
  • Added end-to-end tests covering private rooms/team filtering and permission checks.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 0044435

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Adds a paginated admin endpoint for private rooms and teams, refactors the rooms.roles handler/schema, updates client autocomplete to use the new endpoint, implements a paginated model method, and adds end-to-end tests including permission checks. (≤50 words)

Changes

Cohort / File(s)	Summary
API: endpoints & handlers apps/meteor/app/api/server/v1/rooms.ts	Added rooms.adminRooms.privateRooms GET endpoint with query schema, permissions, pagination/sort handling, error mappings and handler using adminFields. Reworked rooms.roles to a chained API.v1.get(...) with a separate async handler and refined response schema.
Model typings & implementation packages/model-typings/src/models/IRoomsModel.ts, packages/models/src/models/Rooms.ts	Added findPrivateRoomsAndTeamsPaginated(name, options?) to model typings and implemented it in RoomsRaw; builds case-insensitive name predicate, filters private rooms (t: 'p'), excludes discussions, and returns paginated results.
Client: autocomplete apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.tsx, apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx	Updated component to query GET /v1/rooms.adminRooms.privateRooms; generateQuery now returns { filter: string }. Updated test mock to call the new endpoint.
End-to-end tests apps/meteor/tests/end-to-end/api/rooms.ts	Added tests for /rooms.adminRooms.privateRooms covering filtering for private rooms and private teams, and temporary permission removal to verify 403 behavior; includes resource cleanup.

Sequence Diagram(s)

sequenceDiagram
  participant AdminUI as Admin UI (autocomplete)
  participant API as Server API (rooms.adminRooms.privateRooms)
  participant Model as Rooms model (findPrivateRoomsAndTeamsPaginated)
  participant DB as Database

  AdminUI->>API: GET /v1/rooms.adminRooms.privateRooms?filter=...
  API->>API: check auth & view-room-administration permission
  API->>Model: findPrivateRoomsAndTeamsPaginated(filter, { offset, count, sort, fields: adminFields })
  Model->>DB: query private rooms/teams (name/fname match, exclude discussions), apply projection & pagination
  DB-->>Model: paginated results (rooms, total, count, offset)
  Model-->>API: returns paginated cursor/result
  API-->>AdminUI: 200 { rooms, count, offset, total, success }

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Verify correctness of name-matching predicate and exclusion of discussions in findPrivateRoomsAndTeamsPaginated.
• Confirm adminFields projection contains required fields and is correctly applied.
• Review API schema alignment with handler response and error mappings.
• Validate tests properly set/restore permissions and cleanup created entities.

Possibly related PRs

• fix: Add abacAttributes to adminRooms projection #37576 — Modifies adminFields (adds abacAttributes); touches the same exported adminFields used by the new endpoint.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• MartinSchoeler
• sampaiodiego

Poem

🐰 I hopped through code to add a door,
Private rooms and teams, paged and more.
Queries trimmed and tests in tow,
Admin fields give data a glow —
Hooray, the rabbit’s done — let’s go! 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: RoomForm returning only private rooms and not teams' directly addresses the main change across the codebase—adding support for teams alongside private rooms in the RoomForm autocomplete endpoint.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/room-form-privateteams

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[KevLehman]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/models/src/models/Rooms.ts (1)

243-268: PrivateRoomsAndTeams query correctly scopes to private, non‑discussion rooms

The new findPrivateRoomsAndTeamsPaginated builds a safe regex from name, restricts to t: 'p' and prid: { $exists: false }, which matches the need to list private rooms and private teams while excluding discussions, in line with ABAC’s “type 'p' only” semantics. The reuse of the existing name condition is fine, though the t: 'd'/usernames branch is now unreachable due to the t: 'p' filter and could optionally be dropped in future for clarity.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ac6665d and f62692e.

📒 Files selected for processing (6)

• apps/meteor/app/api/server/v1/rooms.ts (2 hunks)
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx (1 hunks)
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.tsx (2 hunks)
• apps/meteor/tests/end-to-end/api/rooms.ts (1 hunks)
• packages/model-typings/src/models/IRoomsModel.ts (1 hunks)
• packages/models/src/models/Rooms.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• packages/models/src/models/Rooms.ts
• packages/model-typings/src/models/IRoomsModel.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.tsx
• apps/meteor/app/api/server/v1/rooms.ts

🧠 Learnings (18)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Group related tests in the same file

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Ensure tests run reliably in parallel without shared state conflicts

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : All test files must be created in `apps/meteor/tests/e2e/` directory

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• packages/models/src/models/Rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.tsx
• apps/meteor/app/api/server/v1/rooms.ts

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/page-objects/**/*.ts : Utilize existing page objects pattern from `apps/meteor/tests/e2e/page-objects/`

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-12-10T21:00:54.909Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37091
File: ee/packages/abac/jest.config.ts:4-7
Timestamp: 2025-12-10T21:00:54.909Z
Learning: Rocket.Chat monorepo: Jest testMatch pattern '<rootDir>/src/**/*.spec.(ts|js|mjs)' is valid in this repo and used across multiple packages (e.g., packages/tools, ee/packages/omnichannel-services). Do not flag it as invalid in future reviews.

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Maintain test isolation between test cases in Playwright tests

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• packages/models/src/models/Rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Ensure clean state for each test execution in Playwright tests

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Utilize Playwright fixtures (`test`, `page`, `expect`) for consistency in test files

Applied to files:

• apps/meteor/tests/end-to-end/api/rooms.ts
• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Use `expect` matchers for assertions (`toEqual`, `toContain`, `toBeTruthy`, `toHaveLength`, etc.) instead of `assert` statements in Playwright tests

Applied to files:

• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-11-24T17:08:17.065Z

Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.{ts,spec.ts} : Follow Page Object Model pattern consistently in Playwright tests

Applied to files:

• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-10-06T20:30:45.540Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37152
File: packages/apps-engine/tests/test-data/storage/storage.ts:101-122
Timestamp: 2025-10-06T20:30:45.540Z
Learning: In `packages/apps-engine/tests/test-data/storage/storage.ts`, the stub methods (updatePartialAndReturnDocument, updateStatus, updateSetting, updateAppInfo, updateMarketplaceInfo) intentionally throw "Method not implemented." Tests using these methods must stub them using `SpyOn` from the test library rather than relying on actual implementations.

Applied to files:

• apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx

📚 Learning: 2025-10-28T16:53:42.761Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

• apps/meteor/app/api/server/v1/rooms.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: UserBridge.doGetUserRoomIds in packages/apps-engine/src/server/bridges/UserBridge.ts has a bug where it implicitly returns undefined when the app lacks read permission (missing return statement in the else case of the permission check).

Applied to files:

• apps/meteor/app/api/server/v1/rooms.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings (mapping subscription documents to room IDs), never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/api/server/v1/rooms.ts

📚 Learning: 2025-09-25T09:59:26.461Z

Learnt from: Dnouv
Repo: RocketChat/Rocket.Chat PR: 37057
File: packages/apps-engine/src/definition/accessors/IUserRead.ts:23-27
Timestamp: 2025-09-25T09:59:26.461Z
Learning: AppUserBridge.getUserRoomIds in apps/meteor/app/apps/server/bridges/users.ts always returns an array of strings by mapping subscription documents to room IDs, never undefined, even when user has no room subscriptions.

Applied to files:

• apps/meteor/app/api/server/v1/rooms.ts

🧬 Code graph analysis (4)

apps/meteor/tests/end-to-end/api/rooms.ts (3)

packages/core-typings/src/IRoom.ts (1)

• IRoom (22-98)

apps/meteor/tests/data/api-data.ts (2)

• credentials (39-42)
• request (10-10)

apps/meteor/tests/e2e/utils/create-target-channel.ts (1)

• deleteTeam (66-68)

packages/models/src/models/Rooms.ts (1)

packages/core-typings/src/IRoom.ts (1)

• IRoom (22-98)

packages/model-typings/src/models/IRoomsModel.ts (1)

packages/core-typings/src/IRoom.ts (1)

• IRoom (22-98)

apps/meteor/app/api/server/v1/rooms.ts (5)

apps/meteor/client/hooks/useRoomRolesQuery.ts (1)

• RoomRoles (8-12)

apps/meteor/server/lib/roles/getRoomRoles.ts (1)

• RoomRoles (7-15)

apps/meteor/app/lib/server/methods/getRoomRoles.ts (1)

• executeGetRoomRoles (20-37)

packages/core-typings/src/IRoom.ts (1)

• IRoom (22-98)

apps/meteor/lib/rooms/adminFields.ts (1)

• adminFields (3-33)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (5)

apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.spec.tsx (1)

15-21: Test mock updated to correct privateRooms endpoint

Mocking /v1/rooms.adminRooms.privateRooms here aligns with the new API route and the component’s useEndpoint usage; payload shape remains compatible with existing assertions.

packages/model-typings/src/models/IRoomsModel.ts (1)

52-53: New IRoomsModel method signature matches RoomsRaw implementation

The findPrivateRoomsAndTeamsPaginated declaration (name + FindOptions<IRoom> → FindPaginated<FindCursor<IRoom>>) is consistent with the RoomsRaw method and existing pagination patterns; no typing or API‑shape concerns.

apps/meteor/client/views/admin/ABAC/ABACRoomsTab/RoomFormAutocomplete.tsx (1)

10-15: Autocomplete client correctly targets privateRooms endpoint with appropriate query shape

generateQuery now emitting { filter } and switching useEndpoint to /v1/rooms.adminRooms.privateRooms lines up with the new backend route; the React‑Query key and roomsAutoCompleteEndpoint(generateQuery(filterDebounced)) stay consistent, and server‑side t: 'p' filtering ensures the component receives only private rooms/teams for ABAC configuration. Based on learnings, restricting to private (t: 'p') rooms matches ABAC design.

Also applies to: 20-36

apps/meteor/tests/end-to-end/api/rooms.ts (1)

2519-2621: E2E coverage for /rooms.adminRooms.privateRooms is solid and isolated

The new tests accurately verify that the endpoint returns only private rooms and private team mains (and excludes public channels/teams) when filtered by name, and that lack of view-room-administration yields a 403. Resource and permission cleanup are correctly handled, so suite isolation is preserved.

apps/meteor/app/api/server/v1/rooms.ts (1)

25-25: Typed room endpoints and new privateRooms route are consistent with model, client, and tests

Importing adminFields and introducing roomEndpoints achieves two things cleanly:

• GET /v1/rooms.roles now has ajv‑validated query (rid) and a 200 schema for { roles: RoomRoles[] }, while still delegating to executeGetRoomRoles and returning { success, roles }, so existing clients and tests remain compatible.
• GET /v1/rooms.adminRooms.privateRooms is properly auth + view-room-administration guarded, validates pagination/filter params, and uses Rooms.findPrivateRoomsAndTeamsPaginated with an adminFields projection to return only private, non‑discussion rooms/teams in a paginated { rooms, count, offset, total, success } payload, matching the new UI autocomplete and E2E tests. Based on learnings, restricting to private (t: 'p') rooms/teams fits the ABAC model.

The type extraction into RoomEndpoints cleanly exposes both routes through @rocket.chat/rest-typings.

Also applies to: 1028-1149

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.2GiB	1.2GiB	+12MiB
rocketchat	358MiB	347MiB	+12MiB
omnichannel-transcript-service	132MiB	132MiB	+12KiB
queue-worker-service	132MiB	132MiB	+12KiB
ddp-streamer-service	126MiB	126MiB	+11KiB
account-service	113MiB	113MiB	+8.9KiB
authorization-service	111MiB	110MiB	+71KiB
stream-hub-service	110MiB	110MiB	+10KiB
presence-service	110MiB	110MiB	+9.7KiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/15 22:28", "11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 19:43", "12/16 20:01 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]
  line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]

Loading

Statistics (last 22 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.2GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.2GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37836
• Baseline: develop
• Timestamp: 2025-12-16 20:01:40 UTC
• Historical data points: 22

---

Updated: Tue, 16 Dec 2025 20:01:41 GMT

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.37%. Comparing base (ac6665d) to head (0044435).
⚠️ Report is 1 commits behind head on feat/abac.

Additional details and impacted files

@@              Coverage Diff              @@
##           feat/abac   #37836      +/-   ##
=============================================
+ Coverage      54.35%   54.37%   +0.01%     
=============================================
  Files           2639     2639              
  Lines          50115    50102      -13     
  Branches       11217    11212       -5     
=============================================
  Hits           27241    27241              
+ Misses         20699    20689      -10     
+ Partials        2175     2172       -3     

Flag	Coverage Δ
e2e	57.35% <ø> (+0.02%)	⬆️
e2e-api	43.75% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f62692e and 0044435.

📒 Files selected for processing (1)

• packages/models/src/models/Rooms.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• packages/models/src/models/Rooms.ts

🧠 Learnings (3)

📓 Common learnings

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

📚 Learning: 2025-10-24T17:32:05.348Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

• packages/models/src/models/Rooms.ts

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• packages/models/src/models/Rooms.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (18)

• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (2/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (5/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (5/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (1/5)
• GitHub Check: 🔨 Test UI (CE) / MongoDB 8.2 (3/4)
• GitHub Check: 🔨 Test API (CE) / MongoDB 8.2 (1/1)
• GitHub Check: 🔨 Test API (EE) / MongoDB 5.0 (1/1)
• GitHub Check: 🔨 Test UI (CE) / MongoDB 8.2 (1/4)
• GitHub Check: 🔨 Test UI (CE) / MongoDB 8.2 (2/4)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (1/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (2/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (3/5)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 5.0 (4/5)
• GitHub Check: 🔨 Test UI (CE) / MongoDB 8.2 (4/4)
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (4/5)
• GitHub Check: 🔨 Test API (EE) / MongoDB 8.2 coverage (1/1)
• GitHub Check: 🔨 Test Federation Matrix