diff --git a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-default/src/main/java/org/hswebframework/web/system/authorization/defaults/webflux/WebFluxPermissionController.java b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-default/src/main/java/org/hswebframework/web/system/authorization/defaults/webflux/WebFluxPermissionController.java
index cbc6d5fb3..9a4cf88a0 100644
--- a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-default/src/main/java/org/hswebframework/web/system/authorization/defaults/webflux/WebFluxPermissionController.java
+++ b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-default/src/main/java/org/hswebframework/web/system/authorization/defaults/webflux/WebFluxPermissionController.java
@@ -10,6 +10,7 @@
 import org.hswebframework.web.api.crud.entity.QueryParamEntity;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.annotation.*;
+import org.hswebframework.web.authorization.exception.UnAuthorizedException;
 import org.hswebframework.web.crud.service.ReactiveCrudService;
 import org.hswebframework.web.crud.web.reactive.ReactiveServiceCrudController;
 import org.hswebframework.web.system.authorization.api.entity.PermissionEntity;
@@ -59,11 +60,12 @@ public Mono<Integer> changePermissionState(@PathVariable @Parameter(description
     }
 
     @GetMapping("/_query/for-grant")
-    @ResourceAction(id = "grant", name = "赋权")
-    @QueryNoPagingOperation(summary = "获取用于赋权的权限列表")
+    @Authorize(ignore = true)
+    @QueryNoPagingOperation(summary = "获取当前用户用于赋权的权限列表")
     public Flux<PermissionEntity> queryForGrant(QueryParamEntity query) {
         return Authentication
                 .currentReactive()
+                .switchIfEmpty(Mono.error(UnAuthorizedException::new))
                 .flatMapMany(auth -> permissionProperties
                         .getFilter()
                         .doFilter(permissionService.query(query.noPaging()), auth));