regression: private room access denial shows delayed generic error

[cardoso]

Proposed changes (including videos or screenshots)

Opening a private room the current user cannot access was retrying the server call 4× (with exponential backoff up to 12s total) and then rendering a generic error screen with the raw "No permission" message, instead of the room-not-found/no-access screen shown in 8.5.1.

Issue(s)

CORE-2356

Steps to test or reproduce

1. Log in as User A, create a private channel private-channel. Do not add User B.
2. Log in as User B.
3. Open /group/private-channel directly in the browser.

Expected (and now actual): the room-not-found/no-access screen renders immediately, matching 8.5.1.
Before this PR: ~12s of retries, then a generic Error layout with the raw "No permission" message.

Further comments

Unit tests in useOpenRoom.spec.ts cover the three relevant paths:

• error-no-permission → RoomNotFoundError, method called exactly once (regression check — fails on the pre-fix code with a 1s retry delay before failing).
• error-invalid-room on a non-DM → RoomNotFoundError, method called exactly once (PR fix: retry transient errors when opening a room #40991 behavior preserved).
• Generic transient Error → retried, succeeds on the second attempt (PR fix: retry transient errors when opening a room #40991 retry behavior preserved).

Summary by CodeRabbit

• Bug Fixes
  • Improved room opening behavior when access is denied or a room is invalid, so these cases now show as not found instead of failing unexpectedly.
  • Added better handling for temporary lookup errors, allowing the app to retry and open the room successfully on a later attempt.
  • Expanded test coverage for room-opening error handling and retry behavior.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: f63b860

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

useOpenRoom's queryFn catch block now extracts errorCode and maps error-no-permission to RoomNotFoundError (previously only error-invalid-room was mapped). Three tests are added covering error-no-permission, error-invalid-room, and transient-error retry behavior.

useOpenRoom error classification

Layer / File(s)	Summary
Error handling and tests apps/meteor/client/views/room/hooks/useOpenRoom.ts, apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts	errorCode is extracted from the caught error; error-no-permission is now mapped to RoomNotFoundError alongside error-invalid-room. New tests assert both codes produce RoomNotFoundError without retry, and that unclassified errors trigger a retry that eventually succeeds.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• RocketChat/Rocket.Chat#40991: Modifies the same useOpenRoom.ts hook's error classification and RoomNotFoundError mapping logic.

Suggested labels

type: bug

Suggested reviewers

• ggazzo
• juliajforesti

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main regression fix around private room access denial and the delayed generic error.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• CORE-2356: Request failed with status code 401

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release-8.6.0@5857fb0). Learn more about missing BASE report.

Additional details and impacted files

@@               Coverage Diff                @@
##             release-8.6.0   #41099   +/-   ##
================================================
  Coverage                 ?   70.19%           
================================================
  Files                    ?     3371           
  Lines                    ?   130425           
  Branches                 ?    22616           
================================================
  Hits                     ?    91548           
  Misses                   ?    35567           
  Partials                 ?     3310           

Flag	Coverage Δ
unit	70.14% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

🧹 Nitpick comments (1)

apps/meteor/client/views/room/hooks/useOpenRoom.ts (1)

83-84: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Remove the new inline implementation comment.

The branch is already clear from the condition and thrown error, and this file pattern avoids implementation comments.

As per coding guidelines, "Avoid code comments in the implementation."

Suggested cleanup

-				// "No permission" means the room exists but the user can't see it — surface the
-				// not-found/no-access screen rather than retrying it as a transient failure.
 				if (errorCode === 'error-no-permission') {
 					throw new RoomNotFoundError(undefined, { type, reference });
 				}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/meteor/client/views/room/hooks/useOpenRoom.ts` around lines 83 - 84,
Remove the inline implementation comment from useOpenRoom; the branch logic and
thrown error already make the behavior clear. Keep the existing conditional flow
in useOpenRoom and preserve the current no-permission handling, but delete the
comment so the file follows the no-implementation-comments guideline.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@apps/meteor/client/views/room/hooks/useOpenRoom.ts`:
- Around line 83-84: Remove the inline implementation comment from useOpenRoom;
the branch logic and thrown error already make the behavior clear. Keep the
existing conditional flow in useOpenRoom and preserve the current no-permission
handling, but delete the comment so the file follows the
no-implementation-comments guideline.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 366bc9a9-e71c-427a-a078-ffcf76960258

📥 Commits

Reviewing files that changed from the base of the PR and between 5857fb0 and f63b860.

📒 Files selected for processing (2)

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts
• apps/meteor/client/views/room/hooks/useOpenRoom.ts

📜 Review details

⏰ Context from checks skipped due to timeout. (3)

• GitHub Check: cubic · AI code reviewer
• GitHub Check: Hacktron Security Check
• GitHub Check: 🔨 Test UI (EE) / MongoDB 8.0 coverage (5/5)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts
• apps/meteor/client/views/room/hooks/useOpenRoom.ts

**/*.spec.ts

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.spec.ts: Use descriptive test names that clearly communicate expected behavior in Playwright tests
Use .spec.ts extension for test files (e.g., login.spec.ts)

Files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts

🧠 Learnings (7)

📚 Learning: 2026-02-10T16:32:42.586Z

Learnt from: tassoevan
Repo: RocketChat/Rocket.Chat PR: 38528
File: apps/meteor/client/startup/roles.ts:14-14
Timestamp: 2026-02-10T16:32:42.586Z
Learning: In Rocket.Chat's Meteor client code, DDP streams use EJSON and Date fields arrive as Date objects; do not manually construct new Date() in stream handlers (for example, in sdk.stream()). Only REST API responses return plain JSON where dates are strings, so implement explicit conversion there if needed. Apply this guidance to all TypeScript files under apps/meteor/client to ensure consistent date handling in DDP streams and REST responses.

Applied to files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts
• apps/meteor/client/views/room/hooks/useOpenRoom.ts

📚 Learning: 2026-05-11T20:30:35.265Z

Learnt from: tassoevan
Repo: RocketChat/Rocket.Chat PR: 40480
File: apps/meteor/client/meteor/startup/accounts.ts:59-61
Timestamp: 2026-05-11T20:30:35.265Z
Learning: In Rocket.Chat’s Meteor client code, when calling `dispatchToastMessage` with `{ type: 'error' }`, pass the raw caught error object as `message` without manual normalization. `dispatchToastMessage` is designed to accept `message: unknown` for error toasts, so avoid converting errors to strings (e.g., `String(error)`) or extracting `error.message` before passing them.

Applied to files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts
• apps/meteor/client/views/room/hooks/useOpenRoom.ts

📚 Learning: 2026-02-24T19:22:48.358Z

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 38493
File: apps/meteor/tests/e2e/omnichannel/omnichannel-send-pdf-transcript.spec.ts:66-67
Timestamp: 2026-02-24T19:22:48.358Z
Learning: In Playwright end-to-end tests (e.g., under apps/meteor/tests/e2e/...), prefer locating elements by translated text (getByText) and ARIA roles (getByRole) over data-qa attributes. If translation values change, update the corresponding test locators accordingly. Never use data-qa locators. This guideline applies to all Playwright e2e test specs in the repository and helps keep tests robust to UI text changes and accessible semantics.

Applied to files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In the Rocket.Chat repository, do not reference Biome lint rules in code review feedback. Biome is not used even if biome.json exists; only reference Biome rules if there is explicit, project-wide usage documented. For TypeScript files, review lint implications without Biome guidance unless the project enables Biome rules.

Applied to files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts
• apps/meteor/client/views/room/hooks/useOpenRoom.ts

📚 Learning: 2026-02-26T19:25:44.063Z

Learnt from: gabriellsh
Repo: RocketChat/Rocket.Chat PR: 38778
File: packages/ui-voip/src/providers/useMediaSession.ts:192-192
Timestamp: 2026-02-26T19:25:44.063Z
Learning: In this repository (RocketChat/Rocket.Chat), Biome lint rules are not used even if a biome.json exists. When reviewing TypeScript files (e.g., packages/ui-voip/src/providers/useMediaSession.ts), ensure lint suggestions do not reference Biome-specific rules. Rely on general ESLint/TypeScript lint rules and project conventions instead.

Applied to files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts
• apps/meteor/client/views/room/hooks/useOpenRoom.ts

📚 Learning: 2026-03-06T18:10:15.268Z

Learnt from: tassoevan
Repo: RocketChat/Rocket.Chat PR: 39397
File: packages/gazzodown/src/code/CodeBlock.spec.tsx:47-68
Timestamp: 2026-03-06T18:10:15.268Z
Learning: In tests (especially those using testing-library/dom/jsdom) for Rocket.Chat components, the HTML <code> element has an implicit ARIA role of 'code'. Therefore, screen.getByRole('code') or screen.findByRole('code') will locate <code> elements even without a role attribute. Do not flag findByRole('code') as invalid in reviews; prefer using the implicit role instead of adding role="code" unless necessary for accessibility.

Applied to files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts

📚 Learning: 2026-05-06T12:21:44.083Z

Learnt from: juliajforesti
Repo: RocketChat/Rocket.Chat PR: 40256
File: apps/meteor/client/components/CreateDiscussion/CreateDiscussion.tsx:121-149
Timestamp: 2026-05-06T12:21:44.083Z
Learning: Field wrappers in rocket.chat/fuselage-forms (Field, FieldLabel, FieldRow, FieldError, FieldHint) auto-create htmlFor/id associations, aria-describedby, and role="alert" for errors. Do not manually set htmlFor, id, aria-describedby, or role attributes when using these wrappers. This automatic wiring does not apply to plain rocket.chat/fuselage components, which require explicit ID wiring per the accessibility docs. In code reviews, prefer using fuselage-forms wrappers for form fields and verify there is no unnecessary manual ID/aria wiring in files that use these wrappers. If a component uses plain fuselage components, ensure proper id wiring as per docs.

Applied to files:

• apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts
• apps/meteor/client/views/room/hooks/useOpenRoom.ts

🔇 Additional comments (1)

apps/meteor/client/views/room/hooks/useOpenRoom.spec.ts (1)

6-6: LGTM!

Also applies to: 81-135

[cubic-dev-ai]

No issues found across 2 files

_{Re-trigger cubic}