[Bug]: REST unexpected authorization error when excluding primary key and using orderby

[RubenCerna2079]

What happened?

If a primary key is excluded through the actions.fields.exclude property an authorization error occurs when the orderby clause is used in the request, even if the field used in the orderby is authorized.

Configuration file: In this case id is a primary key

"Book": {
   "permissions": [
    {
      "role": "anonymous",
      "actions": [
        {
          "action": "create"
        },
        {
          "action": "read",
          "fields": {
            "include": [ "*" ],
            "exclude": [ "id" ]
          },
          "policy": {
            "database": "id gt 2"
          }
       }
    }

REST request used: https://localhost:5001/api/Book?$orderby=title asc

Version

1.6.68

What database are you using?

Azure SQL

What hosting model are you using?

No response

Which API approach are you accessing DAB through?

REST

Relevant log output

fail: Azure.DataApiBuilder.Service.Controllers.RestController[0]
      71916690-677b-4638-a837-b2e7eaa8fee6 Error handling REST request.
      Azure.DataApiBuilder.Service.Exceptions.DataApiBuilderException: Authorization Failure: Access Not Allowed.
         at Azure.DataApiBuilder.Core.Services.RestService.AuthorizationCheckForRequirementAsync(Object resource, IAuthorizationRequirement requirement) in C:\Users\rcernaserna\DAB\data-api-builder\src\Core\Services\RestService.cs:line 508
         at Azure.DataApiBuilder.Core.Services.RestService.ExecuteAsync(String entityName, EntityActionOperation operationType, String primaryKeyRoute) in C:\Users\rcernaserna\DAB\data-api-builder\src\Core\Services\RestService.cs:line 189
         at Azure.DataApiBuilder.Service.Controllers.RestController.HandleOperation(String route, EntityActionOperation operationType) in C:\Users\rcernaserna\DAB\data-api-builder\src\Service\Controllers\RestController.cs:line 239

Code of Conduct

• I agree to follow this project's Code of Conduct