chore!: remove deprecated setAdminStatus

[juliajforesti]

ARCH-1857

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Breaking Changes

  • Removed deprecated server API for toggling admin status; upgrade includes a major version bump—update any integrations that relied on this API.

• Improvements

  • Admin role management on the client now uses username-based actions and direct role endpoints, with clearer localized feedback when roles are added or removed.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 46300c7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 40 packages

Name	Type
@rocket.chat/meteor	Major
@rocket.chat/core-typings	Major
@rocket.chat/rest-typings	Major
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Major
@rocket.chat/gazzodown	Major
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Major
@rocket.chat/ui-client	Major
@rocket.chat/ui-contexts	Major
@rocket.chat/web-ui-registration	Major
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Major
@rocket.chat/ui-voip	Major
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Removes the deprecated server method setAdminStatus and its registration; client code is refactored to call roles.addUserToRole / roles.removeUserFromRole and the admin-change hook parameter is switched from userId to username. Changeset marks a major package bump.

Changes

Cohort / File(s)	Summary
Breaking change declaration /.changeset/gentle-dingos-retire.md	Adds changeset entry marking removal of setAdminStatus and a major version bump.
Server method removal apps/meteor/app/lib/server/index.ts, apps/meteor/app/lib/server/methods/setAdminStatus.ts	Removes import and full implementation/registration of the setAdminStatus Meteor method (authorization, validation, user lookup, role add/remove logic).
Client hook refactor apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts	Changes hook signature to accept username (was userId); replaces useMethod call with roles.addUserToRole / roles.removeUserFromRole endpoints; updates messages and control flow.
Client call-site updates apps/meteor/client/views/admin/users/hooks/useAdminUserInfoActions.ts, apps/meteor/client/views/admin/users/UsersTable/UsersTableRow.tsx	Update callers to pass username instead of userId.

Sequence Diagram(s)

sequenceDiagram
    actor Admin
    participant Client
    participant Server

    rect rgba(200,230,255,0.4)
    note over Client,Server: Before — single Meteor method
    Admin->>Client: toggle admin status
    Client->>Server: setAdminStatus(userId, isAdmin)
    Server->>Server: validate, authorize, user lookup
    Server->>Server: add/remove 'admin' role
    Server-->>Client: ack
    end

    rect rgba(255,235,220,0.4)
    note over Client,Server: After — endpoint-based flow (username)
    Admin->>Client: toggle admin status
    alt adding admin
        Client->>Server: roles.addUserToRole(username, 'admin')
    else removing admin
        Client->>Server: roles.removeUserFromRole(username, 'admin')
    end
    Server->>Server: validate & authorize, manage role
    Server-->>Client: ack
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay attention to: apps/meteor/app/lib/server/methods/setAdminStatus.ts (complete removal), apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts (signature + endpoint logic), and call sites to ensure username usage is correct.

Possibly related PRs

• chore!: remove addUserToRole and removeUserFromRole #36935 — touches setAdminStatus and role endpoint migration (directly related).
• chore: add setAdminStatus deprecation logger #36944 — added deprecation logging to setAdminStatus before removal (directly related).
• chore: changeset for #36935 #36950 — changes around addUserToRole/removeUserFromRole declarations used by the refactor (directly related).

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• ggazzo
• aleksandernsilva

Poem

🐰 I hopped through code with nimble paws,

A method gone, I left no claws.
Username now guides the admin dance,
Two endpoints call — a cleaner stance.
Cheers from a rabbit, give this change a glance!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	Beyond removing the setAdminStatus method, the PR modifies client hooks (useChangeAdminStatusAction) to use username and new endpoints (roles.addUserToRole/roles.removeUserFromRole) instead of the deprecated method.	Clarify whether client-side hook refactoring to use alternative endpoints is in scope for ARCH-1857 or represents additional changes beyond the stated objective of removing the deprecated method.
Linked Issues check	❓ Inconclusive	The linked issue ARCH-1857 references removing 'livechat:setAdminStatus' method, but the PR removes the general 'setAdminStatus' method from the @rocket.chat/meteor package without specific mention of the livechat context.	Clarify whether the removed setAdminStatus method is the same as the 'livechat:setAdminStatus' referenced in ARCH-1857, or if additional livechat-specific removals are required.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: removing the deprecated setAdminStatus method as a breaking change for version 8.0.0.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e92059f and 46300c7.

📒 Files selected for processing (6)

• .changeset/gentle-dingos-retire.md (1 hunks)
• apps/meteor/app/lib/server/index.ts (0 hunks)
• apps/meteor/app/lib/server/methods/setAdminStatus.ts (0 hunks)
• apps/meteor/client/views/admin/users/UsersTable/UsersTableRow.tsx (1 hunks)
• apps/meteor/client/views/admin/users/hooks/useAdminUserInfoActions.ts (1 hunks)
• apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 95.45455% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 70.95%. Comparing base (8728dd6) to head (46300c7).
⚠️ Report is 5 commits behind head on release-8.0.0.

Additional details and impacted files

@@                Coverage Diff                @@
##           release-8.0.0   #37388      +/-   ##
=================================================
- Coverage          72.30%   70.95%   -1.35%     
=================================================
  Files               1494     3036    +1542     
  Lines              77102   104621   +27519     
  Branches           10935    18432    +7497     
=================================================
+ Hits               55746    74236   +18490     
- Misses             20940    28438    +7498     
- Partials             416     1947    +1531     

Flag	Coverage Δ
e2e	58.06% <92.85%> (?)
unit	72.32% <61.90%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1566dca and e92059f.

📒 Files selected for processing (6)

• .changeset/gentle-dingos-retire.md (1 hunks)
• apps/meteor/app/lib/server/index.ts (0 hunks)
• apps/meteor/app/lib/server/methods/setAdminStatus.ts (0 hunks)
• apps/meteor/client/views/admin/users/UsersTable/UsersTableRow.tsx (1 hunks)
• apps/meteor/client/views/admin/users/hooks/useAdminUserInfoActions.ts (1 hunks)
• apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts (1 hunks)

💤 Files with no reviewable changes (2)

• apps/meteor/app/lib/server/methods/setAdminStatus.ts
• apps/meteor/app/lib/server/index.ts

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: rodrigok
Repo: RocketChat/Rocket.Chat PR: 36991
File: apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts:219-221
Timestamp: 2025-09-19T15:15:04.642Z
Learning: The Federation_Matrix_homeserver_domain setting in apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts is part of the old federation system and is being deprecated/removed, so configuration issues with this setting should not be flagged for improvement.

📚 Learning: 2025-09-19T15:15:04.642Z

Learnt from: rodrigok
Repo: RocketChat/Rocket.Chat PR: 36991
File: apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts:219-221
Timestamp: 2025-09-19T15:15:04.642Z
Learning: The Federation_Matrix_homeserver_domain setting in apps/meteor/server/services/federation/infrastructure/rocket-chat/adapters/Settings.ts is part of the old federation system and is being deprecated/removed, so configuration issues with this setting should not be flagged for improvement.

Applied to files:

• .changeset/gentle-dingos-retire.md

🧬 Code graph analysis (3)

apps/meteor/client/views/admin/users/hooks/useAdminUserInfoActions.ts (1)

apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts (1)

• useChangeAdminStatusAction (8-43)

apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts (2)

packages/core-typings/src/IUser.ts (1)

• IUser (186-255)

apps/meteor/client/views/admin/users/hooks/useAdminUserInfoActions.ts (1)

• AdminUserAction (15-22)

apps/meteor/client/views/admin/users/UsersTable/UsersTableRow.tsx (1)

apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts (1)

• useChangeAdminStatusAction (8-43)

🔇 Additional comments (4)

.changeset/gentle-dingos-retire.md (1)

1-5: LGTM! Changeset properly documents the breaking change.

The changeset correctly marks this as a major version bump and clearly describes the removal of the deprecated method.

apps/meteor/client/views/admin/users/hooks/useAdminUserInfoActions.ts (1)

92-92: LGTM! Updated to pass username instead of userId.

The change correctly aligns with the new signature of useChangeAdminStatusAction that now uses username-based endpoints.

apps/meteor/client/views/admin/users/UsersTable/UsersTableRow.tsx (1)

92-92: LGTM! Correctly updated to use username.

The change properly passes username to align with the refactored hook that now uses role endpoints.

apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts (1)

15-16: LGTM! Correct endpoints for role management.

The endpoints properly replace the deprecated setAdminStatus method with the standard role management API.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add validation for username parameter.

The username parameter is typed as IUser['username'], which is string | undefined based on the IUser type definition. While it defaults to an empty string, the function should validate that username is non-empty before attempting to call the role endpoints.

Apply this diff to add validation:

 export const useChangeAdminStatusAction = (
 	username: IUser['username'] = '',
 	isAdmin: boolean,
 	onChange: () => void,
 ): AdminUserAction | undefined => {
 	const { t } = useTranslation();
 	const dispatchToastMessage = useToastMessageDispatch();
 	const addUserToRoleEndpoint = useEndpoint('POST', '/v1/roles.addUserToRole');
 	const removeUserFromRoleEndpoint = useEndpoint('POST', '/v1/roles.removeUserFromRole');

 	const canAssignAdminRole = usePermission('assign-admin-role');

 	const changeAdminStatus = useCallback(async () => {
+		if (!username) {
+			dispatchToastMessage({ type: 'error', message: t('error-invalid-user') });
+			return;
+		}
+
 		try {
 			if (isAdmin) {

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts
around lines 8–12, the function accepts username typed as IUser['username']
(string | undefined) and defaults to '' but does not validate it; add an
explicit guard that treats empty string or undefined username as invalid and
return undefined (no action) before constructing or calling any role endpoints,
and update any internal usage to rely on that guard so no network calls are
attempted with a falsy username.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix error message handling in catch block.

At line 32, the error object is passed directly to dispatchToastMessage as the message. Toast messages expect a string, but error might be an Error object or have a different structure.

Apply this diff to properly extract the error message:

 		} catch (error) {
-			dispatchToastMessage({ type: 'error', message: error });
+			dispatchToastMessage({ type: 'error', message: error instanceof Error ? error.message : String(error) });
 		}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const changeAdminStatus = useCallback(async () => {
	try {
	await setAdminStatus(userId, !isAdmin);
	const message = isAdmin ? 'User_is_no_longer_an_admin' : 'User_is_now_an_admin';
	dispatchToastMessage({ type: 'success', message: t(message) });
	if (isAdmin) {
	await removeUserFromRoleEndpoint({ roleId: 'admin', username });
	dispatchToastMessage({ type: 'info', message: t('User_is_no_longer_an_admin') });
	onChange();
	return;
	}
	await addUserToRoleEndpoint({ roleId: 'admin', username });
	dispatchToastMessage({ type: 'success', message: t('User_is_now_an_admin') });
	onChange();
	} catch (error) {
	dispatchToastMessage({ type: 'error', message: error });
	}
	}, [userId, dispatchToastMessage, isAdmin, onChange, setAdminStatus, t]);
	}, [isAdmin, removeUserFromRoleEndpoint, username, dispatchToastMessage, addUserToRoleEndpoint, t, onChange]);
	const changeAdminStatus = useCallback(async () => {
	try {
	if (isAdmin) {
	await removeUserFromRoleEndpoint({ roleId: 'admin', username });
	dispatchToastMessage({ type: 'info', message: t('User_is_no_longer_an_admin') });
	onChange();
	return;
	}
	await addUserToRoleEndpoint({ roleId: 'admin', username });
	dispatchToastMessage({ type: 'success', message: t('User_is_now_an_admin') });
	onChange();
	} catch (error) {
	dispatchToastMessage({ type: 'error', message: error instanceof Error ? error.message : String(error) });
	}
	}, [isAdmin, removeUserFromRoleEndpoint, username, dispatchToastMessage, addUserToRoleEndpoint, t, onChange]);

🤖 Prompt for AI Agents

In apps/meteor/client/views/admin/users/hooks/useChangeAdminStatusAction.ts
around lines 20 to 34, the catch block passes the raw error object to
dispatchToastMessage which expects a string; change it to extract a safe message
string (for example use error?.message ?? String(error) ??
t('Something_went_wrong')) and pass that as the message value in
dispatchToastMessage({ type: 'error', message: <extracted string> }) so the
toast always receives a string; keep the rest of the catch logic unchanged.