diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb
index bcb0c4e86..ea2266390 100644
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -55,6 +55,11 @@ class Api::V1::BaseController < ApplicationController
     return render_forbidden if !current_user.admin? && !@project.operator?(current_user) && !(@project.fork_project.present? && @project.fork_project.operator?(current_user))
   end
 
+  def require_member_above 
+    @project = load_project 
+    return render_forbidden if !current_user.admin? && !@project.member?(current_user)
+  end
+
   # 具有对仓库的访问权限
   def require_public_and_member_above
     @project = load_project 
diff --git a/app/controllers/api/v1/projects/datasets_controller.rb b/app/controllers/api/v1/projects/datasets_controller.rb
index b8cdf780c..0065d529e 100644
--- a/app/controllers/api/v1/projects/datasets_controller.rb
+++ b/app/controllers/api/v1/projects/datasets_controller.rb
@@ -1,8 +1,10 @@
 class Api::V1::Projects::DatasetsController < Api::V1::BaseController
-  before_action :require_public_and_member_above
+  before_action :require_member_above
   before_action :find_dataset, only: [:update, :show]
+  before_action :check_menu_authorize
 
   def create 
+    ::Projects::Datasets::CreateForm.new(dataset_params).validate!
     return render_error('该项目下已存在数据集！') if @project.project_dataset.present?
     @project_dataset = ProjectDataset.new(dataset_params.merge!(project_id: @project.id))
     if @project_dataset.save! 
@@ -10,15 +12,22 @@ class Api::V1::Projects::DatasetsController < Api::V1::BaseController
     else 
       render_error('创建数据集失败！')
     end
+  rescue Exception => e
+    uid_logger_error(e.message)
+    tip_exception(e.message)
   end
 
   def update 
+    ::Projects::Datasets::CreateForm.new(dataset_params).validate!
     @project_dataset.attributes = dataset_params
     if @project_dataset.save! 
       render_ok
     else
       render_error("更新数据集失败！")
     end
+  rescue Exception => e
+    uid_logger_error(e.message)
+    tip_exception(e.message)
   end
 
   def show 
@@ -35,4 +44,7 @@ class Api::V1::Projects::DatasetsController < Api::V1::BaseController
     return render_not_found unless @project_dataset.present?
   end
 
+  def check_menu_authorize
+    return render_not_found unless @project.has_menu_permission("dataset")
+  end
 end
\ No newline at end of file
diff --git a/app/forms/projects/datasets/create_form.rb b/app/forms/projects/datasets/create_form.rb
new file mode 100644
index 000000000..c812ee17e
--- /dev/null
+++ b/app/forms/projects/datasets/create_form.rb
@@ -0,0 +1,15 @@
+class Projects::Datasets::CreateForm < BaseForm
+  attr_accessor :title, :description, :license_id, :paper_content
+  
+
+  validates :title, presence: true, length: { maximum: 100 }
+  validates :description, presence: true, length: { maximum: 500 }
+  validates :paper_content, length: { maximum: 500 }
+
+  validate :check_license
+
+  def check_license
+    raise "license_id值无效. " if license_id && License.find_by(id: license_id).blank?
+  end
+
+end
\ No newline at end of file