diff --git a/app/controllers/api/pm/pipelines_controller.rb b/app/controllers/api/pm/pipelines_controller.rb
index cafb43a4d..f8f073c96 100644
--- a/app/controllers/api/pm/pipelines_controller.rb
+++ b/app/controllers/api/pm/pipelines_controller.rb
@@ -1,10 +1,12 @@
 class Api::Pm::PipelinesController < Api::Pm::BaseController
   include RepositoriesHelper
-  before_action :require_operate_above, except: [:upload_results, :run_results]
 
   def index
     @owner = Owner.find_by(login: params[:owner_id].to_s) || Owner.find_by(id: params[:owner_id].to_s)
     tip_exception('组织未找到') if @owner.blank?
+    unless @owner.is_a?(Organization) && @owner.is_member?(current_user.id)
+      tip_exception('没有查看组织的权限')
+    end
     @project_ids = @owner.projects.ids
     project_gpids = @owner.projects.pluck(:gpid)
     action_runs = Gitea::ActionRun.where(owner_id: @owner.gitea_uid)