fix: Allow room owners to edit retention policy

[Hemang360]

Proposed changes (including videos or screenshots)

Room owners were unable to modify retention policy settings even when the 'edit-room-retention-policy' permission was assigned to the Owner role in admin settings. This occurred because the permission check used a room-scoped
query (room._id), but "Owner" is a room-level role rather than a global one, causing the scoped permission check to fail.

retentionpolicy.mp4

Issue(s)

Closes #37308

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes
  • Room owners can now edit retention policy settings regardless of explicit permissions.
  • Retention policy options now display when retention policies are configured for the room.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4440ad7

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The pull request modifies retention policy editing logic across three related files in the room information editor. Changes include updating guard conditions to check for retention policy object existence, adding room subscription-based ownership checks, and allowing room owners to edit retention settings alongside explicit permission checks.

Changes

Cohort / File(s)	Change Summary
Retention policy editing logic apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/EditRoomInfo.tsx, apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomInitialValues.ts, apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomPermissions.ts	Modified guard conditions for retention policy visibility and editability. Changed from checking retentionPolicy?.enabled to retentionPolicy !== undefined in display logic. Added room subscription import and derived isRoomOwner from subscription roles. Updated permission check to allow editing when either explicit retention permission exists OR user is room owner.

Sequence Diagram

sequenceDiagram
    participant Component as EditRoomInfo
    participant Permissions as useEditRoomPermissions
    participant InitialValues as useEditRoomInitialValues
    participant Subscription as useRoomSubscription

    rect rgb(240, 248, 255)
    Note over Component,Subscription: Permission & Ownership Check
    
    Permissions->>Subscription: Get room subscription
    Subscription-->>Permissions: subscription.roles
    
    Permissions->>Permissions: Derive isRoomOwner from roles
    Permissions->>Permissions: Check hasRetentionPermission
    Permissions->>Permissions: canEditRetentionPolicy = <br/>hasRetentionPermission || isRoomOwner
    Permissions-->>Component: Permissions ready
    end
    
    rect rgb(255, 250, 240)
    Note over Component,InitialValues: Initial Values Setup
    
    InitialValues->>Subscription: Get room subscription
    InitialValues->>InitialValues: Check retentionPolicy exists<br/>(not just enabled)
    InitialValues-->>Component: Initial values with retention data
    end
    
    rect rgb(245, 255, 245)
    Note over Component: Display Retention UI
    
    Component->>Component: Show Retention section if<br/>retentionPolicy !== undefined
    Component->>Component: Enable editing if<br/>canEditRetentionPolicy
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Permission logic changes: The modification from explicit permission checks to hasRetentionPermission || isRoomOwner affects access control and should be verified for security implications
• Guard condition changes: Verify that displaying retention UI based on object existence (rather than enabled flag) aligns with intended behavior across all scenarios
• Subscription dependency: Review the addition of useRoomSubscription to ensure it's properly memoized and doesn't introduce unnecessary re-renders

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• dougfabris

Poem

🐰 A room owner claims their throne,
With policies both worn and shown,
No permission slip required to stay,
Retention rules now bend their way,
The subscription unlocks the gate,
Where ownership decides the fate! 🔐

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "fix: Allow room owners to edit retention policy" directly and accurately describes the primary change across all three modified files. The changes consistently implement a mechanism to allow room owners to edit retention policy settings by deriving ownership status from room subscription roles and creating a dual permission check (permission OR owner status). The title is clear, specific, and uses appropriate prefixing ("fix:") to indicate a bug fix. It avoids vague language and provides sufficient context for teammates reviewing the commit history to understand the key change at a glance.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomInitialValues.ts (2)

37-40: Consider extracting the room owner check logic to a shared hook.

The logic for determining isRoomOwner and canEditRoomRetentionPolicy is duplicated in useEditRoomPermissions.ts (lines 15, 33-35). Consider extracting this to a shared hook like useCanEditRoomRetentionPolicy(room) to follow DRY principles and ensure consistency.

Example refactor:

// hooks/useCanEditRoomRetentionPolicy.ts
export const useCanEditRoomRetentionPolicy = (room: IRoom) => {
  const subscription = useRoomSubscription();
  const hasRetentionPermission = usePermission('edit-room-retention-policy', room._id);
  const isRoomOwner = Boolean(subscription?.roles?.includes('owner'));
  return hasRetentionPermission || isRoomOwner;
};

Then use it in both files:

-const subscription = useRoomSubscription();
-const hasRetentionPermission = usePermission('edit-room-retention-policy', room._id);
-const isRoomOwner = Boolean(subscription?.roles?.includes('owner'));
-const canEditRoomRetentionPolicy = hasRetentionPermission || isRoomOwner;
+const canEditRoomRetentionPolicy = useCanEditRoomRetentionPolicy(room);

---

84-86: Minor: Redundant dependency in memoization array.

Line 85 includes subscription in the dependency array, but line 84 already includes canEditRoomRetentionPolicy, which is derived from subscription. While not incorrect, including subscription is technically redundant since React will already re-compute when canEditRoomRetentionPolicy changes.

That said, keeping it explicit may improve code clarity, so this is just a minor observation.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 688786a and 4440ad7.

📒 Files selected for processing (3)

• apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/EditRoomInfo.tsx (1 hunks)
• apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomInitialValues.ts (4 hunks)
• apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomPermissions.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomPermissions.ts (2)

packages/core-typings/src/IRoom.ts (2)

• IRoom (21-95)
• IRoomWithRetentionPolicy (404-413)

packages/ui-contexts/src/index.ts (1)

• usePermission (55-55)

🔇 Additional comments (3)

apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomInitialValues.ts (1)

60-68: LGTM! Guard change correctly enables retention policy editing.

The change from retentionPolicy?.enabled to retentionPolicy && is correct and aligns with the PR objective. This allows room owners to see and enable retention policy settings even when the policy exists but is currently disabled.

apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/useEditRoomPermissions.ts (1)

15-15: LGTM! Room owner check logic is correct.

The implementation correctly allows room owners to edit retention policy alongside users with explicit permission. This addresses the PR objective where room-level "Owner" role wasn't being recognized by room-scoped permission checks.

Note: Code duplication with useEditRoomInitialValues.ts (lines 37-40) has been flagged separately with a refactoring suggestion.

Also applies to: 33-35

apps/meteor/client/views/room/contextualBar/Info/EditRoomInfo/EditRoomInfo.tsx (1)

232-232: LGTM! Retention policy UI now visible for configuration.

The change from retentionPolicy?.enabled to retentionPolicy !== undefined correctly allows the retention policy UI to be shown whenever a retention policy object exists, even if currently disabled. This enables room owners to view and enable retention settings, which aligns with the PR objective.