diff --git a/app/models/principal.rb b/app/models/principal.rb
index d415810d5..8e5bcd790 100644
--- a/app/models/principal.rb
+++ b/app/models/principal.rb
@@ -143,6 +143,10 @@ class Principal < ActiveRecord::Base
     project.is_a?(Project) && project_ids.include?(project.id)
   end
 
+  def roles
+    @roles ||= Role.joins(members: :project).where(["#{Project.table_name}.status <> ?", Project::STATUS_ARCHIVED]).where(Member.arel_table[:user_id].eq(id)).distinct
+  end
+
   # Returns an array of the project ids that the principal is a member of
   def project_ids
     @project_ids ||= super.freeze
diff --git a/app/models/user.rb b/app/models/user.rb
index c7612c91b..fd7487700 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -588,10 +588,6 @@ class User < Principal
     @membership_by_project_id[project_id]
   end
 
-  def roles
-    @roles ||= Role.joins(members: :project).where(["#{Project.table_name}.status <> ?", Project::STATUS_ARCHIVED]).where(Member.arel_table[:user_id].eq(id)).distinct
-  end
-
   # Returns the user's bult-in role
   def builtin_role
     @builtin_role ||= Role.non_member
@@ -723,7 +719,7 @@ class User < Principal
       return true if admin?
 
       # authorize if user has at least one role that has this permission
-      roles = self.roles.to_a | [builtin_role]
+      roles = self.roles.to_a | [builtin_role] | Group.non_member.roles.to_a | Group.anonymous.roles.to_a
       roles.any? {|role|
         role.allowed_to?(action) &&
         (block_given? ? yield(role, self) : true)
diff --git a/test/system/issues_test.rb b/test/system/issues_test.rb
index 2bafc37b9..f5dc6419d 100644
--- a/test/system/issues_test.rb
+++ b/test/system/issues_test.rb
@@ -152,6 +152,32 @@ class IssuesSystemTest < ApplicationSystemTestCase
     assert_equal 'Some description', issue.attachments.first.description
   end
 
+  def test_create_issue_with_attachment_when_user_is_not_a_member
+    set_tmp_attachments_directory
+
+    # Set no permission to non-member role
+    non_member_role = Role.where(:builtin => Role::BUILTIN_NON_MEMBER).first
+    non_member_role.permissions = []
+    non_member_role.save
+
+    # Set role "Reporter" to non-member users on project ecookbook
+    membership = Member.find_or_create_by(user_id: Group.non_member.id, project_id: 1)
+    membership.roles = [Role.find(3)] # Reporter
+    membership.save
+
+    log_user('someone', 'foo')
+
+    issue = new_record(Issue) do
+      visit '/projects/ecookbook/issues/new'
+      fill_in 'Subject', :with => 'Issue with attachment'
+      attach_file 'attachments[dummy][file]', Rails.root.join('test/fixtures/files/testfile.txt')
+      fill_in 'attachments[1][description]', :with => 'Some description'
+      click_on 'Create'
+    end
+    assert_equal 1, issue.attachments.count
+    assert_equal 'Some description', issue.attachments.first.description
+  end
+
   def test_create_issue_with_new_target_version
     log_user('jsmith', 'jsmith')