Skip to content

feat: role-targeted expiration messages#7448

Open
jeanfbrito wants to merge 3 commits into
developfrom
feat/supported-versions-role-targeted-messages
Open

feat: role-targeted expiration messages#7448
jeanfbrito wants to merge 3 commits into
developfrom
feat/supported-versions-role-targeted-messages

Conversation

@jeanfbrito

@jeanfbrito jeanfbrito commented Jun 26, 2026

Copy link
Copy Markdown
Member

Jira: ARCH-2192

Proposal

Honor the optional roles field on supportedVersions messages so the signed payload can restrict a version-expiration warning to specific roles (e.g. workspace admins), instead of showing it to every logged-in user.

This is the mobile side of the same contract change shipped on desktop in RocketChat/Rocket.Chat.Electron#3371. The supportedVersions payload is a shared contract (produced by cloud, consumed by desktop and mobile); this PR makes mobile respect the roles field too.

Behavior

  • roles omitted or empty → message shown to everyone. Keeps current behavior; the field is backward compatible.
  • roles present → message shown only to users whose roles intersect the list.
  • roles present but the client doesn't know the user's roles → message is not shown (honors the restriction).

Why mobile is simpler than desktop

The desktop app had no notion of user role, so most of #3371 was plumbing to acquire roles — a setUserRoles bridge, a /api/v1/me REST fallback, a WEBVIEW_USER_ROLES_CHANGED action + reducer, and a per-server userRoles field.

Mobile is the native client and already has the logged-in user's roles in Redux (state.login.user.roles, also persisted in the WatermelonDB User model). So none of that plumbing is needed — only the two pieces that matter port over: the roles type field and the role-filtering of expiration messages.

Changes

  • TSVMessage.roles?: string[]app/definitions/IServer.ts
  • messageMatchesUserRoles filter + a userRoles param threaded through getMessage and both checkSupportedVersions branches (normal + enforcement-start-date) — app/lib/methods/checkSupportedVersions.ts
  • Source the current user's roles from the Redux login state at the single saga call site (getServerInfoSaga) — app/sagas/selectServer.ts
  • Tests: getMessage role filtering + checkSupportedVersions role targeting (7 new cases) — app/lib/methods/checkSupportedVersions.test.ts

Notes

  • Filtering is client-side UX, not a security boundary.
  • checkSupportedVersions runs once per server-select/resume and stores the result in the supportedVersions Redux slice. On the resume path setUser runs before the check, so roles are available. On a first-ever fresh login roles may not yet be populated, in which case a role-targeted message surfaces on the next launch — consistent with desktop's async-roles semantics and acceptable for a non-urgent deprecation notice.
  • The roles field on the shared supportedVersions contract should be agreed centrally so all clients honor it; this is the mobile side, matching the desktop change in Invalid regular expression: Quantifier has nothing to repeat Error on Xcode 12.5 #3371.

Verification

  • `pnpm tsc` clean
  • `eslint` clean on changed files
  • `TZ=UTC pnpm test --testPathPattern='checkSupportedVersions'` → 45 passed (incl. 7 new)

Summary by CodeRabbit

  • New Features

    • Version warnings and notices can now be targeted to specific user roles.
    • Role-targeted messages are shown only when the user’s roles intersect; untargeted messages still display to everyone.
  • Bug Fixes

    • Role targeting is applied consistently for both standard version checks and enforcement-related warnings, including the enforcement-start-date override behavior.
  • Tests

    • Added coverage to verify role-targeted selection, warning behavior, and grace/enforcement timing for targeted vs non-targeted users.

@coderabbitai

coderabbitai Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a4bb7875-7d92-4c2f-9e19-8629068dc514

📥 Commits

Reviewing files that changed from the base of the PR and between fd8abff and 2979875.

⛔ Files ignored due to path filters (1)
  • app/containers/markdown/__snapshots__/Markdown.test.tsx.snap is excluded by !**/*.snap
📒 Files selected for processing (2)
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts
🚧 Files skipped from review as they are similar to previous changes (2)
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts

Walkthrough

The PR adds role-based visibility to supported-version messages, passes user roles into version checks, and expands tests for role-targeted selection and enforcement behavior.

Changes

Role-targeted supported-version messages

Layer / File(s) Summary
Message roles and filtering
app/definitions/IServer.ts, app/lib/methods/checkSupportedVersions.ts
TSVMessage adds optional roles, getMessage filters by userRoles, and checkSupportedVersions accepts and forwards userRoles into message lookup.
Saga role wiring
app/sagas/selectServer.ts
getServerInfoSaga reads state.login.user.roles and includes userRoles in the checkSupportedVersions call.
Role-targeting tests
app/lib/methods/checkSupportedVersions.test.ts
Tests cover getMessage role matching and checkSupportedVersions warn/supported outcomes, including enforcement-window behavior.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant getServerInfoSaga
  participant ReduxState
  participant checkSupportedVersions
  participant getMessage

  getServerInfoSaga->>ReduxState: read state.login.user.roles
  getServerInfoSaga->>checkSupportedVersions: supportedVersions, serverVersion, userRoles
  checkSupportedVersions->>getMessage: filter messages by userRoles
  getMessage-->>checkSupportedVersions: selected message or none
  checkSupportedVersions-->>getServerInfoSaga: supported or warn result
Loading

Suggested labels: type: feature

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely describes the main change: role-targeted expiration messages.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)
  • ARCH-2192: Request failed with status code 401

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
app/lib/methods/checkSupportedVersions.ts (1)

80-90: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Derive the enforcement-path status from enforcementMessage.

Line 80 always returns status: 'warn', even when role filtering removes the message. That means a user outside the targeted roles can still get the warning state during the enforcementStartDate grace period, which contradicts the new visibility contract.

Suggested fix
 	if (status === 'expired' && sv?.enforcementStartDate && new Date(sv.enforcementStartDate) > new Date()) {
 		const enforcementMessage = getMessage({
 			messages,
 			expiration: sv.enforcementStartDate,
 			userRoles
 		});
+		const enforcementStatus = getStatus({ message: enforcementMessage, expiration: sv.enforcementStartDate });
 		return {
-			status: 'warn',
+			status: enforcementStatus,
 			message: enforcementMessage,
 			i18n: enforcementMessage ? sv?.i18n : undefined,
 			expiration: sv.enforcementStartDate
 		};
 	}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@app/lib/methods/checkSupportedVersions.ts` around lines 80 - 90, The
enforcement branch in checkSupportedVersions should derive the returned status
from the result of getMessage instead of always forcing warn. In the
expired/enforcementStartDate path, use the enforcementMessage outcome to decide
whether the user should see a warning or remain in the non-warning state when
role filtering removes the message, and keep the returned message/i18n fields
aligned with that decision.
🧹 Nitpick comments (1)
app/lib/methods/checkSupportedVersions.test.ts (1)

523-555: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Add the explicit roles: [] case.

The new contract treats omitted and empty roles the same, but this suite only covers omission. A focused buildMessages([]) assertion would lock down that backward-compatibility branch too.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@app/lib/methods/checkSupportedVersions.test.ts` around lines 523 - 555, The
getMessage coverage in checkSupportedVersions.test.ts only verifies the omitted
roles case, so add an explicit assertion using buildMessages([]) to confirm
empty roles behaves the same as no roles. Update the existing test block around
buildMessages and the getMessage expectations to include a case that passes an
empty roles array and verifies the message is shown to everyone, preserving the
backward-compatibility contract.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@app/lib/methods/checkSupportedVersions.ts`:
- Around line 80-90: The enforcement branch in checkSupportedVersions should
derive the returned status from the result of getMessage instead of always
forcing warn. In the expired/enforcementStartDate path, use the
enforcementMessage outcome to decide whether the user should see a warning or
remain in the non-warning state when role filtering removes the message, and
keep the returned message/i18n fields aligned with that decision.

---

Nitpick comments:
In `@app/lib/methods/checkSupportedVersions.test.ts`:
- Around line 523-555: The getMessage coverage in checkSupportedVersions.test.ts
only verifies the omitted roles case, so add an explicit assertion using
buildMessages([]) to confirm empty roles behaves the same as no roles. Update
the existing test block around buildMessages and the getMessage expectations to
include a case that passes an empty roles array and verifies the message is
shown to everyone, preserving the backward-compatibility contract.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a825ae0c-b9b0-4c30-a8d7-fd3716cd0562

📥 Commits

Reviewing files that changed from the base of the PR and between a8c4899 and b86b121.

📒 Files selected for processing (4)
  • app/definitions/IServer.ts
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts
  • app/sagas/selectServer.ts
📜 Review details
⏰ Context from checks skipped due to timeout. (1)
  • GitHub Check: ESLint and Test / run-eslint-and-test
🧰 Additional context used
📓 Path-based instructions (6)
**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{js,ts,jsx,tsx}: Use descriptive names for functions, variables, and classes that clearly convey their purpose
Write comments that explain the 'why' behind code decisions, not the 'what'
Keep functions small and focused on a single responsibility
Use const by default, let when reassignment is needed, and avoid var
Prefer async/await over .then() chains for handling asynchronous operations
Use explicit error handling with try/catch blocks for async operations
Avoid deeply nested code; refactor complex logic into helper functions

Files:

  • app/definitions/IServer.ts
  • app/sagas/selectServer.ts
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts
**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Use TypeScript for type safety; add explicit type annotations to function parameters and return types
Prefer interfaces over type aliases for defining object shapes in TypeScript
Use enums for sets of related constants rather than magic strings or numbers

Use TypeScript with strict mode enabled

Files:

  • app/definitions/IServer.ts
  • app/sagas/selectServer.ts
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts
**/*.{js,jsx,ts,tsx,json}

📄 CodeRabbit inference engine (CLAUDE.md)

Use Prettier formatting with tabs, single quotes, 130 character line width, no trailing commas, and avoid arrow function parentheses

Files:

  • app/definitions/IServer.ts
  • app/sagas/selectServer.ts
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts
**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Enforce ESLint rules from @rocket.chat/eslint-config with React, React Native, TypeScript, and Jest plugins

Files:

  • app/definitions/IServer.ts
  • app/sagas/selectServer.ts
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts
app/definitions/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Place shared TypeScript type definitions in 'app/definitions/' directory

Files:

  • app/definitions/IServer.ts
app/sagas/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Place sagas in 'app/sagas/' directory for handling side effects

Files:

  • app/sagas/selectServer.ts
🧠 Learnings (2)
📚 Learning: 2026-04-30T17:07:51.020Z
Learnt from: diegolmello
Repo: RocketChat/Rocket.Chat.ReactNative PR: 7274
File: app/lib/services/voip/MediaCallEvents.ts:0-0
Timestamp: 2026-04-30T17:07:51.020Z
Learning: In this Rocket.Chat React Native codebase, the ESLint rule `no-void: error` is enforced. When you see a promise returned from an async call that is not awaited (a “floating promise”), do not silence it with the `void somePromise()` pattern. Instead, handle the promise explicitly by attaching `.catch(...)` (or otherwise awaiting/handling the error) so unhandled-rejection risks are addressed in a way that satisfies the existing ESLint configuration.

Applied to files:

  • app/definitions/IServer.ts
  • app/sagas/selectServer.ts
  • app/lib/methods/checkSupportedVersions.test.ts
  • app/lib/methods/checkSupportedVersions.ts
📚 Learning: 2026-06-25T18:37:25.526Z
Learnt from: diegolmello
Repo: RocketChat/Rocket.Chat.ReactNative PR: 7434
File: app/views/ScreenLockConfigView.test.tsx:16-22
Timestamp: 2026-06-25T18:37:25.526Z
Learning: In Rocket.Chat ReactNative tests that mock selectors for `useAppSelector`, don’t require the mocked selector input to be typed as `IApplicationState` when the fixture only includes a partial Redux state slice (e.g., only `server` and `settings`). Requiring the full `IApplicationState` type in that scenario forces unsafe `as IApplicationState` casts and undermines type-safety. For these narrowly scoped selector-mock fixtures, use a less strict type (e.g., `any`) to keep the mock focused on the slice under test.

Applied to files:

  • app/lib/methods/checkSupportedVersions.test.ts

Honor the optional `roles` field on supportedVersions messages so a
version-expiration warning can be restricted to specific roles (e.g.
workspace admins) instead of every logged-in user.

- TSVMessage.roles?: string[]
- messageMatchesUserRoles filter threaded through getMessage and both
  checkSupportedVersions branches (normal + enforcement)
- source current user roles from redux login state at the saga call site
- tests: getMessage role filtering + checkSupportedVersions targeting

Mobile side of Rocket.Chat.Electron#3371. No role-acquisition plumbing
needed (bridge/REST/reducer) since mobile already has user roles natively.
@diegolmello diegolmello force-pushed the feat/supported-versions-role-targeted-messages branch from b86b121 to fd8abff Compare July 1, 2026 14:29
@diegolmello diegolmello temporarily deployed to approve_e2e_testing July 1, 2026 14:29 — with GitHub Actions Inactive
@diegolmello diegolmello changed the title feat(supportedVersions): role-targeted expiration messages feat: role-targeted expiration messages Jul 1, 2026
…window

The enforcement-start-date branch returned status 'warn' unconditionally. When a role-targeted expiration message was filtered out for a non-targeted user, it returned warn with an undefined message, surfacing an 'update required' indicator (sidebar item + header badge) that opened a blank sheet. Return 'supported' when no eligible enforcement message exists, so non-targeted members keep using the app with no warning and are not disconnected during the grace window.

Claude-Session: https://claude.ai/code/session_01D7nAgeJHNRgjeerGn4YHCV
The relative-time render drifted from 'a year ago' to '2 years ago'. Unrelated to the role-targeting change; refreshes the stale snapshot so CI is green.

Claude-Session: https://claude.ai/code/session_01D7nAgeJHNRgjeerGn4YHCV
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

iOS Build Available

Rocket.Chat 4.75.0.109255

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants