fix: update custom roles queries to include missing protected fields

[Herorishi1234]

Proposed changes

Fix an issue where custom roles created in older Rocket.Chat versions are not displayed in the Administration → Permissions → Custom Roles panel.

The root cause is that legacy role documents may not contain the protected field. The existing query uses a strict filter:

{ protected: false }

This excludes documents where the field is missing, causing them to not appear in query results.

MongoDB’s $ne operator matches documents where the field is not equal to a specified value, including documents where the field does not exist.
By updating the query to use { protected: { $ne: true } }, both explicitly unprotected roles (false) and legacy roles without the field are correctly returned.

Changes:

• Updated findCustomRoles query:
  • protected: false → protected: { $ne: true }
• Updated countCustomRoles to use the same filter to ensure consistency between results and pagination

---

Issue(s)

Closes #40798

---

Steps to test or reproduce

1. Create a custom role from:
   Administration → Permissions → Custom Roles

2. Remove the protected field manually:

   db.roles.updateOne(
     { name: "your-custom-role" },
     { $unset: { protected: "" } }
   )

3. Before this fix:

   • The role does not appear in the Custom Roles list

4. After this fix:

   • The role appears correctly in the UI

---

Further comments

• This change ensures backward compatibility with legacy role documents without requiring a database migration.
• Existing behavior remains unchanged for roles where protected: true.
• Verified that protected roles (protected: true) are still excluded as expected.
• The query logic is now aligned with MongoDB behavior for missing fields and non-equality comparisons.

Summary by CodeRabbit

• Bug Fixes
  • Fixed custom role filtering logic to correctly identify roles without an explicit protection status as custom roles, improving the accuracy of role discovery and filtering throughout the application.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8416d87

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

MongoDB filter logic in RolesRaw.findCustomRoles and RolesRaw.countCustomRoles is updated from protected: false to protected: { $ne: true }, treating missing or falsy protected fields as custom roles instead of only those explicitly marked false.

Changes

Custom Role Filtering

Layer / File(s)	Summary
Custom role query filters packages/models/src/models/Roles.ts	findCustomRoles and countCustomRoles MongoDB filters updated from requiring protected: false to excluding protected === true via { $ne: true } operator, which includes roles with missing or absent protected fields.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Suggested labels

type: bug

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: updating custom roles queries to handle missing protected fields.
Linked Issues check	✅ Passed	The code changes directly address issue #40798 by updating both findCustomRoles and countCustomRoles to use { $ne: true } instead of strict false matching.
Out of Scope Changes check	✅ Passed	All changes are limited to the custom roles query logic in Roles.ts, directly aligned with the linked issue requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 1 file

_{Re-trigger cubic}