diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb
index c765906b0..b937d798e 100644
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -40,6 +40,13 @@ class Api::V1::BaseController < ApplicationController
     return render_forbidden if !current_user.admin? && !@project.operator?(current_user)
   end
 
+  # 具有仓库的操作权限或者fork仓库的操作权限
+  def require_operate_above_or_fork_project 
+    @project = load_project
+    puts !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user))
+    return render_forbidden if !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user))
+  end
+
   # 具有对仓库的访问权限
   def require_public_and_member_above
     @project = load_project 
diff --git a/app/controllers/api/v1/projects/contents_controller.rb b/app/controllers/api/v1/projects/contents_controller.rb
index 44ab8c549..1c59164a1 100644
--- a/app/controllers/api/v1/projects/contents_controller.rb
+++ b/app/controllers/api/v1/projects/contents_controller.rb
@@ -1,13 +1,13 @@
 class Api::V1::Projects::ContentsController < Api::V1::BaseController 
-  before_action :require_operate_above, only: [:batch]
+  before_action :require_operate_above_or_fork_project, only: [:batch]
 
   def batch 
     @batch_content_params = batch_content_params
     # 处理下author和committer信息，如果没传则默认为当前用户信息
     @batch_content_params.merge!(author_email: current_user.mail, author_name: current_user.login) if batch_content_params[:author_email].blank? && batch_content_params[:author_name].blank?
     @batch_content_params.merge!(committer_email: current_user.mail, committer_name: current_user.login) if batch_content_params[:committer_email].blank? && batch_content_params[:committer_name].blank?
-    @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, current_user&.gitea_token)
-    puts @result_object
+
+    @result_object = Api::V1::Projects::Contents::BatchCreateService.call(@project, @batch_content_params, @project.owner.gitea_token)
   end
 
   private