regression(ABAC): Improve errors on attribute form

[MartinSchoeler]

Proposed changes (including videos or screenshots)

Issue(s)

ABAC-111

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes

  • Improved error handling when saving ABAC attributes: specific invalid-parameter errors now show a clear, localized validation notification instead of a generic message.

• Localization

  • Added a new localized message for invalid ABAC attributes to provide a user-friendly validation explanation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 181527b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The ABAC attribute save mutation's onError now accepts a typed error object ({ errorType, error }) and maps errorType === "invalid-params" to the new localized key ABAC_Invalid_attribute; a new English translation string was added.

Changes

Cohort / File(s)	Summary
Error handling apps/meteor/client/views/admin/ABAC/ABACAttributesTab/AttributesContextualBar.tsx	Changed mutation onError signature to { errorType: string; error: string }; when errorType === 'invalid-params' show translated ABAC_Invalid_attribute, otherwise display raw error.
Localization packages/i18n/src/locales/en.i18n.json	Added ABAC_Invalid_attribute: "Invalid characters in attribute name or values".

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• regression: ABAC table & form fixes #37782 — touches the same AttributesContextualBar save-mutation handlers; likely overlapping changes.
• regression(ABAC): list not updating when room change #37952 — modifies save-mutation/onSettled behavior in the same component; related at code-level.
• regression(ABAC): Adjust forms spacing and accessibility. #37872 — adjusts cache invalidation around the same save handlers; potentially overlapping.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• tassoevan
• KevLehman

Poem

🐰
I hopped across the error trail,
Swapped vague replies for a clearer tale.
When names contain a hidden space,
I gently point to the proper place. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'regression(ABAC): Improve errors on attribute form' clearly describes the main change—improving error messages in the ABAC attribute form validation.
Linked Issues check	✅ Passed	The changes address ABAC-111 ABAC-111 by replacing unclear 'must match pattern' errors with a user-friendly localized message 'Invalid characters in attribute name or values' when validation fails.
Out of Scope Changes check	✅ Passed	All changes are scoped to ABAC attribute error handling: improved error handling in AttributesContextualBar.tsx and a new localization key for the validation message in en.i18n.json.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch reg-abac-msg

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d21970c and 181527b.

📒 Files selected for processing (1)

• packages/i18n/src/locales/en.i18n.json

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/i18n/src/locales/en.i18n.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.61%. Comparing base (5b23623) to head (181527b).
⚠️ Report is 2 commits behind head on release-8.0.0.

Additional details and impacted files

@@                Coverage Diff                @@
##           release-8.0.0   #37982      +/-   ##
=================================================
- Coverage          70.64%   70.61%   -0.04%     
=================================================
  Files               3145     3145              
  Lines             108718   108725       +7     
  Branches           19554    19551       -3     
=================================================
- Hits               76808    76777      -31     
- Misses             29901    29948      +47     
+ Partials            2009     2000       -9     

Flag	Coverage Δ
e2e	60.15% <ø> (+0.01%)	⬆️
e2e-api	48.57% <ø> (+1.07%)	⬆️
unit	71.69% <ø> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.1GiB	1.1GiB	+11MiB
rocketchat	355MiB	345MiB	+11MiB
omnichannel-transcript-service	132MiB	132MiB	+3.0KiB
queue-worker-service	132MiB	132MiB	-1.1KiB
ddp-streamer-service	126MiB	126MiB	+1.7KiB
account-service	113MiB	113MiB	+3.2KiB
authorization-service	111MiB	111MiB	-22KiB
presence-service	111MiB	111MiB	+13KiB

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 22:18", "12/17 21:04", "12/18 23:12", "12/19 23:27", "12/20 21:03", "12/22 18:54", "12/23 16:16", "12/24 19:38", "12/25 17:51", "12/26 13:18", "12/29 19:01", "12/30 16:30 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]

Loading

Statistics (last 30 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.4GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.1GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37982
• Baseline: develop
• Timestamp: 2025-12-30 16:30:18 UTC
• Historical data points: 30

---

Updated: Tue, 30 Dec 2025 16:30:19 GMT

[cubic-dev-ai]

1 issue found across 2 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="apps/meteor/client/views/admin/ABAC/ABACAttributesTab/AttributesContextualBar.tsx">

<violation number="1" location="apps/meteor/client/views/admin/ABAC/ABACAttributesTab/AttributesContextualBar.tsx:78">
P1: In the else branch, the entire `error` object is passed as the message instead of `error.error`. Given the type annotation `{ errorType: string; error: string }`, the actual error message string is in `error.error`. This will likely display `[object Object]` to users instead of the meaningful error message.</violation>
</file>

_{Reply to cubic to teach it or ask questions. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0bb2a33 and 9074c7e.

📒 Files selected for processing (2)

• apps/meteor/client/views/admin/ABAC/ABACAttributesTab/AttributesContextualBar.tsx
• packages/i18n/src/locales/en.i18n.json

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/admin/ABAC/ABACAttributesTab/AttributesContextualBar.tsx

🧠 Learnings (3)

📓 Common learnings

Learnt from: aleksandernsilva
Repo: RocketChat/Rocket.Chat PR: 36974
File: apps/meteor/client/components/Omnichannel/OutboundMessage/components/OutboundMessageWizard/forms/MessageForm/MessageForm.tsx:124-129
Timestamp: 2025-09-18T17:32:33.969Z
Learning: The ARIA mismatch issue in MessageForm's template field (where FieldError id used templateId instead of messageFormId) was addressed in PR #36972 through refactoring the template field into a separate TemplateField component, which uses consistent templateFieldId for both aria-describedby and FieldError id.

📚 Learning: 2025-11-27T17:56:26.050Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37557
File: apps/meteor/client/views/admin/ABAC/AdminABACRooms.tsx:115-116
Timestamp: 2025-11-27T17:56:26.050Z
Learning: In Rocket.Chat, the GET /v1/abac/rooms endpoint (implemented in ee/packages/abac/src/index.ts) only returns rooms where abacAttributes exists and is not an empty array (query: { abacAttributes: { $exists: true, $ne: [] } }). Therefore, in components consuming this endpoint (like AdminABACRooms.tsx), room.abacAttributes is guaranteed to be defined for all returned rooms, and optional chaining before calling array methods like .join() is sufficient without additional null coalescing.

Applied to files:

• apps/meteor/client/views/admin/ABAC/ABACAttributesTab/AttributesContextualBar.tsx

📚 Learning: 2025-10-27T14:38:46.994Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37303
File: apps/meteor/tests/end-to-end/api/abac.ts:1125-1137
Timestamp: 2025-10-27T14:38:46.994Z
Learning: In Rocket.Chat ABAC feature, when ABAC is disabled globally (ABAC_Enabled setting is false), room-level ABAC attributes are not evaluated when changing room types. This means converting a private room to public will succeed even if the room has ABAC attributes, as long as the global ABAC setting is disabled.

Applied to files:

• packages/i18n/src/locales/en.i18n.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer
• GitHub Check: cubic · AI code reviewer

🔇 Additional comments (1)

packages/i18n/src/locales/en.i18n.json (1)

86-86: New ABAC error string looks consistent and clear

Key prefix, placement near other ABAC strings, and wording all look good and address the “must match pattern” regression with a more user-friendly message. No issues from an i18n standpoint here.