diff --git a/backend/framework/sdk/src/main/java/io/metersphere/sdk/controller/LicenseValidateController.java b/backend/framework/sdk/src/main/java/io/metersphere/sdk/controller/LicenseValidateController.java
index c76546a56d..aae73cc0db 100644
--- a/backend/framework/sdk/src/main/java/io/metersphere/sdk/controller/LicenseValidateController.java
+++ b/backend/framework/sdk/src/main/java/io/metersphere/sdk/controller/LicenseValidateController.java
@@ -3,14 +3,18 @@ package io.metersphere.sdk.controller;
 import io.metersphere.sdk.dto.LicenseDTO;
 import io.metersphere.sdk.service.LicenseService;
 import io.metersphere.sdk.util.CommonBeanFactory;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 @RequestMapping("/license")
+@Tag(name="license校验")
 public class LicenseValidateController {
     @GetMapping("/validate")
+    @Operation(summary = "license校验")
     public LicenseDTO validate() {
         LicenseService licenseService = CommonBeanFactory.getBean(LicenseService.class);
         if (licenseService != null) {
diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java
index ac1db37761..533631cd56 100644
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/controller/SystemProjectController.java
@@ -22,6 +22,9 @@ import io.metersphere.system.service.SystemProjectService;
 import io.metersphere.validation.groups.Created;
 import io.metersphere.validation.groups.Updated;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.core.config.plugins.validation.constraints.NotBlank;
@@ -32,6 +35,7 @@ import org.springframework.web.bind.annotation.*;
 import java.util.List;
 
 @RestController
+@Tag(name = "系统-项目")
 @RequestMapping("/system/project")
 public class SystemProjectController {
     @Resource
@@ -48,6 +52,7 @@ public class SystemProjectController {
 
     @GetMapping("/get/{id}")
     @Operation(summary = "根据ID获取项目信息")
+    @Parameter(name = "id", description = "项目id", schema = @Schema(requiredMode = Schema.RequiredMode.REQUIRED))
     @RequiresPermissions(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ)
     public Project getProject(@PathVariable @NotBlank String id) {
         return systemProjectService.get(id);
@@ -73,6 +78,7 @@ public class SystemProjectController {
     @GetMapping("/delete/{id}")
     @RequiresPermissions(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ_DELETE)
     @Operation(summary = "删除项目")
+    @Parameter(name = "id", description = "项目", schema = @Schema(requiredMode = Schema.RequiredMode.REQUIRED))
     @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteLog(#id)", msClass = SystemProjectLogService.class)
     public int deleteProject(@PathVariable String id) {
         return systemProjectService.delete(id, SessionUtils.getUserId());
@@ -81,6 +87,7 @@ public class SystemProjectController {
     @GetMapping("/revoke/{id}")
     @RequiresPermissions(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ_RECOVER)
     @Log(type = OperationLogType.UPDATE, expression = "#msClass.updateLog(#id)", msClass = SystemProjectLogService.class)
+    @Parameter(name = "id", description = "项目", schema = @Schema(requiredMode = Schema.RequiredMode.REQUIRED))
     public int revokeProject(@PathVariable String id) {
        return systemProjectService.revoke(id);
     }
@@ -103,6 +110,8 @@ public class SystemProjectController {
 
     @GetMapping("/remove-member/{projectId}/{userId}")
     @Operation(summary = "移除项目成员")
+    @Parameter(name = "userId", description = "用户id", schema = @Schema(requiredMode = Schema.RequiredMode.REQUIRED))
+    @Parameter(name = "projectId", description = "项目id", schema = @Schema(requiredMode = Schema.RequiredMode.REQUIRED))
     @RequiresPermissions(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ_UPDATE)
     @Log(type = OperationLogType.DELETE, expression = "#msClass.deleteLog(#projectId)", msClass = SystemProjectLogService.class)
     public int removeProjectMember(@PathVariable String projectId, @PathVariable String userId) {
diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtSystemProjectMapper.xml b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtSystemProjectMapper.xml
index 93c9333e4c..bfd716c374 100644
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtSystemProjectMapper.xml
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtSystemProjectMapper.xml
@@ -39,15 +39,7 @@
         FROM project p
         LEFT JOIN user_role_relation u on p.id = u.source_id
         INNER JOIN organization o on p.organization_id = o.id
-        <where>
-            <if test="request.organizationId != null">
-                 p.organization_id = #{request.organizationId}
-            </if>
-            <if test="request.keyword != null">
-               and  (p.name like CONCAT('%', #{request.keyword},'%')
-                or p.num like CONCAT('%', #{request.keyword},'%'))
-            </if>
-        </where>
+        <include refid="queryWhereCondition"/>
             group by p.id
     </select>
     <select id="getProjectAdminList" resultType="io.metersphere.system.domain.User">
@@ -64,4 +56,48 @@
     <select id="selectProjectOptions" resultType="io.metersphere.system.dto.OrganizationProjectOptionsDto">
         select id, name from project order by create_time desc
     </select>
+
+    <sql id="queryWhereCondition">
+        <where>
+            <if test="request.organizationId != null">
+                p.organization_id = #{request.organizationId}
+            </if>
+            <if test="request.keyword != null">
+                and (
+                p.name like concat('%', #{request.keyword},'%')
+                or p.num like concat('%', #{request.keyword},'%')
+                )
+            </if>
+            <include refid="filter"/>
+            <include refid="combine">
+                <property name="condition" value="request.combine"/>
+            </include>
+        </where>
+    </sql>
+
+    <sql id="filter">
+        <if test="request.filter != null and request.filter.size() > 0">
+            <foreach collection="request.filter.entrySet()" index="key" item="values">
+                <if test="values != null and values.size() > 0">
+                    <choose>
+                        <when test="key=='createUser'">
+                            and p.create_user in
+                            <include refid="io.metersphere.sdk.mapper.BaseMapper.filterInWrapper"/>
+                        </when>
+                    </choose>
+                </if>
+            </foreach>
+        </if>
+    </sql>
+
+    <sql id="combine">
+        <if test="request.combine != null">
+            <if test='${condition}.createUser != null'>
+                and p.create_user
+                <include refid="io.metersphere.sdk.mapper.BaseMapper.condition">
+                    <property name="object" value="${condition}.createUser"/>
+                </include>
+            </if>
+        </if>
+    </sql>
 </mapper>
\ No newline at end of file
diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectLogService.java b/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectLogService.java
index b5de50fd77..f7c4caea72 100644
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectLogService.java
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectLogService.java
@@ -34,7 +34,7 @@ public class SystemProjectLogService {
                 null,
                 null,
                 OperationLogType.ADD.name(),
-                OperationLogModule.SYSTEM_USER_ROLE,
+                OperationLogModule.SYSTEM_PROJECT,
                 project.getName());
 
         dto.setPath(PRE_URI + "/add");
@@ -56,7 +56,7 @@ public class SystemProjectLogService {
                     project.getId(),
                     project.getCreateUser(),
                     OperationLogType.UPDATE.name(),
-                    OperationLogModule.SYSTEM_USER_ROLE,
+                    OperationLogModule.SYSTEM_PROJECT,
                     "编辑全局用户组对应的权限配置");
             dto.setPath("/update");
             dto.setMethod(HttpMethodConstants.POST.name());
@@ -75,11 +75,11 @@ public class SystemProjectLogService {
                     "",
                     project.getId(),
                     project.getCreateUser(),
-                    OperationLogType.UPDATE.name(),
-                    OperationLogModule.SYSTEM_USER_ROLE,
+                    OperationLogType.RECOVER.name(),
+                    OperationLogModule.SYSTEM_PROJECT,
                     "编辑全局用户组对应的权限配置");
             dto.setPath("/revoke");
-            dto.setMethod(HttpMethodConstants.POST.name());
+            dto.setMethod(HttpMethodConstants.GET.name());
 
             dto.setOriginalValue(JSON.toJSONBytes(project));
             return dto;
@@ -103,11 +103,11 @@ public class SystemProjectLogService {
                     id,
                     project.getCreateUser(),
                     OperationLogType.DELETE.name(),
-                    OperationLogModule.SYSTEM_USER_ROLE,
+                    OperationLogModule.SYSTEM_PROJECT,
                     project.getName());
 
             dto.setPath("/delete");
-            dto.setMethod(HttpMethodConstants.POST.name());
+            dto.setMethod(HttpMethodConstants.GET.name());
             dto.setOriginalValue(JSON.toJSONBytes(project));
             return dto;
         }
diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java b/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java
index f59e1b1d53..ec823bb4bf 100644
--- a/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java
+++ b/backend/services/system-setting/src/main/java/io/metersphere/system/service/SystemProjectService.java
@@ -8,6 +8,7 @@ import io.metersphere.sdk.dto.AddProjectRequest;
 import io.metersphere.sdk.dto.ProjectDTO;
 import io.metersphere.sdk.dto.UpdateProjectRequest;
 import io.metersphere.sdk.exception.MSException;
+import io.metersphere.sdk.log.service.OperationLogService;
 import io.metersphere.sdk.util.Translator;
 import io.metersphere.system.domain.User;
 import io.metersphere.system.domain.UserRoleRelation;
@@ -44,6 +45,8 @@ public class SystemProjectService {
     private UserRoleRelationMapper userRoleRelationMapper;
     @Resource
     private ExtSystemProjectMapper extSystemProjectMapper;
+    @Resource
+    private OperationLogService operationLogService;
 
     public Project get(String id) {
         return projectMapper.selectByPrimaryKey(id);
@@ -173,14 +176,19 @@ public class SystemProjectService {
                         createUser);
                 userRoleRelationMapper.insertSelective(adminRole);
             }
-            UserRoleRelation memberRole = new UserRoleRelation(
-                    UUID.randomUUID().toString(),
-                    userId,
-                    InternalUserRole.PROJECT_MEMBER.getValue(),
-                    request.getProjectId(),
-                    System.currentTimeMillis(),
-                    createUser);
-            userRoleRelationMapper.insertSelective(memberRole);
+            UserRoleRelationExample userRoleRelationExample = new UserRoleRelationExample();
+            userRoleRelationExample.createCriteria().andUserIdEqualTo(userId)
+                    .andSourceIdEqualTo(request.getProjectId()).andRoleIdEqualTo(InternalUserRole.PROJECT_MEMBER.getValue());
+            if (userRoleRelationMapper.selectByExample(userRoleRelationExample).size() == 0) {
+                UserRoleRelation memberRole = new UserRoleRelation(
+                        UUID.randomUUID().toString(),
+                        userId,
+                        InternalUserRole.PROJECT_MEMBER.getValue(),
+                        request.getProjectId(),
+                        System.currentTimeMillis(),
+                        createUser);
+                userRoleRelationMapper.insertSelective(memberRole);
+            }
         });
 
     }
diff --git a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemProjectControllerTests.java b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemProjectControllerTests.java
index 08ae8dcdd0..f19ce7def3 100644
--- a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemProjectControllerTests.java
+++ b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/SystemProjectControllerTests.java
@@ -5,6 +5,7 @@ import io.metersphere.project.domain.Project;
 import io.metersphere.project.domain.ProjectExample;
 import io.metersphere.project.mapper.ProjectMapper;
 import io.metersphere.sdk.constants.InternalUserRole;
+import io.metersphere.sdk.constants.PermissionConstants;
 import io.metersphere.sdk.constants.SessionConstants;
 import io.metersphere.sdk.controller.handler.ResultHolder;
 import io.metersphere.sdk.dto.AddProjectRequest;
@@ -179,6 +180,10 @@ public class SystemProjectControllerTests extends BaseTest {
         userRoleRelationExample.createCriteria().andSourceIdEqualTo(projectId).andRoleIdEqualTo(InternalUserRole.PROJECT_MEMBER.getValue());
          userRoleRelations = userRoleRelationMapper.selectByExample(userRoleRelationExample);
         Assertions.assertEquals(userRoleRelations.stream().map(UserRoleRelation::getUserId).collect(Collectors.toList()).containsAll(List.of("admin")), true);
+
+        project.setName("testAddProjectSuccess1");
+        // @@校验权限
+        requestPostPermissionTest(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ_ADD, addProject, project);
     }
 
     @Test
@@ -210,6 +215,8 @@ public class SystemProjectControllerTests extends BaseTest {
         MvcResult mvcResult = this.responseGet(getProject + projectId);
         Project project = this.parseObjectFromMvcResult(mvcResult, Project.class);
         Assertions.assertTrue(StringUtils.equals(project.getId(), projectId));
+        // @@校验权限
+        requestGetPermissionTest(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ, getProject + projectId);
     }
     @Test
     @Order(4)
@@ -246,6 +253,18 @@ public class SystemProjectControllerTests extends BaseTest {
         for (ProjectDTO projectDTO : projectDTOS) {
             Assertions.assertFalse(projectDTO.getCreateTime() > firstCreateTime);
         }
+        projectRequest.setFilter(new HashMap<>() {{
+            put("createUser", List.of("test"));
+        }});
+        mvcResult = this.responsePost(getProjectList, projectRequest);
+        returnPager = parseObjectFromMvcResult(mvcResult, Pager.class);
+        //返回的数据中的createUser是admin或者admin1
+        projectDTOS = JSON.parseArray(JSON.toJSONString(returnPager.getList()), ProjectDTO.class);
+        //拿到所有的createUser
+        List<String> createUsers = projectDTOS.stream().map(ProjectDTO::getCreateUser).collect(Collectors.toList());
+        Assertions.assertTrue(List.of("test").containsAll(createUsers));
+        // @@校验权限
+        requestPostPermissionTest(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ, getProjectList, projectRequest);
     }
 
     @Test
@@ -289,13 +308,16 @@ public class SystemProjectControllerTests extends BaseTest {
         userRoleRelationExample.createCriteria().andSourceIdEqualTo("projectId").andRoleIdEqualTo(InternalUserRole.PROJECT_MEMBER.getValue());
         userRoleRelations = userRoleRelationMapper.selectByExample(userRoleRelationExample);
         Assertions.assertEquals(userRoleRelations.stream().map(UserRoleRelation::getUserId).collect(Collectors.toList()).containsAll(List.of("admin", "admin1")), true);
+        // @@校验权限
+        project.setName("TestName2");
+        requestPostPermissionTest(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ_UPDATE, updateProject, project);
     }
 
     @Test
     @Order(8)
     public void testUpdateProjectError() throws Exception {
         //项目名称存在 500
-        UpdateProjectRequest project = this.generatorUpdate("organizationId", "projectId","TestName", "description", true, List.of("admin"));
+        UpdateProjectRequest project = this.generatorUpdate("organizationId", "projectId","TestName2", "description", true, List.of("admin"));
         this.requestPost(updateProject, project, ERROR_REQUEST_MATCHER);
         //参数组织Id为空
         project = this.generatorUpdate(null, "projectId",null, null, true , List.of("admin"));
@@ -328,6 +350,8 @@ public class SystemProjectControllerTests extends BaseTest {
         Assertions.assertEquals(currentProject.getDeleted(), true);
         Assertions.assertTrue(currentProject.getId().equals(id));
         Assertions.assertTrue(count == 1);
+        // @@校验权限
+        requestGetPermissionTest(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ_DELETE, deleteProject + id);
     }
 
     @Test
@@ -349,6 +373,8 @@ public class SystemProjectControllerTests extends BaseTest {
         Assertions.assertEquals(currentProject.getDeleted(), false);
         Assertions.assertTrue(currentProject.getId().equals(id));
         Assertions.assertTrue(count == 1);
+        // @@校验权限
+        requestGetPermissionTest(PermissionConstants.SYSTEM_ORGANIZATION_PROJECT_READ_RECOVER, revokeProject + id);
     }
 
     @Test
diff --git a/backend/services/system-setting/src/test/resources/dml/init_project.sql b/backend/services/system-setting/src/test/resources/dml/init_project.sql
index 9e2b193f49..6d691bad1e 100644
--- a/backend/services/system-setting/src/test/resources/dml/init_project.sql
+++ b/backend/services/system-setting/src/test/resources/dml/init_project.sql
@@ -5,7 +5,7 @@ INSERT INTO project (id, num, organization_id, name, description, create_user, u
 INSERT INTO project (id, num, organization_id, name, description, create_user, update_user, create_time, update_time) VALUES ('projectId2', null, (SELECT id FROM organization WHERE name LIKE '默认组织'), '默认项目2', '系统默认创建的项目', 'admin', 'admin', unix_timestamp() * 1000, unix_timestamp() * 1000);
 INSERT INTO project (id, num, organization_id, name, description, create_user, update_user, create_time, update_time) VALUES ('projectId3', null, (SELECT id FROM organization WHERE name LIKE '默认组织'), '默认项目3', '系统默认创建的项目', 'admin', 'admin', unix_timestamp() * 1000, unix_timestamp() * 1000);
 INSERT INTO project (id, num, organization_id, name, description, create_user, update_user, create_time, update_time) VALUES ('projectId4', null, (SELECT id FROM organization WHERE name LIKE '默认组织'), '默认项目4', '系统默认创建的项目', 'admin', 'admin', unix_timestamp() * 1000, unix_timestamp() * 1000);
-INSERT INTO project (id, num, organization_id, name, description, create_user, update_user, create_time, update_time) VALUES ('projectId5', null, (SELECT id FROM organization WHERE name LIKE '默认组织'), '默认项目5', '系统默认创建的项目', 'admin', 'admin', unix_timestamp() * 1000, unix_timestamp() * 1000);
+INSERT INTO project (id, num, organization_id, name, description, create_user, update_user, create_time, update_time) VALUES ('projectId5', null, (SELECT id FROM organization WHERE name LIKE '默认组织'), '默认项目5', '系统默认创建的项目', 'test', 'test', unix_timestamp() * 1000, unix_timestamp() * 1000);
 
 insert into user(id, name, email, password, create_time, update_time, language, last_organization_id, phone, source,
                  last_project_id, create_user, update_user)