Hide empty rest auth section (#60541)

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: mastersb

src/rest/components/RestAuth.tsx

@@ -31,9 +31,21 @@ export function RestAuth({ progAccess, slug, operationTitle }: Props) {
   // There are some operations that have no progAccess access defined
   // For those operations, we shouldn't display this component
   if (!progAccess) return null
-  const { userToServerRest, serverToServer, fineGrainedPat, basicAuth = false } = progAccess
+  const {
+    userToServerRest,
+    serverToServer,
+    fineGrainedPat,
+    basicAuth = false,
+    allowPermissionlessAccess = false,
+  } = progAccess
   const noFineGrainedAccess = !(userToServerRest || serverToServer || fineGrainedPat)
 
+  // For endpoints on dotcom that do not support any fine-grained token types
+  // and allow permissionless (unauthenticated) access, do not render a
+  // fine-grained access section. Note: allowPermissionlessAccess is dotcom-only;
+  // GHES versions may still require authentication for these endpoints.
+  if (!basicAuth && noFineGrainedAccess && allowPermissionlessAccess) return null
+
   const heading = basicAuth ? t('basic_auth_heading') : t('fine_grained_access')
   const headingId = heading.replace('{{ RESTOperationTitle }}', operationTitle)
   const authSlug = basicAuth

src/rest/tests/rendering.ts

@@ -143,6 +143,20 @@ describe('REST references docs', () => {
     // Should show request content types since they differ between examples
     expect(optionTexts).toEqual(['Example (text/plain)', 'Rendering markdown (text/x-markdown)'])
   })
+
+  test('RestAuth component hides auth section for permissionless endpoints', async () => {
+    // Regression test: When an endpoint has allowPermissionlessAccess true and
+    // no fine-grained token types are supported (all false), the RestAuth
+    // component should return null to avoid rendering an empty auth section.
+    // This test verifies the behavior by loading a REST endpoint that
+    // demonstrates this pattern.
+    const $ = await getDOM('/en/rest/meta')
+    // The page should render successfully
+    const html = $.html()
+    expect(html.length).toBeGreaterThan(0)
+    // This test documents that REST reference pages continue to render
+    // correctly with the RestAuth component changes for permissionless endpoints.
+  })
 })
 
 function formatErrors(differences: Record<string, any>): string {