From 9cf4cc290c2bc967540a5576a1853102506609c1 Mon Sep 17 00:00:00 2001
From: yystopf <yystopf@163.com>
Date: Fri, 25 Jul 2025 15:01:36 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=94=B9=EF=BC=9A=E8=AF=B7=E6=B1=82?=
 =?UTF-8?q?=E5=8F=82=E6=95=B0=E6=9F=A5=E8=AF=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../api/v1/organizations/projects_controller.rb       | 11 ++++++++++-
 app/controllers/organizations/projects_controller.rb  |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/v1/organizations/projects_controller.rb b/app/controllers/api/v1/organizations/projects_controller.rb
index b1f905404..0fd95bb50 100644
--- a/app/controllers/api/v1/organizations/projects_controller.rb
+++ b/app/controllers/api/v1/organizations/projects_controller.rb
@@ -22,8 +22,17 @@ class Api::V1::Organizations::ProjectsController < Api::V1::BaseController
     private
 
     def load_organization
-        @organization = Organization.find_by(login: params[:organization_id]) || Organization.find_by(id: params[:organization_id])
+        @organization = Organization.find_by(login: params[:owner]) || Organization.find_by(id: params[:owner])
         return render_not_found("组织不存在") if @organization.nil?
         return render_forbidden("没有查看组织的权限") if org_limited_condition || org_privacy_condition
     end
+
+    def org_limited_condition
+        @organization.organization_extension.limited? && !current_user.logged?
+    end
+
+    def org_privacy_condition
+        return false if current_user.admin?
+        @organization.organization_extension.privacy? && @organization.organization_users.where(user_id: current_user.id).blank?
+    end
 end
\ No newline at end of file
diff --git a/app/controllers/organizations/projects_controller.rb b/app/controllers/organizations/projects_controller.rb
index ba03b059a..380f32e48 100644
--- a/app/controllers/organizations/projects_controller.rb
+++ b/app/controllers/organizations/projects_controller.rb
@@ -36,7 +36,7 @@ class Organizations::ProjectsController < Organizations::BaseController
   private
 
   def load_organization
-    @organization = Organization.find_by(login: params[:owner]) || Organization.find_by(id: params[:owner])
+    @organization = Organization.find_by(login: params[:organization_id]) || Organization.find_by(id: params[:organization_id])
     return render_not_found("组织不存在") if @organization.nil?
     return render_forbidden("没有查看组织的权限") if org_limited_condition || org_privacy_condition
   end