Skip to content

[Bug]: getUserRoles fails with 400/404 on modern Rocket.Chat versions #1099

New issue
New issue
Open
#1104
Open
[Bug]: getUserRoles fails with 400/404 on modern Rocket.Chat versions#1099
#1104
Labels
bugSomething isn't working
@deepak0x

Description

@deepak0x
deepak0x
opened on Jan 23, 2026

The internal getUserRoles method call in EmbeddedChatApi fails when connected to modern Rocket.Chat workspaces. The request returns a 400 Bad Request in the browser console, while the underlying server response indicates a 404 Method Not Found error.

As a result, the application is unable to correctly determine user roles (such as admin), which impacts permission-based UI features.

Reproduction Steps

  1. Connect EmbeddedChat to a modern Rocket.Chat workspace (tested on a local custom workspace).

  2. Log in as any user (including an admin).

  3. Open the browser developer console.

  4. Observe the following error:

    POST http://<host>/api/v1/method.call/getUserRoles 400 (Bad Request)

  5. Inspect the network response to view the underlying Meteor error.

Actual Behavior

The request to api/v1/method.call/getUserRoles returns the following response:

{
  "message": "{\"msg\":\"result\",\"id\":\"\",\"error\":{\"isClientSafe\":true,\"error\":404,\"reason\":\"Method 'getUserRoles' not found\",\"message\":\"Method 'getUserRoles' not found [404]\",\"errorType\":\"Meteor.Error\"}}",
  "success": false
}
Image

Expected Behavior

The application should successfully fetch the authenticated user’s roles using an API endpoint supported by current Rocket.Chat versions.

Technical Context

The issue originates in EmbeddedChatApi.ts:

async getUserRoles() {
  try {
    const { userId, authToken } = (await this.auth.getCurrentUser()) || {};
    const response = await fetch(
      `${this.host}/api/v1/method.call/getUserRoles`, // Legacy DDP-over-REST method
      {
        body: JSON.stringify({
          message: JSON.stringify({
            msg: "method",
            id: null,
            method: "getUserRoles",
            params: [],
          }),
        }),
        // ...
      }
    );
    // ...
  }
}

Root Cause

The codebase relies on a legacy DDP-over-REST method call (getUserRoles) that has been deprecated or removed in recent Rocket.Chat versions in favor of standard REST API endpoints.

Proposed Fix

Update getUserRoles to use a modern REST API endpoint supported by current Rocket.Chat servers, such as:

  • GET /api/v1/roles.getUsersInRole?role=admin
  • or an equivalent roles/permissions endpoint

This change will restore compatibility with modern Rocket.Chat versions and ensure accurate role-based behavior in the UI.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions