diff --git a/app/controllers/version_releases_controller.rb b/app/controllers/version_releases_controller.rb
index c66a4bf0d..2d7546a1c 100644
--- a/app/controllers/version_releases_controller.rb
+++ b/app/controllers/version_releases_controller.rb
@@ -2,6 +2,7 @@ class VersionReleasesController < ApplicationController
   before_action :load_repository
   before_action :set_user
   before_action :require_login, except: [:index, :show]
+  before_action :check_release_authorize, except: [:index, :show]
   before_action :find_version , only: [:show, :edit, :update, :destroy]
 
   def index
@@ -161,4 +162,8 @@ class VersionReleasesController < ApplicationController
     end
   end
 
+  def check_release_authorize
+    return render_forbidden("您没有权限进行此操作.") unless current_user.admin? || @project.manager?(current_user)
+  end
+
 end
diff --git a/app/views/version_releases/_version_release.json.jbuilder b/app/views/version_releases/_version_release.json.jbuilder
index ddf59ee75..1ccdbe617 100644
--- a/app/views/version_releases/_version_release.json.jbuilder
+++ b/app/views/version_releases/_version_release.json.jbuilder
@@ -12,6 +12,7 @@ json.draft version&.draft ? "草稿" : (version&.prerelease ? "预发行" : "稳
 json.created_at format_time(version.created_at.to_s.to_time)
 json.published_at format_time(version.created_at.to_s.to_time)
 json.user_name user.present? ? user.try(:show_real_name) : ""
+json.user_login user&.login
 json.image_url user.present? ? url_to_avatar(user) : ""
 json.attachments do
   json.array! version.try(:attachments) do |attachment|