admin setting to hide room owner on join of unauthenticated users

[danielwujecki]

Fixes #2843

Type

• Feature

Checklist

• Code updated to current develop branch head
• Passes CI checks
• Is a part of an issue
• Tests added for the bugfix or newly implemented feature, describe below why if not
• Changelog is updated
• Documentation of code and features exists

Changes

• Add migration and property for room.hide_owner_for_guests to RoomSettings.
• Add UI toggle switch to AdminSettings.vue under room settings.
• Update RoomHeader.vue and RoomDetailsList.vue to hide the owner's name for unauthenticated users if the setting is enabled.
• Add corresponding translation keys to all locale files.
• Update Config.php and Settings.php resources to expose the setting to the frontend.

Other information

How to test:

1. Enable the new setting in Admin Panel -> Settings -> Rooms.
2. Visit a room URL as a guest (unauthenticated). The owner's name should be hidden.
3. Visit the same URL as an authenticated user. The owner's name should be visible.

Summary by CodeRabbit

• New Features
  • Added an admin setting to hide room owners from unauthenticated users. Room owner information will be hidden from guest users while remaining visible to authenticated participants. This setting can be toggled in the admin panel.

[coderabbitai]

Walkthrough

The PR implements a feature to hide room owner names from unauthenticated users through an admin-configurable toggle. Changes include backend settings configuration, database migration, API exposure, validation rules, and frontend UI for both admin controls and room display components.

Changes

Cohort / File(s)	Summary
Settings Configuration & Migration app/Settings/RoomSettings.php, app/Http/Controllers/api/v1/SettingsController.php, app/Http/Requests/UpdateSettings.php, database/settings/2026_02_16_085258_add_room_hide_owner_for_guests_to_room_settings.php	Added new boolean property hide_owner_for_guests to RoomSettings, created database migration with default value false, added controller mapping to accept room_hide_owner_for_guests input, and added validation rule.
API Response Layer app/Http/Resources/Settings.php, app/Http/Resources/Room.php	Exposed new room_hide_owner_for_guests setting in Settings resource. Added conditional owner visibility logic in Room resource: owner field is shown only if user is authenticated or hide_owner_for_guests is false.
Admin UI & Localization resources/js/views/AdminSettings.vue, lang/en/admin.php, CHANGELOG.md	Added new toggle switch fieldset in admin settings panel with validation error display, translation entry for UI label, and changelog entry.
Frontend Room Display resources/js/components/RoomDetailsList.vue, resources/js/components/RoomHeader.vue	Modified RoomDetailsList to conditionally render owner block with v-if="props.room.owner", and added formatting in RoomHeader.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

Complete - Waiting for review

Suggested reviewers

• danielmachill

🚥 Pre-merge checks | ✅ 4 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	All changes directly support the core feature of hiding room owner for unauthenticated users; however, translation files added for non-English locales contradict reviewer feedback that non-English locales are synced from PoEditor.	Remove translation entries from non-English locale files, keeping only the English translations in lang/en/admin.php as per reviewer guidance.
Docstring Coverage	⚠️ Warning	Docstring coverage is 62.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main feature: adding an admin setting to hide the room owner from unauthenticated users.
Description check	✅ Passed	The PR description follows the template, includes the linked issue reference (#2843), correctly identifies the type as Feature, provides a detailed changelog of modifications, and includes testing instructions.
Linked Issues check	✅ Passed	The PR addresses all coding requirements from #2843: migration added, RoomSettings property created, UI toggle implemented, conditional visibility logic added to components, and settings exposed to frontend.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into develop

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[samuelwei]

Thanks for your PR @danielwujecki

This fix is only hiding the name (visually), I would prefer hiding it from the API response. The frontend can check if the owner name is returned and show it.

[coderabbitai]

Actionable comments posted: 4

🤖 Fix all issues with AI agents

In `@app/Http/Controllers/api/v1/SettingsController.php`:
- Line 186: The assignment to RoomSettings::$hide_owner_for_guests uses
$request->input(), which can return raw strings and not reliably cast to a PHP
bool; replace the call with $request->boolean('room_hide_owner_for_guests') in
the SettingsController where $roomSettings->hide_owner_for_guests is set so the
value is properly converted to a boolean consistent with the other boolean
fields.

In `@CHANGELOG.md`:
- Around line 8-11: The entry "Add admin setting to hide room owner on join of
unauthenticated users" under the "[Unreleased]" section is missing a category
header; add a "### Added" header directly beneath "## [Unreleased]" and place
that bullet under it so the changelog follows the Keep a Changelog format
(locate the "[Unreleased]" section and the line containing the bullet to move
it).

In `@lang/ar/admin.php`:
- Line 391: The translation for the 'room_hide_owner_for_guests' key is still in
English; replace its value in the lang/ar/admin.php localization array with the
Arabic translation (e.g., "إخفاء مالك الغرفة عن المستخدمين غير المسجلين") so the
string matches the rest of the Arabic locale and preserves the same array key.

In `@lang/fa/admin.php`:
- Line 389: Replace the English value for the translation key
'room_hide_owner_for_guests' with a Persian translation so the Farsi locale is
consistent; update the value for 'room_hide_owner_for_guests' in the
lang/fa/admin.php translations to a proper Farsi string (e.g., "مخفی کردن مالک
اتاق از کاربران احراز هویت نشده").

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Use $request->boolean() instead of $request->input() for a boolean setting.

Every other boolean field in this method uses $request->boolean() (e.g., Lines 171, 178, 188, 190). Using $request->input() returns the raw value (e.g., "1", "true", "0"), which may not properly cast to a PHP bool for the typed RoomSettings::$hide_owner_for_guests property.

Proposed fix

-        $roomSettings->hide_owner_for_guests = $request->input('room_hide_owner_for_guests');
+        $roomSettings->hide_owner_for_guests = $request->boolean('room_hide_owner_for_guests');

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	$roomSettings->hide_owner_for_guests = $request->input('room_hide_owner_for_guests');
	$roomSettings->hide_owner_for_guests = $request->boolean('room_hide_owner_for_guests');

🤖 Prompt for AI Agents

In `@app/Http/Controllers/api/v1/SettingsController.php` at line 186, The
assignment to RoomSettings::$hide_owner_for_guests uses $request->input(), which
can return raw strings and not reliably cast to a PHP bool; replace the call
with $request->boolean('room_hide_owner_for_guests') in the SettingsController
where $roomSettings->hide_owner_for_guests is set so the value is properly
converted to a boolean consistent with the other boolean fields.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing ### Added category header under [Unreleased].

All other version sections follow the Keep a Changelog format with category headers. This entry should be placed under ### Added.

Proposed fix

 ## [Unreleased]
 
+### Added
+
 - Add admin setting to hide room owner on join of unauthenticated users

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	## [Unreleased]
	- Add admin setting to hide room owner on join of unauthenticated users
	## [Unreleased]
	### Added
	- Add admin setting to hide room owner on join of unauthenticated users

🤖 Prompt for AI Agents

In `@CHANGELOG.md` around lines 8 - 11, The entry "Add admin setting to hide room
owner on join of unauthenticated users" under the "[Unreleased]" section is
missing a category header; add a "### Added" header directly beneath "##
[Unreleased]" and place that bullet under it so the changelog follows the Keep a
Changelog format (locate the "[Unreleased]" section and the line containing the
bullet to move it).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Translation string is not localized — still in English.

Same issue as the Farsi locale: this string should be translated to Arabic for consistency with the rest of the file (e.g., "إخفاء مالك الغرفة عن المستخدمين غير المسجلين").

🤖 Prompt for AI Agents

In `@lang/ar/admin.php` at line 391, The translation for the
'room_hide_owner_for_guests' key is still in English; replace its value in the
lang/ar/admin.php localization array with the Arabic translation (e.g., "إخفاء
مالك الغرفة عن المستخدمين غير المسجلين") so the string matches the rest of the
Arabic locale and preserves the same array key.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Translation string is not localized — still in English.

All other entries in this Farsi locale file are translated into Persian, but this new key remains in English. This should be translated to Farsi for consistency (e.g., something like "مخفی کردن مالک اتاق از کاربران احراز هویت نشده").

🤖 Prompt for AI Agents

In `@lang/fa/admin.php` at line 389, Replace the English value for the translation
key 'room_hide_owner_for_guests' with a Persian translation so the Farsi locale
is consistent; update the value for 'room_hide_owner_for_guests' in the
lang/fa/admin.php translations to a proper Farsi string (e.g., "مخفی کردن مالک
اتاق از کاربران احراز هویت نشده").

[samuelwei]

Please remove all non-english locale changes, as they will be removed. All non-english locales are synced from PoEditor (one-way)

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

resources/js/components/RoomDetailsList.vue (1)

7-14: ⚠️ Potential issue | 🟠 Major

Frontend-only hiding is insufficient — owner data is still exposed in the API response.

As noted by reviewer samuelwei, the owner's name is still returned by the API and visible in network responses / browser dev tools. The backend should omit owner.name from the API response for unauthenticated users when the setting is enabled, and the frontend should conditionally render based on whether the field is present in the response rather than a separate flag.

This approach would also simplify this component — no need for the showRoomOwner prop if the API simply doesn't return the owner data.

🤖 Fix all issues with AI agents

In `@lang/de/admin.php`:
- Line 391: Remove the manual non-English locale entry by deleting the
'room_hide_owner_for_guests' => 'Eigentümer eines Raumes für Gäste verstecken'
array element from lang/de/admin.php so translations remain managed through
PoEditor; ensure no other manual German locale keys were added in the same file
and leave only keys that are synced from the canonical source or empty
placeholders if required by the loader.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove non-English locale changes — managed via PoEditor.

Per reviewer feedback, non-English locales are managed one-way via PoEditor. This addition will be overwritten or cause conflicts. Remove this change and let the translation be handled through the PoEditor workflow.

🤖 Prompt for AI Agents

In `@lang/de/admin.php` at line 391, Remove the manual non-English locale entry by
deleting the 'room_hide_owner_for_guests' => 'Eigentümer eines Raumes für Gäste
verstecken' array element from lang/de/admin.php so translations remain managed
through PoEditor; ensure no other manual German locale keys were added in the
same file and leave only keys that are synced from the canonical source or empty
placeholders if required by the loader.

[coderabbitai]

🧹 Nitpick comments (1)

app/Http/Resources/Room.php (1)

86-97: Good approach: owner data is properly excluded from the API response.

This correctly addresses the reviewer feedback to remove the owner from the API response rather than just hiding it in the frontend.

One minor note: the array on lines 95–96 is eagerly evaluated even when $showOwner is false. Consider using a closure to defer evaluation:

♻️ Suggested improvement

-        'owner' => $this->when($showOwner, [
-            'id' => $this->owner->id,
-            'name' => $this->owner->fullname,
-        ]),
+        'owner' => $this->when($showOwner, fn () => [
+            'id' => $this->owner->id,
+            'name' => $this->owner->fullname,
+        ]),

Since the owner relationship is likely already eager-loaded, this is a minor optimization, but it avoids unnecessary property access when the value will be discarded.

[danielwujecki]

Please remove all non-english locale changes, as they will be removed. All non-english locales are synced from PoEditor (one-way)

Done

This fix is only hiding the name (visually), I would prefer hiding it from the API response. The frontend can check if the owner name is returned and show it.

Good point, I improved this.

[samuelwei]

Add subheading according to keepachangelog and add links to issue and PR

[samuelwei]

Remove empty new line

[samuelwei]

Field room_hide_owner_for_guests should be added to lang/en/validation.php

Please also add this to the frontend cypress tests

[samuelwei]

Add backend tests

[samuelwei]

Add backend tests

[samuelwei]

Add frontend test

[samuelwei]

Please also run the code style fixers, see https://thm-health.github.io/PILOS/docs/development/code-style

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.27%. Comparing base (317d02e) to head (fbd1047).

Additional details and impacted files

@@              Coverage Diff              @@
##             develop    #2844      +/-   ##
=============================================
+ Coverage      96.77%   97.27%   +0.50%     
=============================================
  Files            440      177     -263     
  Lines          12479     6277    -6202     
  Branches        2073     2074       +1     
=============================================
- Hits           12076     6106    -5970     
+ Misses           403      171     -232     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.