diff --git a/app/controllers/api/v1/organizations/projects_controller.rb b/app/controllers/api/v1/organizations/projects_controller.rb
index b1f905404..0fd95bb50 100644
--- a/app/controllers/api/v1/organizations/projects_controller.rb
+++ b/app/controllers/api/v1/organizations/projects_controller.rb
@@ -22,8 +22,17 @@ class Api::V1::Organizations::ProjectsController < Api::V1::BaseController
     private
 
     def load_organization
-        @organization = Organization.find_by(login: params[:organization_id]) || Organization.find_by(id: params[:organization_id])
+        @organization = Organization.find_by(login: params[:owner]) || Organization.find_by(id: params[:owner])
         return render_not_found("组织不存在") if @organization.nil?
         return render_forbidden("没有查看组织的权限") if org_limited_condition || org_privacy_condition
     end
+
+    def org_limited_condition
+        @organization.organization_extension.limited? && !current_user.logged?
+    end
+
+    def org_privacy_condition
+        return false if current_user.admin?
+        @organization.organization_extension.privacy? && @organization.organization_users.where(user_id: current_user.id).blank?
+    end
 end
\ No newline at end of file
diff --git a/app/controllers/organizations/projects_controller.rb b/app/controllers/organizations/projects_controller.rb
index ba03b059a..380f32e48 100644
--- a/app/controllers/organizations/projects_controller.rb
+++ b/app/controllers/organizations/projects_controller.rb
@@ -36,7 +36,7 @@ class Organizations::ProjectsController < Organizations::BaseController
   private
 
   def load_organization
-    @organization = Organization.find_by(login: params[:owner]) || Organization.find_by(id: params[:owner])
+    @organization = Organization.find_by(login: params[:organization_id]) || Organization.find_by(id: params[:organization_id])
     return render_not_found("组织不存在") if @organization.nil?
     return render_forbidden("没有查看组织的权限") if org_limited_condition || org_privacy_condition
   end