From 03e0843691caef75678879976189d0d1a921be02 Mon Sep 17 00:00:00 2001
From: Kobe Lenjou <kobel@cnext.eu>
Date: Wed, 18 Feb 2026 15:16:15 +0100
Subject: [PATCH] Implement fallback to anonymous role permissions

Added fallback to anonymous role's permissions if the role is not found.
---
 src/Core/Authorization/AuthorizationResolver.cs | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/Core/Authorization/AuthorizationResolver.cs b/src/Core/Authorization/AuthorizationResolver.cs
index 0f22b9cd28..2395eb13a4 100644
--- a/src/Core/Authorization/AuthorizationResolver.cs
+++ b/src/Core/Authorization/AuthorizationResolver.cs
@@ -128,9 +128,21 @@ public bool AreRoleAndOperationDefinedForEntity(string entityIdentifier, string
                     return true;
                 }
             }
+        
+            // If the role is not found or doesn't define the operation,
+            // fall back to the anonymous role's permissions
+            // since anonymous access implies the entity is publicly accessible.
+            if (valueOfEntityToRole.RoleToOperationMap.TryGetValue(ROLE_ANONYMOUS, out RoleMetadata? anonymousRoleMetadata))
+            {
+                if (anonymousRoleMetadata!.OperationToColumnMap.ContainsKey(operation))
+                {
+                    return true;
+                }
+            }
         }
+    }
 
-        return false;
+return false;
     }
 
     public bool IsStoredProcedureExecutionPermitted(string entityName, string roleName, SupportedHttpVerb httpVerb)