diff --git a/app/controllers/mark_files_controller.rb b/app/controllers/mark_files_controller.rb
index 53bd279e7..4668471e3 100644
--- a/app/controllers/mark_files_controller.rb
+++ b/app/controllers/mark_files_controller.rb
@@ -18,6 +18,14 @@ class MarkFilesController < ApplicationController
     end
   end
 
+  def mark_file_as_unread
+
+  end
+
+  def mark_file_as_read
+
+  end
+
   private 
   def review_params 
     params.require(:review).permit(:content, :commit_id, :status)
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index e19fb972c..5bed0950c 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -114,11 +114,13 @@ module ProjectsHelper
   # API：
   # GET：https://ci-v3.test.jianmuhub.com/oauth2/authorize?code=${encode(密文)}
   def jianmu_devops_code(project, user)
-    data = { userId: user.id, ref: project.identifier, owner: project.owner.login, timestamp: Time.now.to_i * 1000 }
-    uid = EduSetting.get("jianmu_oauth2_uid") || 'oedKx4v-WyAfu2oy_AsFpFQCH_-g91ms0PQKN7YcEuw'
-    app = Doorkeeper::Application.find_by(uid: uid)
-    key =  'bf3c199c2470cb477d907b1e0917c17b'
-    aes_encrypt(key, data.to_json)
+    if user.admin? || project.member?(user.id)
+      data = { userId: user.id, ref: project.identifier, owner: project.owner.login, timestamp: Time.now.to_i * 1000 }
+      # uid = EduSetting.get("jianmu_oauth2_uid") || 'oedKx4v-WyAfu2oy_AsFpFQCH_-g91ms0PQKN7YcEuw'
+      # app = Doorkeeper::Application.find_by(uid: uid)
+      key = 'bf3c199c2470cb477d907b1e0917c17b'
+      aes_encrypt(key, data.to_json)
+    end
   end
 
   def aes_encrypt(key, des_text)