diff --git a/app/controllers/api/pm/projects_controller.rb b/app/controllers/api/pm/projects_controller.rb
index 4627b189a..5d5012885 100644
--- a/app/controllers/api/pm/projects_controller.rb
+++ b/app/controllers/api/pm/projects_controller.rb
@@ -1,11 +1,21 @@
 class Api::Pm::ProjectsController < Api::Pm::BaseController
-
+  before_action :require_login, except: [:convert]
+  before_action :load_project
   def convert
-    @project = Project.joins(:owner).find params[:project_id]
     data = {
       owner: @project.owner.try(:login),
       identifier: @project.identifier
     }
     render_ok(data: data)
   end
+
+  def bind_project
+    return  render_forbidden('您没有操作权限！') unless @project.member?(current_user) || current_user.admin?
+    Issue.where(pm_project_id: params[:pm_project_id], user_id: current_user).update_all(project_id: params[:project_id])
+  end
+
+  private
+  def load_project
+    @project = Project.joins(:owner).find params[:project_id]
+  end
 end