diff --git a/framework/sdk-parent/frontend/src/utils/permission.js b/framework/sdk-parent/frontend/src/utils/permission.js
index 8f25081fc8..a24ec3b8f9 100644
--- a/framework/sdk-parent/frontend/src/utils/permission.js
+++ b/framework/sdk-parent/frontend/src/utils/permission.js
@@ -68,6 +68,41 @@ export function hasPermission(permission) {
   return false;
 }
 
+export function hasPermissionForProjectId(permission, projectId) {
+  let user = getCurrentUser();
+  if (!user || !user.groups) {
+    return false;
+  }
+  let index = user.groups.findIndex(g => g.id === SUPER_GROUP);
+  if (index !== -1) {
+    return true;
+  }
+
+  user.userGroups.forEach(ug => {
+    user.groupPermissions.forEach(gp => {
+      if (gp.group.id === ug.groupId) {
+        ug.userGroupPermissions = gp.userGroupPermissions;
+        ug.group = gp.group;
+      }
+    });
+  });
+
+  let currentProjectPermissions = user.userGroups.filter(ug => ug.group && ug.group.type === 'PROJECT')
+    .filter(ug => ug.sourceId === projectId)
+    .flatMap(ug => ug.userGroupPermissions)
+    .map(g => g.permissionId)
+    .reduce((total, current) => {
+      total.add(current);
+      return total;
+    }, new Set);
+  for (const p of currentProjectPermissions) {
+    if (p === permission) {
+      return true;
+    }
+  }
+  return false;
+}
+
 export function hasPermissions(...permissions) {
   for (let p of permissions) {
     if (hasPermission(p)) {
diff --git a/test-track/frontend/src/business/case/components/TestCaseEdit.vue b/test-track/frontend/src/business/case/components/TestCaseEdit.vue
index 14d9a3aef0..006b9f532a 100644
--- a/test-track/frontend/src/business/case/components/TestCaseEdit.vue
+++ b/test-track/frontend/src/business/case/components/TestCaseEdit.vue
@@ -327,6 +327,7 @@ import {
 import {
   hasLicense,
   hasPermission,
+  hasPermissionForProjectId
 } from "metersphere-frontend/src/utils/permission";
 import {
   getUUID,
@@ -1025,6 +1026,11 @@ export default {
         this.projectId = this.routeProjectId;
         if (this.projectId) {
           // 带了 routeProjectId 校验是否是当前项目
+          if (!hasPermissionForProjectId('PROJECT_TRACK_CASE:READ', this.projectId)) {
+            // 没有该项目权限，跳转到根目录
+            this.$router.push({path: "/"});
+            return;
+          }
           if (getCurrentProjectID() !== this.projectId) {
             setCurrentProjectID(this.projectId);
             location.reload();