diff --git a/changelog/25766.txt b/changelog/25766.txt new file mode 100644 index 000000000000..7166fc3a3559 --- /dev/null +++ b/changelog/25766.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: call resultant-acl without namespace header when user mounted at root namespace +``` diff --git a/ui/app/adapters/permissions.js b/ui/app/adapters/permissions.js index 02d9c49a27ca..c6bb15ef7208 100644 --- a/ui/app/adapters/permissions.js +++ b/ui/app/adapters/permissions.js @@ -7,7 +7,7 @@ import ApplicationAdapter from './application'; export default ApplicationAdapter.extend({ query() { - const namespace = this.namespaceService.userRootNamespace || this.namespaceService.path; + const namespace = this.namespaceService.userRootNamespace ?? this.namespaceService.path; return this.ajax(this.urlForQuery(), 'GET', { namespace }); }, diff --git a/ui/tests/unit/adapters/permissions-test.js b/ui/tests/unit/adapters/permissions-test.js index d10230d4a6b6..56702f8f9a95 100644 --- a/ui/tests/unit/adapters/permissions-test.js +++ b/ui/tests/unit/adapters/permissions-test.js @@ -36,4 +36,29 @@ module('Unit | Adapter | permissions', function (hooks) { }); await adapter.query(); }); + test('it calls resultant-acl with the users root namespace when root', async function (assert) { + assert.expect(1); + const adapter = this.owner.lookup('adapter:permissions'); + const nsService = this.owner.lookup('service:namespace'); + const auth = this.owner.lookup('service:auth'); + nsService.setNamespace('admin'); + auth.setCluster('1'); + auth.set('tokens', ['vault-_root_☃1']); + auth.setTokenData('vault-_root_☃1', { userRootNamespace: '', backend: { mountPath: 'token' } }); + + this.server.get('/sys/internal/ui/resultant-acl', (schema, request) => { + assert.false( + Object.keys(request.requestHeaders).includes('X-Vault-Namespace'), + 'request is called without namespace' + ); + + return { + data: { + exact_paths: {}, + glob_paths: {}, + }, + }; + }); + await adapter.query(); + }); });