Skip to content

fix: Wrong invite error message #37851

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
KevLehman merged 3 commits into from
Dec 17, 2025
Merged

fix: Wrong invite error message #37851

KevLehman merged 3 commits into from
Dec 17, 2025

Conversation

@KevLehman
Copy link
Member

@KevLehman KevLehman commented Dec 17, 2025
edited by coderabbitai bot
Loading

Proposed changes (including videos or screenshots)

Issue(s)

https://rocketchat.atlassian.net/browse/ABAC-100

Steps to test or reproduce

Further comments

Summary by CodeRabbit

Release Notes

  • Bug Fixes

    • Improved error handling and messaging when inviting users to ABAC-managed rooms, ensuring clearer feedback when non-compliant users cannot be added.

  • New Features

    • Added error messages: "Only compliant users can be added to ABAC rooms" and "This room is ABAC managed and new users cannot be added" to better communicate ABAC compliance constraints.

✏️ Tip: You can customize this high-level summary in your review settings.

@dionisio-bot
Copy link
Contributor

dionisio-bot bot commented Dec 17, 2025
edited
Loading

Looks like this PR is not ready to merge, because of the following issues:

  • This PR is missing the 'stat: QA assured' label
  • This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

@changeset-bot
Copy link

changeset-bot bot commented Dec 17, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: b69fba3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 17, 2025
edited
Loading

Walkthrough

Refactored ABAC error handling by introducing a dedicated OnlyCompliantCanBeAddedToRoomError class to replace generic MeteorError. Updated error codes, adjusted the invite slash command's error broadcast logic, modified test expectations, and added new i18n error messages for ABAC-managed room constraints.

Changes

Cohort / File(s) Summary
ABAC Error Definitions
ee/packages/abac/src/errors.ts		 Removed UsernamesNotMatchingAbacAttributes error code; added OnlyCompliantCanBeAddedToRoom error code and corresponding OnlyCompliantCanBeAddedToRoomError class with optional details parameter.
ABAC Package Logic
ee/packages/abac/src/index.ts		 Updated imports to use OnlyCompliantCanBeAddedToRoomError instead of MeteorError; replaced error throwing in checkUsernamesMatchAttributes with the new error class.
ABAC Service Tests
ee/packages/abac/src/service.spec.ts		 Adjusted test expectations to assert code field with value 'error-only-compliant-users-can-be-added-to-abac-rooms' instead of separate error, message, and details fields.
Invite Slash Command
apps/meteor/app/slashcommands-invite/server/server.ts		 Refactored error handling to differentiate messages based on the specific error code; broadcasts e.error translation when matching 'error-only-compliant-users-can-be-added-to-abac-rooms', otherwise uses e.message translation.
End-to-End API Tests
apps/meteor/tests/end-to-end/api/abac.ts		 Updated ABAC invite failure test to assert res.body.errorType equals 'error-only-compliant-users-can-be-added-to-abac-rooms' instead of checking res.body.error for 'error-usernames-not-matching-abac-attributes'.
Internationalization
packages/i18n/src/locales/en.i18n.json		 Added two new i18n keys: error-only-compliant-users-can-be-added-to-abac-rooms and error-room-is-abac-managed with user-friendly error messages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • The changes follow a consistent pattern of replacing a generic error type with a dedicated ABAC error class
  • Most modifications are straightforward substitutions with clear intent
  • Test and i18n updates are straightforward and localized
  • Verify that the new error code is correctly propagated through all error handling paths, particularly in the invite command's broadcast logic

Possibly related PRs

Suggested labels

stat: QA assured

Suggested reviewers

  • tassoevan
  • ggazzo
  • rodrigok

Poem

🐰 A hop, skip, and error class away—
We've tamed the ABAC display!
From tangled raw text to messages bright,
Compliant users now get it just right. ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly addresses the fix for an incorrect invite error message, aligning with the PR's primary objective to correct error messaging.
Linked Issues check ✅ Passed The changes comprehensively address ABAC-100 by replacing raw error details with a friendly, design-pattern-compliant error message through custom error class and locale strings.
Out of Scope Changes check ✅ Passed All changes are directly related to fixing the invite error message for ABAC compliance; no unrelated modifications were introduced.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/invite-message

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@KevLehman KevLehman changed the title fix invite message fix: Wrong invite error message Dec 17, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 17, 2025

📦 Docker Image Size Report

📈 Changes

Service Current Baseline Change Percent
sum of all images 1.2GiB 1.2GiB +12MiB
rocketchat 358MiB 347MiB +12MiB
omnichannel-transcript-service 132MiB 132MiB -2.7KiB
queue-worker-service 132MiB 132MiB +2.9KiB
ddp-streamer-service 126MiB 126MiB -1.9KiB
account-service 113MiB 113MiB -5.6KiB
authorization-service 111MiB 110MiB +53KiB
stream-hub-service 110MiB 110MiB -9.2KiB
presence-service 110MiB 110MiB -7.5KiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/15 22:28", "11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 22:18", "12/17 15:31", "12/17 16:12 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]
  line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
Loading

Statistics (last 23 days):

  • 📊 Average: 1.5GiB
  • ⬇️ Minimum: 1.2GiB
  • ⬆️ Maximum: 1.6GiB
  • 🎯 Current PR: 1.2GiB
ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

  • Tag: pr-37851
  • Baseline: develop
  • Timestamp: 2025-12-17 16:12:50 UTC
  • Historical data points: 23

Updated: Wed, 17 Dec 2025 16:12:50 GMT

@KevLehman KevLehman marked this pull request as ready for review December 17, 2025 16:50
@KevLehman KevLehman requested a review from a team as a code owner December 17, 2025 16:50
coderabbitai[bot]
coderabbitai bot reviewed Dec 17, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (3)
apps/meteor/app/slashcommands-invite/server/server.ts (1)

115-123: Error handling correctly differentiates ABAC error translation.

The conditional logic appropriately handles the new ABAC error code by using e.error as the translation key (which contains the error code) instead of e.message. This ensures the user-facing message is pulled from the i18n locales correctly.

Optional future consideration: If additional ABAC error codes are introduced that require similar handling, consider refactoring to a more generic pattern (e.g., checking if e.error starts with 'error-' and exists in i18n keys).

packages/i18n/src/locales/en.i18n.json (1)

6355-6382: Align ABAC error message style with existing locale conventions

Both new strings work functionally, but you may want to tweak wording for consistency with nearby entries:

  • Line 6355 (error-only-compliant-users-can-be-added-to-abac-rooms): most short error messages in this file don’t end with a period (e.g., “Access not authorized”, “Cannot invite users to direct rooms”). Consider dropping the trailing .:
-  "error-only-compliant-users-can-be-added-to-abac-rooms": "Only compliant users can be added to ABAC rooms.",
+  "error-only-compliant-users-can-be-added-to-abac-rooms": "Only compliant users can be added to ABAC rooms",
  • Line 6382 (error-room-is-abac-managed): elsewhere in this file ABAC wording uses the hyphenated form “ABAC-managed” (e.g., “ABAC-managed rooms”). For consistency (and to mirror that usage), consider:
-  "error-room-is-abac-managed": "This room is ABAC managed and new users cannot be added",
+  "error-room-is-abac-managed": "This room is ABAC-managed and new users cannot be added",

Both are purely style/copy suggestions; behavior is otherwise solid.

ee/packages/abac/src/index.ts (1)

466-490: Good refactoring to use a dedicated ABAC error.

The replacement of MeteorError with OnlyCompliantCanBeAddedToRoomError improves error handling by providing a specific, user-friendly error that aligns with design patterns. The error is thrown without details, which is appropriate for user-facing messages and prevents leaking internal information.

Optional: Consider auditing denied access attempts.

Currently, only successful access grants are audited (lines 487-489). For compliance and security monitoring, you might want to audit denied attempts as well:

 	if (nonCompliantSet.size) {
+		nonCompliantUsersFromList.forEach((username) => {
+			void Audit.actionPerformed({ username }, { _id: objectId }, 'system', 'denied-object-access');
+		});
 		throw new OnlyCompliantCanBeAddedToRoomError();
 	}

This would provide a complete audit trail of both granted and denied access attempts.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 064f6d1 and b69fba3.

📒 Files selected for processing (6)
  • apps/meteor/app/slashcommands-invite/server/server.ts (1 hunks)
  • apps/meteor/tests/end-to-end/api/abac.ts (1 hunks)
  • ee/packages/abac/src/errors.ts (2 hunks)
  • ee/packages/abac/src/index.ts (3 hunks)
  • ee/packages/abac/src/service.spec.ts (3 hunks)
  • packages/i18n/src/locales/en.i18n.json (2 hunks)
🧰 Additional context used
📓 Path-based instructions (2)
**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

  • ee/packages/abac/src/errors.ts
  • ee/packages/abac/src/index.ts
  • apps/meteor/app/slashcommands-invite/server/server.ts
  • apps/meteor/tests/end-to-end/api/abac.ts
  • ee/packages/abac/src/service.spec.ts
**/*.spec.ts

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.spec.ts: Use descriptive test names that clearly communicate expected behavior in Playwright tests
Use .spec.ts extension for test files (e.g., login.spec.ts)

Files:

  • ee/packages/abac/src/service.spec.ts
🧠 Learnings (15)
📓 Common learnings 
Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37377
File: apps/meteor/ee/server/hooks/federation/index.ts:86-88
Timestamp: 2025-11-04T16:49:19.107Z
Learning: In Rocket.Chat's federation system (apps/meteor/ee/server/hooks/federation/), permission checks follow two distinct patterns: (1) User-initiated federation actions (creating rooms, adding users to federated rooms, joining from invites) should throw MeteorError to inform users they lack 'access-federation' permission. (2) Remote server-initiated federation events should silently skip/ignore when users lack permission. The beforeAddUserToRoom hook only executes for local user-initiated actions, so throwing an error there is correct. Remote federation events are handled separately by the federation Matrix package with silent skipping logic.

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.
📚 Learning: 2025-11-27T17:56:26.050Z 
Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

  • ee/packages/abac/src/errors.ts
  • ee/packages/abac/src/index.ts
  • apps/meteor/app/slashcommands-invite/server/server.ts
  • packages/i18n/src/locales/en.i18n.json
  • apps/meteor/tests/end-to-end/api/abac.ts
  • ee/packages/abac/src/service.spec.ts
📚 Learning: 2025-10-27T14:38:46.994Z 
Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

  • ee/packages/abac/src/errors.ts
  • ee/packages/abac/src/index.ts
  • apps/meteor/tests/end-to-end/api/abac.ts
📚 Learning: 2025-10-24T17:32:05.348Z 
Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37299
File: apps/meteor/ee/server/lib/ldap/Manager.ts:438-454
Timestamp: 2025-10-24T17:32:05.348Z
Learning: In Rocket.Chat, ABAC attributes can only be set on private rooms and teams (type 'p'), not on public rooms (type 'c'). Therefore, when checking for ABAC-protected rooms/teams during LDAP sync or similar operations, it's sufficient to query only private rooms using methods like `findPrivateRoomsByIdsWithAbacAttributes`.

Applied to files:

  • ee/packages/abac/src/errors.ts
  • ee/packages/abac/src/index.ts
  • apps/meteor/tests/end-to-end/api/abac.ts
  • ee/packages/abac/src/service.spec.ts
📚 Learning: 2025-11-04T16:49:19.107Z 
Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37377
File: apps/meteor/ee/server/hooks/federation/index.ts:86-88
Timestamp: 2025-11-04T16:49:19.107Z
Learning: In Rocket.Chat's federation system (apps/meteor/ee/server/hooks/federation/), permission checks follow two distinct patterns: (1) User-initiated federation actions (creating rooms, adding users to federated rooms, joining from invites) should throw MeteorError to inform users they lack 'access-federation' permission. (2) Remote server-initiated federation events should silently skip/ignore when users lack permission. The beforeAddUserToRoom hook only executes for local user-initiated actions, so throwing an error there is correct. Remote federation events are handled separately by the federation Matrix package with silent skipping logic.

Applied to files:

  • ee/packages/abac/src/index.ts
  • apps/meteor/app/slashcommands-invite/server/server.ts
📚 Learning: 2025-10-28T16:53:42.761Z 
Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37205
File: ee/packages/federation-matrix/src/FederationMatrix.ts:296-301
Timestamp: 2025-10-28T16:53:42.761Z
Learning: In the Rocket.Chat federation-matrix integration (ee/packages/federation-matrix/), the createRoom method from rocket.chat/federation-sdk will support a 4-argument signature (userId, roomName, visibility, displayName) in newer versions. Code using this 4-argument call is forward-compatible with planned library updates and should not be flagged as an error.

Applied to files:

  • ee/packages/abac/src/index.ts
  • apps/meteor/app/slashcommands-invite/server/server.ts
📚 Learning: 2025-11-07T14:50:33.544Z 
Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37423
File: packages/i18n/src/locales/en.i18n.json:18-18
Timestamp: 2025-11-07T14:50:33.544Z
Learning: Rocket.Chat settings: in apps/meteor/ee/server/settings/abac.ts, the Abac_Cache_Decision_Time_Seconds setting uses invalidValue: 0 as the fallback when ABAC is unlicensed. With a valid license, admins can still set the value to 0 to intentionally disable the ABAC decision cache.

Applied to files:

  • ee/packages/abac/src/index.ts
  • apps/meteor/tests/end-to-end/api/abac.ts
📚 Learning: 2025-12-02T22:23:49.593Z 
Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37654
File: apps/meteor/client/hooks/useAppSlashCommands.ts:32-38
Timestamp: 2025-12-02T22:23:49.593Z
Learning: In apps/meteor/client/hooks/useAppSlashCommands.ts, the `data?.forEach((command) => slashCommands.add(command))` call during render is intentional. The query is configured with `structuralSharing: false` to prevent React Query from keeping stable data references, and `slashCommands.add` is idempotent, so executing on every render is acceptable and ensures the command registry stays current.

Applied to files:

  • apps/meteor/app/slashcommands-invite/server/server.ts
📚 Learning: 2025-11-19T12:32:29.696Z 
Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37547
File: packages/i18n/src/locales/en.i18n.json:634-634
Timestamp: 2025-11-19T12:32:29.696Z
Learning: Repo: RocketChat/Rocket.Chat
Context: i18n workflow
Learning: In this repository, new translation keys should be added to packages/i18n/src/locales/en.i18n.json only; other locale files are populated via the external translation pipeline and/or fall back to English. Do not request adding the same key to all locale files in future reviews.

Applied to files:

  • packages/i18n/src/locales/en.i18n.json
📚 Learning: 2025-11-24T17:08:17.065Z 
Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Use `expect` matchers for assertions (`toEqual`, `toContain`, `toBeTruthy`, `toHaveLength`, etc.) instead of `assert` statements in Playwright tests

Applied to files:

  • apps/meteor/tests/end-to-end/api/abac.ts
  • ee/packages/abac/src/service.spec.ts
📚 Learning: 2025-11-24T17:08:17.065Z 
Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Prefer web-first assertions (`toBeVisible`, `toHaveText`, etc.) in Playwright tests

Applied to files:

  • apps/meteor/tests/end-to-end/api/abac.ts
📚 Learning: 2025-11-24T17:08:17.065Z 
Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Ensure tests run reliably in parallel without shared state conflicts

Applied to files:

  • apps/meteor/tests/end-to-end/api/abac.ts
  • ee/packages/abac/src/service.spec.ts
📚 Learning: 2025-11-24T17:08:17.065Z 
Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to apps/meteor/tests/e2e/**/*.spec.ts : Utilize Playwright fixtures (`test`, `page`, `expect`) for consistency in test files

Applied to files:

  • apps/meteor/tests/end-to-end/api/abac.ts
  • ee/packages/abac/src/service.spec.ts
📚 Learning: 2025-11-24T17:08:17.065Z 
Learnt from: CR
Repo: RocketChat/Rocket.Chat PR: 0
File: .cursor/rules/playwright.mdc:0-0
Timestamp: 2025-11-24T17:08:17.065Z
Learning: Applies to **/*.spec.ts : Use descriptive test names that clearly communicate expected behavior in Playwright tests

Applied to files:

  • ee/packages/abac/src/service.spec.ts
📚 Learning: 2025-12-10T21:00:43.645Z 
Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37091
File: ee/packages/abac/jest.config.ts:4-7
Timestamp: 2025-12-10T21:00:43.645Z
Learning: Adopt the monorepo-wide Jest testMatch pattern: <rootDir>/src/**/*.spec.{ts,js,mjs} (represented here as '**/src/**/*.spec.{ts,js,mjs}') to ensure spec files under any package's src directory are picked up consistently across all packages in the Rocket.Chat monorepo. Apply this pattern in jest.config.ts for all relevant packages to maintain uniform test discovery.

Applied to files:

  • ee/packages/abac/src/service.spec.ts
🧬 Code graph analysis (1)
ee/packages/abac/src/index.ts (1)
ee/packages/abac/src/errors.ts (1)
  • OnlyCompliantCanBeAddedToRoomError (89-93)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: 🔨 Test UI (CE) / MongoDB 8.2 (1/4)
  • GitHub Check: 🔨 Test UI (EE) / MongoDB 8.2 [legacy watchers] coverage (2/5)
🔇 Additional comments (5)
apps/meteor/tests/end-to-end/api/abac.ts (1)

1564-1564: LGTM! Test assertion updated to match new error payload structure.

The test now correctly validates the errorType field with the new standardized error code error-only-compliant-users-can-be-added-to-abac-rooms, which is more descriptive than the previous error message check.

ee/packages/abac/src/service.spec.ts (2)

1079-1091: LGTM! Test updated to validate new error structure.

The test now correctly expects a code field with value error-only-compliant-users-can-be-added-to-abac-rooms instead of the previous error/message/details structure, aligning with the new OnlyCompliantCanBeAddedToRoomError class.

1119-1121: LGTM! Consistent error validation.

The assertion correctly validates the error code in the rejection scenario, maintaining consistency with the other updated test case.

ee/packages/abac/src/errors.ts (1)

12-12: LGTM! Well-structured error handling.

The new OnlyCompliantCanBeAddedToRoomError class and corresponding error code follow the established patterns in this file. The error code is descriptive and will serve as the i18n key for user-facing messages.

Also applies to: 89-93

ee/packages/abac/src/index.ts (1)

28-28: LGTM! Correct import for the new error class.

@KevLehman KevLehman merged commit 7ace894 into feat/abac Dec 17, 2025
109 of 118 checks passed
@KevLehman KevLehman deleted the fix/invite-message branch December 17, 2025 17:18
MartinSchoeler pushed a commit that referenced this pull request Dec 17, 2025
@KevLehman @MartinSchoeler
fix: Wrong invite error message (#37851)
bd28882
This was referenced Dec 18, 2025
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@tassoevan tassoevan tassoevan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@KevLehman @tassoevan @ggazzo