no 403 if no permissions

kinglionsoft · web-flow · commit ff3df6d19a45 · 2018-03-02T16:45:15.000+08:00
diff --git a/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Startup/SecurityRequirementsOperationFilter.cs b/aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Startup/SecurityRequirementsOperationFilter.cs
@@ -23,12 +23,15 @@ public void Apply(Operation operation, OperationFilterContext context)
             if (controllerAbpAuthorizeAttrs.Any() || actionAbpAuthorizeAttrs.Any())
             {
                 operation.Responses.Add("401", new Response { Description = "Unauthorized" });
-                operation.Responses.Add("403", new Response { Description = "Forbidden" });
-
+                
                 var permissions = controllerAbpAuthorizeAttrs.Union(actionAbpAuthorizeAttrs)
                     .SelectMany(p => p.Permissions)
                     .Distinct();
-
+                    
+                if(permissions.Any()){
+                    operation.Responses.Add("403", new Response { Description = "Forbidden" });
+                }
+                
                 operation.Security = new List<IDictionary<string, IEnumerable<string>>>
                 {
                     new Dictionary<string, IEnumerable<string>>
