- Add the access and roles properties to an action's availability property and set root availability to true. (Find attached decoration as an example)
- Login as an user who shouldn't be able to make use of such action due to the access rule.
Action on root level is blocked for users without the required roles.
This was achievable in Magnolia 5.7.11 using a similar configuration.
Action on root level is enabled for any user.
It looks like the behaviour change is caused by the logic on the AbstractAvailabilityRule] class, which automatically bypasses any empty collection.
This makes it so an empty collection (root case), always returns true regardless of the logged user. However, the behaviour in Magnolia 5.7.11 is different (AvailabilityChecker]), since in case of having an empty collection, the default ID (root node ID) is inserted, making possible to check the action availability.