From 00484683b3a3f53117e43aa8f8aff0eee098738f Mon Sep 17 00:00:00 2001
From: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Date: Tue, 5 Mar 2024 17:36:00 +0000
Subject: [PATCH] backport of commit cdd88d56afd9ace36da9800edaa1c22d66db65c7

---
 changelog/25766.txt                        |  3 +++
 ui/app/adapters/permissions.js             |  2 +-
 ui/tests/unit/adapters/permissions-test.js | 25 ++++++++++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 changelog/25766.txt

diff --git a/changelog/25766.txt b/changelog/25766.txt
new file mode 100644
index 000000000000..7166fc3a3559
--- /dev/null
+++ b/changelog/25766.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: call resultant-acl without namespace header when user mounted at root namespace
+```
diff --git a/ui/app/adapters/permissions.js b/ui/app/adapters/permissions.js
index 02d9c49a27ca..c6bb15ef7208 100644
--- a/ui/app/adapters/permissions.js
+++ b/ui/app/adapters/permissions.js
@@ -7,7 +7,7 @@ import ApplicationAdapter from './application';
 
 export default ApplicationAdapter.extend({
   query() {
-    const namespace = this.namespaceService.userRootNamespace || this.namespaceService.path;
+    const namespace = this.namespaceService.userRootNamespace ?? this.namespaceService.path;
     return this.ajax(this.urlForQuery(), 'GET', { namespace });
   },
 
diff --git a/ui/tests/unit/adapters/permissions-test.js b/ui/tests/unit/adapters/permissions-test.js
index 2bcb12565685..a5e65b2822e0 100644
--- a/ui/tests/unit/adapters/permissions-test.js
+++ b/ui/tests/unit/adapters/permissions-test.js
@@ -34,4 +34,29 @@ module('Unit | Adapter | permissions', function (hooks) {
     });
     await adapter.query();
   });
+  test('it calls resultant-acl with the users root namespace when root', async function (assert) {
+    assert.expect(1);
+    const adapter = this.owner.lookup('adapter:permissions');
+    const nsService = this.owner.lookup('service:namespace');
+    const auth = this.owner.lookup('service:auth');
+    nsService.setNamespace('admin');
+    auth.setCluster('1');
+    auth.set('tokens', ['vault-_root_☃1']);
+    auth.setTokenData('vault-_root_☃1', { userRootNamespace: '', backend: { mountPath: 'token' } });
+
+    this.server.get('/sys/internal/ui/resultant-acl', (schema, request) => {
+      assert.false(
+        Object.keys(request.requestHeaders).includes('X-Vault-Namespace'),
+        'request is called without namespace'
+      );
+
+      return {
+        data: {
+          exact_paths: {},
+          glob_paths: {},
+        },
+      };
+    });
+    await adapter.query();
+  });
 });