chore: Show ldap attribute sync settings on abac page

[KevLehman]

Proposed changes (including videos or screenshots)

Issue(s)

https://rocketchat.atlassian.net/browse/PRD-244

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• New Features

  • Collapsible LDAP ABAC configuration section with background-sync settings.
  • "LDAP Sync Now" action that validates connection, shows confirmation, and displays success/error notifications.
  • Sync action is disabled with an explanatory tooltip until both ABAC and LDAP are enabled.
  • Added user-facing message instructing to enable ABAC and LDAP to sync.

• Improvements

  • ABAC enable toggle and informational callout moved outside the accordion for clearer layout.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 878f23e6-4577-4a94-9c7a-8e26cc8ed2b3

📥 Commits

Reviewing files that changed from the base of the PR and between 2e08412 and 319c131.

📒 Files selected for processing (3)

• apps/meteor/client/hooks/useLdapSync.tsx
• apps/meteor/client/views/admin/ABAC/ABACSettingTab/AbacEnabledToggle.tsx
• apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx

🚧 Files skipped from review as they are similar to previous changes (3)

• apps/meteor/client/views/admin/ABAC/ABACSettingTab/AbacEnabledToggle.tsx
• apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx
• apps/meteor/client/hooks/useLdapSync.tsx

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: 🔨 Test Storybook / Test Storybook
• GitHub Check: 🔎 Code Check / Code Lint
• GitHub Check: 🔎 Code Check / TypeScript
• GitHub Check: 🔨 Test Unit / Unit Tests
• GitHub Check: 📦 Meteor Build (coverage)
• GitHub Check: cubic · AI code reviewer
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

---

Walkthrough

Adds a "Sync ABAC Attributes" accordion to ABAC settings, extracts LDAP sync logic into a new useLdapSync hook (tests connection, shows confirmation modal, triggers sync, and shows toasts), adds a "LDAP Sync Now" button to the ABAC header wired to the hook, and minor layout/i18n and prop-forwarding changes.

Changes

Cohort / File(s)	Summary
ABAC Settings UI apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx	Reworked layout to a single outer Box, added FieldGroup, and added a collapsible "Sync ABAC Attributes" accordion with three LDAP ABAC background-sync SettingFields; moved ABAC enable toggle and callout outside the accordion.
ABAC Page Header & Sync Action apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx	Replaced single header action with a ButtonGroup; added "LDAP Sync Now" button wired to useLdapSync, disabled when LDAP or ABAC are not enabled and shows localized tooltip when disabled.
LDAP Group Page apps/meteor/client/views/admin/settings/groups/LDAPGroupPage.tsx	Removed local sync handler and modal; delegates "Sync Now" behavior to useLdapSync while preserving existing disable conditions.
New Hook apps/meteor/client/hooks/useLdapSync.tsx	Added useLdapSync hook that tests LDAP connection (POST /v1/ldap.testConnection), opens a confirmation GenericModal, calls POST /v1/ldap.syncNow on confirm, and dispatches success/error toasts.
ABAC Toggle Props apps/meteor/client/views/admin/ABAC/ABACSettingTab/AbacEnabledToggle.tsx	Added optional className?: string prop and forwarded it to the underlying MemoizedSetting.
i18n packages/i18n/src/locales/en.i18n.json	Added "Enable_ABAC_and_LDAP_to_sync": "Enable ABAC and LDAP to be able to sync".

Sequence Diagram(s)

sequenceDiagram
    participant Admin as Admin User
    participant UI as Admin UI
    participant TestAPI as LDAP Test API
    participant Modal as Confirmation Modal
    participant SyncAPI as LDAP Sync API
    participant Toast as Toast Service

    Admin->>UI: Click "LDAP Sync Now"
    UI->>TestAPI: POST /v1/ldap.testConnection
    alt Connection fails
        TestAPI-->>UI: Error
        UI->>Toast: Dispatch error toast ("Connection_failed")
        Toast-->>Admin: Show error
    else Connection succeeds
        TestAPI-->>UI: Success
        UI->>Modal: Open confirmation modal
        Admin->>Modal: Confirm
        Modal-->>UI: Confirmation
        UI->>SyncAPI: POST /v1/ldap.syncNow
        alt Sync succeeds
            SyncAPI-->>UI: { message }
            UI->>Toast: Dispatch success toast (t(message))
            Toast-->>Admin: Show success
        else Sync fails
            SyncAPI-->>UI: Error
            UI->>Toast: Dispatch error toast (error.message)
            Toast-->>Admin: Show error
        end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

type: feature, area: authentication

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: showing LDAP attribute sync settings on the ABAC page, which is the core objective.
Linked Issues check	✅ Passed	The PR implements all acceptance criteria from PRD-244: duplicates LDAP settings in ABAC panel [SettingsPage.tsx], adds 'LDAP Sync Now' button [AdminABACPage.tsx], preserves existing LDAP settings [LDAPGroupPage.tsx], and respects permissions [useLdapSync.tsx].
Out of Scope Changes check	✅ Passed	All changes directly support PRD-244 objectives: UI restructuring, new sync hook, button additions, and i18n entries are all necessary for the feature implementation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 16.66667% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.15%. Comparing base (f21ed3a) to head (319c131).
⚠️ Report is 24 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #40088      +/-   ##
===========================================
- Coverage    70.59%   70.15%   -0.44%     
===========================================
  Files         3273     3274       +1     
  Lines       116880   116249     -631     
  Branches     21110    20759     -351     
===========================================
- Hits         82512    81557     -955     
+ Misses       32309    31393     -916     
- Partials      2059     3299    +1240     

Flag	Coverage Δ
e2e	59.69% <4.76%> (-1.05%)	⬇️
e2e-api	46.61% <ø> (-2.51%)	⬇️
unit	70.98% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 319c131

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cubic-dev-ai]

1 issue found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx">

<violation number="1" location="apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx:38">
P2: This introduces a second copy of the LDAP “Sync Now” flow that already exists in `LDAPGroupPage`; extract/reuse a shared action to avoid behavior drift between the two admin screens.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx`:
- Around line 35-43: The handler currently calls testConnection() (POST
/v1/ldap.testConnection) before performing a sync, which blocks users who have
sync permission but not test permission and conflates auth failures with
connection errors; update handleSyncNowButtonClick (and the button rendering
that only checks LDAP_Enable) to either gate the UI by the sync permission
(e.g., the permission that maps to sync-auth-services-users) instead of just
LDAP_Enable, or call syncNow() (POST /v1/ldap.syncNow) directly and distinguish
HTTP 403/authorization errors from connection failures in the catch: show a
permission-specific toast for auth errors and keep Connection_failed for real
connection errors; reference testConnection, syncNow, handleSyncNowButtonClick,
and dispatchToastMessage when making these changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 685a4866-451a-4075-8557-af1f8528fea3

📥 Commits

Reviewing files that changed from the base of the PR and between f21ed3a and 56033c5.

📒 Files selected for processing (2)

• apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx

🧠 Learnings (3)

📚 Learning: 2025-11-07T14:50:33.544Z

Learnt from: KevLehman
Repo: RocketChat/Rocket.Chat PR: 37423
File: packages/i18n/src/locales/en.i18n.json:18-18
Timestamp: 2025-11-07T14:50:33.544Z
Learning: Rocket.Chat settings: in apps/meteor/ee/server/settings/abac.ts, the Abac_Cache_Decision_Time_Seconds setting uses invalidValue: 0 as the fallback when ABAC is unlicensed. With a valid license, admins can still set the value to 0 to intentionally disable the ABAC decision cache.

Applied to files:

• apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx

📚 Learning: 2026-03-27T14:52:56.865Z

Learnt from: dougfabris
Repo: RocketChat/Rocket.Chat PR: 39892
File: apps/meteor/client/views/room/contextualBar/Threads/Thread.tsx:150-155
Timestamp: 2026-03-27T14:52:56.865Z
Learning: In Rocket.Chat, there are two different `ModalBackdrop` components with different prop APIs. During review, confirm the import source: (1) `rocket.chat/fuselage` `ModalBackdrop` uses `ModalBackdropProps` based on `BoxProps` (so it supports `onClick` and other Box/DOM props) and does not have an `onDismiss` prop; (2) `rocket.chat/ui-client` `ModalBackdrop` uses a narrower props interface like `{ children?: ReactNode; onDismiss?: () => void }` and handles Escape keypress and outside mouse-up, and it does not forward arbitrary DOM props such as `onClick`. Flag mismatched props (e.g., `onDismiss` passed to the fuselage component or `onClick` passed to the ui-client component) and ensure the usage matches the correct component being imported.

Applied to files:

• apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx
• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx

📚 Learning: 2025-10-30T19:30:46.541Z

Learnt from: MartinSchoeler
Repo: RocketChat/Rocket.Chat PR: 37244
File: apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.spec.tsx:125-146
Timestamp: 2025-10-30T19:30:46.541Z
Learning: In the AdminABACRoomAttributesForm component (apps/meteor/client/views/admin/ABAC/AdminABACRoomAttributesForm.tsx), the first attribute value field is mandatory and does not have a Remove button. Only additional values beyond the first have Remove buttons. This means trashButtons[0] corresponds to the second value's Remove button, not the first value's.

Applied to files:

• apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx

🔇 Additional comments (2)

apps/meteor/client/views/admin/ABAC/ABACSettingTab/SettingsPage.tsx (1)

20-28: Nice reuse of the existing settings plumbing.

Rendering the LDAP ABAC fields through SettingField keeps the server-defined module and enableQuery behavior intact instead of duplicating that logic in the page.

apps/meteor/client/views/admin/ABAC/AdminABACPage.tsx (1)

49-52: Nice reuse of the endpoint message key.

Translating the message returned by ldap.syncNow keeps the success toast aligned with the server's existing i18n keys instead of hard-coding another client-only string.

[cubic-dev-ai]

1 issue found across 3 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/meteor/client/hooks/useLdapSync.tsx">

<violation number="1" location="apps/meteor/client/hooks/useLdapSync.tsx:20">
P2: Avoid force-casting API response values to `TranslationKey` without narrowing first; guard `message` before translating so unexpected responses do not result in invalid toast text.

(Based on your team's feedback about avoiding unsafe type casts when values may be missing or unexpected.) [FEEDBACK_USED]</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}