feat(ABAC): Add icons

[diegolmello]

Proposed changes

Adds hash-shield and team-shield icons to ABAC channels.

Note: Rooms are currently mocked until we finish backend tasks https://github.com/RocketChat/Rocket.Chat.ReactNative/pull/6758/files#diff-afc917faa092e24a0649adfc17955ceb82a7e32067cb4a696d083d5faa0f022fR37

Issue(s)

https://rocketchat.atlassian.net/browse/ABAC-75

How to test or reproduce

Screenshots

Rooms list

Room header

Room actions

Room info

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• Improvement (non-breaking change which improves a current function)
• New feature (non-breaking change which adds functionality)
• Documentation update (if none of the other choices apply)

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA
• Lint and unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works (if applicable)
• I have added necessary documentation (if applicable)
• Any dependent changes have been merged and published in downstream modules

Further comments

Summary by CodeRabbit

• New Features
  • Added new shield icons to visually indicate classified or team-restricted rooms
  • Implemented access control attribute support across room components, enabling visual indicators in room headers, room lists, and room info views
  • Shield icons now display when access control attributes are present on rooms

[coderabbitai]

Walkthrough

This pull request adds ABAC (Attribute-Based Access Control) support to the mobile app by introducing shield icons to replace text tags. Changes include database schema extensions, prop propagation across UI components, and icon selection logic in RoomTypeIcon to display team or hash shield icons when ABAC attributes are present.

Changes

Cohort / File(s)	Summary
Icon Mapping app/containers/CustomIcon/mappedIcons.js	Added two new icon mappings: hash-shield (59878) and team-shield (59877) for ABAC-related display.
Database Schema & Model app/lib/database/schema/app.js, app/lib/database/model/migrations.js, app/lib/database/model/Subscription.js, app/definitions/ISubscription.ts	Updated database schema to version 28 with new optional abac_attributes column in subscriptions table; added migration; extended Subscription model with abacAttributes field; added abacAttributes?: string[] to ISubscription interface.
RoomTypeIcon Core Logic app/containers/RoomTypeIcon/index.tsx	Added abacAttributes prop; implemented icon selection logic to prioritize shield icons (team-shield or hash-shield based on teamMain) when abacAttributes are present.
RoomTypeIcon Stories app/containers/RoomTypeIcon/RoomTypeIcon.stories.tsx	Added two new RoomTypeIcon story examples demonstrating abacAttributes with and without teamMain flag.
RoomHeader Propagation app/containers/RoomHeader/RoomHeader.tsx, app/containers/RoomHeader/index.tsx, app/containers/RoomHeader/RoomHeader.stories.tsx	Added abacAttributes prop to RoomHeader interface and container; threaded prop to child RoomTypeIcon in both standard and tmid-render paths; added story examples.
RoomItem Propagation app/containers/RoomItem/RoomItem.tsx, app/containers/RoomItem/index.tsx, app/containers/RoomItem/TypeIcon.tsx, app/containers/RoomItem/IconOrAvatar.tsx, app/containers/RoomItem/interfaces.ts, app/containers/RoomItem/RoomItem.stories.tsx	Added abacAttributes to RoomItem, TypeIcon, and IconOrAvatar component interfaces; propagated prop through all rendering branches; added optional abacAttributes properties to ITypeIconProps, IRoomItemProps, and IIconOrAvatar interfaces; added story examples.
View Layer Usage app/views/RoomView/index.tsx, app/views/RoomActionsView/index.tsx, app/views/RoomInfoView/components/RoomInfoViewTitle.tsx	Added abacAttributes prop passing to RoomHeader and RoomTypeIcon usages across room views.
Helper Function app/lib/methods/helpers/mergeSubscriptionsRooms.ts	Set placeholder abacAttributes with sample values (['Classified', 'Top Secret', 'Confidential']) on merged subscriptions; includes TODO comment to replace with real attributes.

Sequence Diagram

sequenceDiagram
    participant DB as Database
    participant Sub as Subscription Model
    participant Room as Room Components
    participant Icon as RoomTypeIcon
    participant UI as Shield Icon Display

    DB->>Sub: Load room data with abac_attributes
    Sub->>Room: Populate component props (RoomHeader/RoomItem)
    Room->>Room: Thread abacAttributes through hierarchy
    Room->>Icon: Pass abacAttributes prop
    alt abacAttributes present
        Icon->>Icon: Select shield icon<br/>(team-shield or hash-shield)
    else abacAttributes absent
        Icon->>Icon: Select standard icon<br/>(based on teamMain)
    end
    Icon->>UI: Render selected icon

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Primary focus areas:
  • Database migration logic in app/lib/database/model/migrations.js and schema versioning in app/lib/database/schema/app.js to ensure backward compatibility
  • Icon selection logic in app/containers/RoomTypeIcon/index.tsx to verify conditional precedence (abacAttributes over teamMain) is correct
  • Placeholder data in app/lib/methods/helpers/mergeSubscriptionsRooms.ts (TODO comment suggests this is temporary; verify whether this blocks production or is acceptable)
  • Type safety across prop propagation chain (verify ISubscription['abacAttributes'] usage is consistent across all interfaces)

Poem

🛡️ A shield emerges from the database deep,
Through props it travels, secrets to keep,
No more plain text tags cluttering the view,
ABAC icons now shiny and new!
-RabbitCI

Pre-merge checks and finishing touches

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	The PR adds hash-shield and team-shield icon mappings and propagates abacAttributes throughout the UI layer (RoomHeader, RoomItem, RoomTypeIcon, RoomActionsView, RoomInfoViewTitle, RoomView), enabling icon selection logic based on ABAC attributes across rooms list, room header, and room actions surfaces.
Out of Scope Changes check	✅ Passed	All changes are in-scope: icon mapping additions, ABAC attribute propagation through component interfaces, database schema updates to support abacAttributes, and UI integration across all specified surfaces.
Title check	✅ Passed	The PR title 'feat(ABAC): Add icons' accurately describes the main change: two new icons (hash-shield and team-shield) are added to represent ABAC channels across the UI.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch abac-75

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/containers/RoomTypeIcon/index.tsx (1)

51-63: Optional: Consider extracting icon selection logic per TODO.

The TODO comment on line 51 suggests moving the icon selection logic to a separate function. With the added ABAC logic, this refactoring would improve readability and testability. However, this can be deferred to a future PR.

If addressed, the refactored code could look like:

const getIconName = ({
  abacAttributes,
  teamMain,
  type,
  isGroupChat
}: {
  abacAttributes?: string[];
  teamMain?: boolean;
  type: string;
  isGroupChat?: boolean;
}): TIconsName => {
  if (abacAttributes?.length) {
    return teamMain ? 'team-shield' : 'hash-shield';
  }
  if (teamMain) {
    return `teams${type === 'p' ? '-private' : ''}`;
  }
  if (type === 'discussion') {
    return 'discussions';
  }
  if (type === 'c') {
    return 'channel-public';
  }
  if (type === 'd' && isGroupChat) {
    return 'message';
  }
  return 'channel-private';
};

// Then use it:
const icon = getIconName({ abacAttributes, teamMain, type, isGroupChat });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between dd0b6fa and b85a67e.

⛔ Files ignored due to path filters (5)

• android/app/src/main/assets/fonts/custom.ttf is excluded by !**/*.ttf
• app/containers/RoomHeader/__snapshots__/RoomHeader.test.tsx.snap is excluded by !**/*.snap
• app/containers/RoomItem/__snapshots__/RoomItem.test.tsx.snap is excluded by !**/*.snap
• app/containers/RoomTypeIcon/__snapshots__/RoomTypeIcon.test.tsx.snap is excluded by !**/*.snap
• ios/custom.ttf is excluded by !**/*.ttf

📒 Files selected for processing (20)

• app/containers/CustomIcon/mappedIcons.js (2 hunks)
• app/containers/RoomHeader/RoomHeader.stories.tsx (1 hunks)
• app/containers/RoomHeader/RoomHeader.tsx (5 hunks)
• app/containers/RoomHeader/index.tsx (4 hunks)
• app/containers/RoomItem/IconOrAvatar.tsx (2 hunks)
• app/containers/RoomItem/RoomItem.stories.tsx (1 hunks)
• app/containers/RoomItem/RoomItem.tsx (3 hunks)
• app/containers/RoomItem/TypeIcon.tsx (1 hunks)
• app/containers/RoomItem/index.tsx (1 hunks)
• app/containers/RoomItem/interfaces.ts (3 hunks)
• app/containers/RoomTypeIcon/RoomTypeIcon.stories.tsx (1 hunks)
• app/containers/RoomTypeIcon/index.tsx (3 hunks)
• app/definitions/ISubscription.ts (1 hunks)
• app/lib/database/model/Subscription.js (2 hunks)
• app/lib/database/model/migrations.js (1 hunks)
• app/lib/database/schema/app.js (2 hunks)
• app/lib/methods/helpers/mergeSubscriptionsRooms.ts (1 hunks)
• app/views/RoomActionsView/index.tsx (1 hunks)
• app/views/RoomInfoView/components/RoomInfoViewTitle.tsx (1 hunks)
• app/views/RoomView/index.tsx (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (7)

app/lib/database/model/Subscription.js (1)

app/lib/database/utils.ts (1)

• sanitizer (19-19)

app/containers/RoomHeader/index.tsx (1)

app/definitions/ISubscription.ts (1)

• ISubscription (40-120)

app/containers/RoomItem/interfaces.ts (1)

app/definitions/ISubscription.ts (1)

• ISubscription (40-120)

app/containers/RoomItem/index.tsx (1)

app/sagas/deepLinking.js (1)

• item (71-76)

app/containers/RoomItem/TypeIcon.tsx (1)

app/containers/RoomItem/interfaces.ts (1)

• ITypeIconProps (59-71)

app/containers/RoomHeader/RoomHeader.tsx (1)

app/definitions/ISubscription.ts (1)

• ISubscription (40-120)

app/containers/RoomTypeIcon/index.tsx (1)

app/definitions/ISubscription.ts (1)

• ISubscription (40-120)

🔇 Additional comments (24)

app/containers/CustomIcon/mappedIcons.js (1)

109-109: LGTM! Clean icon additions.

The new shield icons are correctly placed in alphabetical order and follow the existing pattern. The numeric codes align with the icon font mappings.

Also applies to: 206-206

app/lib/database/model/migrations.js (1)

335-343: LGTM! Migration follows established patterns.

The migration to version 28 correctly adds the optional abac_attributes column to the subscriptions table. The structure matches existing migrations and safely handles existing data.

app/lib/database/schema/app.js (1)

4-4: LGTM! Schema update aligns with migration.

The schema version bump to 28 and the abac_attributes column definition are consistent with the migration in migrations.js. The optional string type matches the expected serialization pattern for the array field.

Also applies to: 73-74

app/containers/RoomTypeIcon/RoomTypeIcon.stories.tsx (1)

21-22: LGTM! Good story coverage for ABAC icons.

The new examples demonstrate ABAC attributes both standalone and combined with teamMain, providing clear visual testing for the shield icon variants.

app/containers/RoomItem/RoomItem.stories.tsx (1)

74-75: LGTM! Comprehensive story examples.

The new RoomItem examples with ABAC attributes provide good visual coverage, including the interaction with teamMain.

app/containers/RoomHeader/RoomHeader.stories.tsx (1)

58-59: LGTM! Clear header icon examples.

The new examples effectively demonstrate how ABAC attributes render in the room header alongside existing icon types.

app/containers/RoomHeader/index.tsx (1)

4-4: LGTM! Clean prop integration with good type safety.

The abacAttributes prop is correctly typed using ISubscription['abacAttributes'] (ensuring consistency with the source interface) and properly forwarded to the child component. The use of the type keyword for type-only imports is a good practice.

Also applies to: 24-24, 42-43, 94-94

app/definitions/ISubscription.ts (1)

119-119: Serialization properly handled—no changes needed.

Verification confirms the abacAttributes field is correctly configured. The Subscription model uses WatermelonDB's @json decorator (line 156 of app/lib/database/model/Subscription.js), which automatically handles JSON serialization between the database's string storage format and the TypeScript string[] type. The implementation is complete and working as intended.

app/containers/RoomItem/IconOrAvatar.tsx (1)

23-47: LGTM! Clean prop threading for ABAC attributes.

The addition of abacAttributes and its forwarding to TypeIcon is straightforward and consistent with the existing prop-passing pattern.

app/lib/database/model/Subscription.js (2)

156-156: LGTM! Database field addition follows existing conventions.

The abacAttributes field is properly decorated with @json and uses the standard sanitizer, consistent with other JSON fields in this model (e.g., roles, muted, tags).

---

224-225: LGTM! Serialization correctly includes the new field.

The abacAttributes field is properly included in the asPlain() output, ensuring the ABAC attributes are available when the subscription is serialized.

app/containers/RoomItem/index.tsx (1)

97-97: LGTM! Proper data flow from subscription to RoomItem.

The abacAttributes from the subscription item is correctly threaded through to the RoomItem component, consistent with how other subscription properties are passed.

app/views/RoomActionsView/index.tsx (1)

798-798: LGTM! ABAC attributes propagated to room info rendering.

The abacAttributes are correctly passed to RoomTypeIcon in the room actions view, enabling ABAC-aware icon display in the room information section.

app/containers/RoomTypeIcon/index.tsx (2)

27-31: LGTM! Type-safe ABAC attribute support added.

The abacAttributes prop is properly typed as ISubscription['abacAttributes'], ensuring type consistency across the component hierarchy.

---

53-63: Icon selection logic and icon availability verified.

The ABAC attribute precedence is correctly implemented. Both 'team-shield' (code point 59877) and 'hash-shield' (code point 59878) are defined in app/containers/CustomIcon/mappedIcons.js, confirming the icon names are available and the code is ready for merge.

app/containers/RoomHeader/RoomHeader.tsx (1)

83-214: LGTM! ABAC attributes properly threaded through RoomHeader.

The abacAttributes prop is correctly:

• Added to the IRoomHeader interface with proper typing
• Included in the component's props destructuring
• Forwarded to RoomTypeIcon in both rendering paths (thread view at line 187 and standard view at line 214)

This ensures ABAC-aware icon display in room headers across all view modes.

app/views/RoomView/index.tsx (1)

513-513: LGTM! ABAC attributes correctly passed to RoomHeader.

The abacAttributes from the subscription are properly forwarded to the RoomHeader component within the navigation header configuration, enabling ABAC-aware icon display in the room view header.

app/containers/RoomItem/RoomItem.tsx (2)

56-57: LGTM! ABAC attributes added to RoomItem props.

The abacAttributes prop is correctly destructured and ready for use in the component.

---

116-158: LGTM! ABAC attributes forwarded in both display modes.

The abacAttributes are properly passed to TypeIcon in both rendering branches:

• Expanded view with last message (line 116)
• Collapsed view (line 158)

This ensures ABAC shield icons appear consistently in room list items regardless of the display mode setting.

app/views/RoomInfoView/components/RoomInfoViewTitle.tsx (1)

66-66: LGTM!

The abacAttributes prop is correctly passed to RoomTypeIcon with appropriate optional chaining to handle cases where room may be undefined.

app/containers/RoomItem/TypeIcon.tsx (1)

6-20: LGTM!

The component correctly threads the new abacAttributes prop through to RoomTypeIcon while maintaining the existing memoization and prop-passing patterns.

app/containers/RoomItem/interfaces.ts (3)

70-70: LGTM!

The abacAttributes property is correctly added to ITypeIconProps with the appropriate optional type derived from ISubscription.

---

128-128: LGTM!

The abacAttributes property is correctly added to IRoomItemProps, consistent with the type used in other interfaces.

---

166-166: LGTM!

The abacAttributes property is correctly added to IIconOrAvatar, maintaining consistency across all interface definitions in this file.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Mock data applies ABAC attributes to ALL rooms indiscriminately.

The hardcoded mock assigns ABAC attributes to every subscription that has associated room data, regardless of whether the room should actually have ABAC policies. This means all rooms will display shield icons in the UI, which may complicate testing and validation of the ABAC feature's intended behavior.

Consider adding a conditional check or a flag to selectively apply mock attributes to specific test rooms only, allowing the UI to display both ABAC and non-ABAC states during development.

Would you like me to suggest an implementation that conditionally applies mock attributes based on a room property or pattern (e.g., room name contains "ABAC")?

🤖 Prompt for AI Agents

In app/lib/methods/helpers/mergeSubscriptionsRooms.ts around line 37, the code
indiscriminately sets mergedSubscription.abacAttributes = ['Classified', 'Top
Secret', 'Confidential']; for every subscription with room data; change this to
apply mock ABAC attributes only when a room meets a clear condition (e.g.,
room.meta?.isAbac === true, room.name includes "ABAC", or a dedicated test flag
on the room/subscription). Implement a simple conditional: check the chosen
property on the room before assigning the mock array, otherwise leave
mergedSubscription.abacAttributes undefined or an empty array so non-ABAC rooms
render without shields.