fix: hide workspace registration status from users without manage-cloud permission

[ricardogarim]

As per SUP-871, this PR fixes the issue where "Workspace not registered" incorrectly shows for all users with access to the workspace administration page, even when the workspace is actually registered.

Proposed changes (including videos or screenshots)

• API endpoint: Changed /v1/cloud.registrationStatus authorization from admin role to manage-cloud permission (aligns with frontend)
• Hook: Exposed canViewRegistrationStatus flag and fixed typo (canViewregistrationStatus -> canViewRegistrationStatus)
• VersionCard.tsx: Conditionally display registration status only when canViewRegistrationStatus is true
• SubscriptionPage.tsx: Show "Sync license update" button based on canViewRegistrationStatus instead of isRegistered

Issue(s)

• SUP-871

Steps to test or reproduce

1. Ensure your workspace is registered with Rocket.Chat Cloud
2. Create a user with access to the admin info page but WITHOUT the manage-cloud permission
3. Log in as that user and navigate to /admin/info

Before: "Workspace not registered" shows incorrectly even though workspace is registered
After: Registration status is hidden for users without manage-cloud permission (no false "not registered" message)

Summary by CodeRabbit

• Bug Fixes
  • Updated authorization checks for workspace registration features to use permission-based access controls.
  • Aligned API and UI authentication mechanisms for consistent manage-cloud permission enforcement.
  • Enhanced registration status visibility checks across admin interfaces.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

🦋 Changeset detected

Latest commit: e7c5048

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 40 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/abac	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Replaces an admin-role check with a permission-based check (manage-cloud) for workspace/cloud registration status across server API, a client hook, and dependent UI components to align authorization semantics.

Changes

Cohort / File(s)	Change Summary
Server API apps/meteor/app/api/server/v1/cloud.ts	Replaced hasRoleAsync(..., 'admin') with hasPermissionAsync(..., 'manage-cloud'); updated import to hasPermission.
Client hook apps/meteor/client/hooks/useRegistrationStatus.ts	Added public canViewRegistrationStatus return value, fixed internal naming, and updated query/logic to use canViewRegistrationStatus.
UI components apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx, apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx	Conditional rendering and action/button visibility updated to use canViewRegistrationStatus; adjusted memo/dependency arrays where the hook result is used.
Changelog .changeset/little-steaks-itch.md	Added changelog entry documenting the permission-check fix and alignment between API and UI for manage-cloud.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• ggazzo
• aleksandernsilva
• scuciatto

Poem

🐰 I hopped from roles to finer keys,
"manage-cloud" now guards the trees,
Server, hook, and UI in tune,
Registration wakes by permission's moon,
A tiny hop — a smoother tune.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: hiding workspace registration status from users without manage-cloud permission, which aligns with the primary objective across API, hook, and UI modifications.
Linked Issues check	✅ Passed	The PR addresses SUP-871 by fixing authorization checks for workspace registration status across API and UI layers to use manage-cloud permission instead of admin role.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing workspace registration status visibility based on manage-cloud permission: API endpoint authorization, hook exposure, and conditional UI rendering updates.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/workspace-registration-status

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 75.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.63%. Comparing base (5fa1509) to head (e7c5048).
⚠️ Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #37951      +/-   ##
===========================================
- Coverage    70.63%   70.63%   -0.01%     
===========================================
  Files         3143     3143              
  Lines       108693   108695       +2     
  Branches     19577    19537      -40     
===========================================
+ Hits         76779    76780       +1     
- Misses       29904    29910       +6     
+ Partials      2010     2005       -5     

Flag	Coverage Δ
e2e	60.15% <75.00%> (-0.01%)	⬇️
e2e-api	48.49% <ø> (+1.10%)	⬆️
unit	71.72% <ø> (-0.05%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.1GiB	1.1GiB	+11MiB
rocketchat	355MiB	345MiB	+11MiB
omnichannel-transcript-service	132MiB	132MiB	-413B
queue-worker-service	132MiB	132MiB	+651B
ddp-streamer-service	126MiB	126MiB	+631B
account-service	113MiB	113MiB	+869B
authorization-service	111MiB	111MiB	-1.7KiB
presence-service	111MiB	111MiB	+540B

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 22:18", "12/17 21:04", "12/18 23:12", "12/19 23:27", "12/20 21:03", "12/22 18:54", "12/23 16:16", "12/24 19:38", "12/25 17:51", "12/26 13:18", "12/26 20:12 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]

Loading

Statistics (last 30 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.2GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.1GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37951
• Baseline: develop
• Timestamp: 2025-12-26 20:12:13 UTC
• Historical data points: 30

---

Updated: Fri, 26 Dec 2025 20:12:14 GMT

[cubic-dev-ai]

1 issue found across 6 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx">

<violation number="1" location="apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx:51">
P1: The `isRegistered` value will be `undefined` during loading, which is falsy and will incorrectly show &quot;Workspace not registered&quot; until the data loads. Consider destructuring `isPending` from `useIsRegistered()` and including it in the loading condition, or defaulting `isRegistered` to handle the loading state.</violation>
</file>

_{Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/meteor/client/hooks/useIsRegistered.ts (1)

8-14: Consider simplifying the query function.

The queryFn wraps the result in a new object, but the endpoint already returns { isRegistered: boolean }. You can return the result directly.

🔎 Proposed simplification

 	return useQuery({
 		queryKey: ['cloud', 'isRegistered'],
-		queryFn: async () => {
-			const result = await getIsRegistered();
-			return { isRegistered: result.isRegistered };
-		},
+		queryFn: getIsRegistered,
 		staleTime: Infinity,
 	});

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a8a84ab and b2c5dd9.

📒 Files selected for processing (6)

• .changeset/polite-oranges-attack.md
• apps/meteor/app/api/server/v1/cloud.ts
• apps/meteor/client/hooks/useIsRegistered.ts
• apps/meteor/client/hooks/useRegistrationStatus.ts
• apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx
• apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx

💤 Files with no reviewable changes (1)

• apps/meteor/client/hooks/useRegistrationStatus.ts

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx
• apps/meteor/app/api/server/v1/cloud.ts
• apps/meteor/client/hooks/useIsRegistered.ts
• apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx

🧠 Learnings (3)

📚 Learning: 2025-10-06T20:32:23.658Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37152
File: packages/apps-engine/tests/test-data/utilities.ts:557-573
Timestamp: 2025-10-06T20:32:23.658Z
Learning: In packages/apps-engine/tests/test-data/utilities.ts, the field name `isSubscripbedViaBundle` in the `IMarketplaceSubscriptionInfo` type should not be flagged as a typo, as it may match the upstream API's field name.

Applied to files:

• apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx

📚 Learning: 2025-11-04T16:49:19.107Z

Learnt from: ricardogarim
Repo: RocketChat/Rocket.Chat PR: 37377
File: apps/meteor/ee/server/hooks/federation/index.ts:86-88
Timestamp: 2025-11-04T16:49:19.107Z
Learning: In Rocket.Chat's federation system (apps/meteor/ee/server/hooks/federation/), permission checks follow two distinct patterns: (1) User-initiated federation actions (creating rooms, adding users to federated rooms, joining from invites) should throw MeteorError to inform users they lack 'access-federation' permission. (2) Remote server-initiated federation events should silently skip/ignore when users lack permission. The beforeAddUserToRoom hook only executes for local user-initiated actions, so throwing an error there is correct. Remote federation events are handled separately by the federation Matrix package with silent skipping logic.

Applied to files:

• .changeset/polite-oranges-attack.md

📚 Learning: 2025-12-02T22:23:49.593Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37654
File: apps/meteor/client/hooks/useAppSlashCommands.ts:32-38
Timestamp: 2025-12-02T22:23:49.593Z
Learning: In apps/meteor/client/hooks/useAppSlashCommands.ts, the `data?.forEach((command) => slashCommands.add(command))` call during render is intentional. The query is configured with `structuralSharing: false` to prevent React Query from keeping stable data references, and `slashCommands.add` is idempotent, so executing on every render is acceptable and ensures the command registry stays current.

Applied to files:

• apps/meteor/client/hooks/useIsRegistered.ts

🧬 Code graph analysis (3)

apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx (1)

apps/meteor/client/hooks/useIsRegistered.ts (1)

• useIsRegistered (5-16)

apps/meteor/app/api/server/v1/cloud.ts (4)

apps/meteor/app/api/server/index.ts (1)

• API (51-51)

packages/rest-typings/src/v1/Ajv.ts (1)

• ajv (24-24)

apps/meteor/app/api/server/ApiClass.ts (1)

• ExtractRoutesFromAPI (73-77)

packages/rest-typings/src/index.ts (1)

• Endpoints (48-93)

apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx (1)

apps/meteor/client/hooks/useIsRegistered.ts (1)

• useIsRegistered (5-16)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: cubic · AI code reviewer

🔇 Additional comments (5)

.changeset/polite-oranges-attack.md (1)

1-5: LGTM!

The changeset correctly documents the fix as a patch version bump with a clear description of the issue being resolved.

apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx (1)

34-34: LGTM!

The migration to useIsRegistered is correctly implemented. The optional chaining on registrationData?.isRegistered appropriately handles loading and error states, defaulting to undefined which safely hides the sync button until the registration status is confirmed.

Also applies to: 57-57, 68-68

apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx (1)

50-51: LGTM!

The migration to useIsRegistered is correctly implemented. Note that while the registration status is loading, isRegistered will be undefined, causing !isRegistered (line 86) to evaluate as truthy. This briefly shows the "Register Workspace" button during loading, which is acceptable UX since it resolves quickly.

apps/meteor/app/api/server/v1/cloud.ts (2)

183-210: LGTM!

The new cloud.isRegistered endpoint correctly implements the PR objective. Key observations:

• Security: authRequired: true without permissionsRequired is intentional, allowing all authenticated users to check registration status. This is appropriate since the endpoint only exposes a single boolean value, not sensitive workspace details.
• Response schema: Properly validates the response with AJV.
• Type extraction: Uses ExtractRoutesFromAPI to derive type-safe route definitions.

---

212-221: LGTM!

The type augmentation correctly extends the Endpoints interface with both the auto-extracted CloudEndpoints and the manually declared /v1/cloud.checkoutUrl route that uses the older addRoute pattern.

[ggazzo]

what is wrong with the registrationStatus ? Is there no way to fix this by altering this endpoint? It seems to me that it was designed precisely for what we're trying to fix. otherwise will this endpoint no longer be used? Should it be deprecated? I think there should be a changeset about the new endpoint, one about deprecation, and then one about fixing it.

[ricardogarim]

what is wrong with the registrationStatus ? Is there no way to fix this by altering this endpoint? It seems to me that it was designed precisely for what we're trying to fix. otherwise will this endpoint no longer be used? Should it be deprecated? I think there should be a changeset about the new endpoint, one about deprecation, and then one about fixing it.

/v1/cloud.registrationstatus intentionally restricts access to admins only. as i understand it, this is to avoid exposing sensitive data, such as the admin email, to any authenticated user.

if we agree that exposing this information more broadly is acceptable, then we could consider reusing the existing endpoint. however, that would result in a breaking change either by removing sensitive fields from the response or by removing the role check, right?

edit: i’ve added the code assuming we move forward with a new route and deprecate the existing one. also, waiting on team’s input on which approach makes more sense, since adjusting the current route would introduce a breaking change.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/meteor/app/api/server/v1/cloud.ts (1)

86-100: Consider using permissionsRequired in route options for consistency.

The manual permission check using hasPermissionAsync works correctly, but other routes in this file use permissionsRequired in the route configuration (lines 42, 58, 68, 106, 126). For consistency and idiomatic code, consider refactoring to:

🔎 Proposed refactor

 API.v1.addRoute(
 	'cloud.registrationStatus',
-	{ authRequired: true },
+	{ authRequired: true, permissionsRequired: ['manage-cloud'] },
 	{
 		async get() {
-			if (!(await hasPermissionAsync(this.userId, 'manage-cloud'))) {
-				return API.v1.forbidden();
-			}
-
 			const registrationStatus = await retrieveRegistrationStatus();
 
 			return API.v1.success({ registrationStatus });

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8bfa2d6 and e7c5048.

📒 Files selected for processing (5)

• .changeset/little-steaks-itch.md
• apps/meteor/app/api/server/v1/cloud.ts
• apps/meteor/client/hooks/useRegistrationStatus.ts
• apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx
• apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx

🚧 Files skipped from review as they are similar to previous changes (1)

• .changeset/little-steaks-itch.md

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/app/api/server/v1/cloud.ts
• apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx
• apps/meteor/client/hooks/useRegistrationStatus.ts
• apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx

🧠 Learnings (2)

📚 Learning: 2025-10-06T20:32:23.658Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37152
File: packages/apps-engine/tests/test-data/utilities.ts:557-573
Timestamp: 2025-10-06T20:32:23.658Z
Learning: In packages/apps-engine/tests/test-data/utilities.ts, the field name `isSubscripbedViaBundle` in the `IMarketplaceSubscriptionInfo` type should not be flagged as a typo, as it may match the upstream API's field name.

Applied to files:

• apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx

📚 Learning: 2025-12-02T22:23:49.593Z

Learnt from: d-gubert
Repo: RocketChat/Rocket.Chat PR: 37654
File: apps/meteor/client/hooks/useAppSlashCommands.ts:32-38
Timestamp: 2025-12-02T22:23:49.593Z
Learning: In apps/meteor/client/hooks/useAppSlashCommands.ts, the `data?.forEach((command) => slashCommands.add(command))` call during render is intentional. The query is configured with `structuralSharing: false` to prevent React Query from keeping stable data references, and `slashCommands.add` is idempotent, so executing on every render is acceptable and ensures the command registry stays current.

Applied to files:

• apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx

🧬 Code graph analysis (3)

apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx (1)

apps/meteor/client/hooks/useRegistrationStatus.ts (1)

• useRegistrationStatus (11-31)

apps/meteor/client/hooks/useRegistrationStatus.ts (2)

packages/rest-typings/src/index.ts (1)

• OperationResult (191-193)

packages/ui-contexts/src/index.ts (1)

• usePermission (57-57)

apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx (1)

apps/meteor/client/hooks/useRegistrationStatus.ts (1)

• useRegistrationStatus (11-31)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: 🔎 Code Check / TypeScript
• GitHub Check: 🔎 Code Check / Code Lint
• GitHub Check: 🔨 Test Storybook / Test Storybook
• GitHub Check: 🔨 Test Unit / Unit Tests
• GitHub Check: 📦 Meteor Build (coverage)
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (3)

apps/meteor/client/views/admin/subscription/SubscriptionPage.tsx (1)

57-57: LGTM! Proper permission-based gating.

The change from isRegistered to canViewRegistrationStatus correctly ensures that the "Sync license update" button is only visible to users with the manage-cloud permission, which aligns with the PR objectives.

Also applies to: 111-115

apps/meteor/client/hooks/useRegistrationStatus.ts (1)

6-31: LGTM! Important typo fix and proper API expansion.

The changes correctly:

• Fix the typo (canViewregistrationStatus → canViewRegistrationStatus)
• Expose canViewRegistrationStatus in the return type for consumers
• Compute isRegistered as !queryResult.isPending && queryResult.data?.registrationStatus?.workspaceRegistered, which properly handles the loading state (returns false during loading rather than undefined)

apps/meteor/client/views/admin/workspace/VersionCard/VersionCard.tsx (1)

50-50: LGTM! Proper permission-based gating of registration status.

The changes correctly ensure that registration-related UI elements (register button and status indicators) are only shown to users with the manage-cloud permission. The useMemo dependencies are properly updated to include canViewRegistrationStatus.

Note: The previous concern about isRegistered being undefined during loading has been addressed by the useRegistrationStatus hook, which now returns false during loading rather than undefined.

Also applies to: 85-96, 110-110, 157-167