UI: Correctly call resultant-acl endpoint when user root is root (#25766)

* Correctly call resultant-acl endpoint when user root is root

* check test differently

* Add changelog

changelog/25766.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+ui: call resultant-acl without namespace header when user mounted at root namespace
+```

ui/app/adapters/permissions.js

@@ -7,7 +7,7 @@ import ApplicationAdapter from './application';
 
 export default ApplicationAdapter.extend({
   query() {
-    const namespace = this.namespaceService.userRootNamespace || this.namespaceService.path;
+    const namespace = this.namespaceService.userRootNamespace ?? this.namespaceService.path;
     return this.ajax(this.urlForQuery(), 'GET', { namespace });
   },
 

ui/tests/unit/adapters/permissions-test.js

@@ -36,4 +36,29 @@ module('Unit | Adapter | permissions', function (hooks) {
     });
     await adapter.query();
   });
+  test('it calls resultant-acl with the users root namespace when root', async function (assert) {
+    assert.expect(1);
+    const adapter = this.owner.lookup('adapter:permissions');
+    const nsService = this.owner.lookup('service:namespace');
+    const auth = this.owner.lookup('service:auth');
+    nsService.setNamespace('admin');
+    auth.setCluster('1');
+    auth.set('tokens', ['vault-_root_☃1']);
+    auth.setTokenData('vault-_root_☃1', { userRootNamespace: '', backend: { mountPath: 'token' } });
+
+    this.server.get('/sys/internal/ui/resultant-acl', (schema, request) => {
+      assert.false(
+        Object.keys(request.requestHeaders).includes('X-Vault-Namespace'),
+        'request is called without namespace'
+      );
+
+      return {
+        data: {
+          exact_paths: {},
+          glob_paths: {},
+        },
+      };
+    });
+    await adapter.query();
+  });
 });