diff --git a/app/controllers/issue_tags_controller.rb b/app/controllers/issue_tags_controller.rb
index f3691f3d4..dc2ad7976 100644
--- a/app/controllers/issue_tags_controller.rb
+++ b/app/controllers/issue_tags_controller.rb
@@ -2,7 +2,7 @@ class IssueTagsController < ApplicationController
   before_action :require_login, except: [:index]
   before_action :load_repository
   before_action :set_user
-  before_action :check_issue_permission, except: :index
+  before_action :check_issue_tags_permission
   before_action :set_issue_tag, only: [:edit, :update, :destroy]
 
 
@@ -122,9 +122,9 @@ class IssueTagsController < ApplicationController
     @user = @project.owner
   end
 
-  def check_issue_permission
-    unless @project.member?(current_user) || current_user.admin?
-      normal_status(-1, "您没有权限")
+  def check_issue_tags_permission
+    unless @project.manager?(current_user) || current_user.admin?
+      return render_forbidden('你不是管理员，没有权限操作')
     end
   end
 
diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb
index 77087770a..92ad4ccbb 100644
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -3,7 +3,7 @@ class MembersController < ApplicationController
   before_action :load_project
   before_action :find_user_with_id, only: %i[create remove change_role]
   before_action :check_user_profile_completed, only: [:create]
-  before_action :operate!, except: %i[index]
+  before_action :operate!
   before_action :check_member_exists!, only: %i[create]
   before_action :check_member_not_exists!, only: %i[remove change_role]