diff --git a/pkg/kapis/devops/v1alpha2/devops.go b/pkg/kapis/devops/v1alpha2/devops.go
index 8b0cf0033..58c858587 100644
--- a/pkg/kapis/devops/v1alpha2/devops.go
+++ b/pkg/kapis/devops/v1alpha2/devops.go
@@ -238,7 +238,7 @@ func (h *ProjectPipelineHandler) getCurrentUser(req *restful.Request) (username,
 	if userInfo, ok = request.UserFrom(ctx); ok {
 		var role *iamv1alpha2.GlobalRole
 		username = userInfo.GetName()
-		if role, err = h.abc.GetGlobalRoleOfUser(username); err == nil {
+		if role, err = h.amInterface.GetGlobalRoleOfUser(username); err == nil {
 			roleName = role.Name
 		}
 	}
@@ -508,47 +508,28 @@ func (h *ProjectPipelineHandler) SubmitBranchInputStep(req *restful.Request, res
 	nodeId := req.PathParameter("node")
 	stepId := req.PathParameter("step")
 
-	var currentUesrName string
-	ctx := req.Request.Context()
-	if user, ok := request.UserFrom(ctx); ok {
-		currentUesrName = user.GetName()
-	}
+	var (
+		response []byte
+		err      error
+		ok       bool
+	)
 
-	fmt.Println("current user", currentUesrName, "nodeId", nodeId, "stepid", stepId)
-	req.Request.UserAgent()
-	if res, err := h.devopsOperator.GetNodesDetail(projectName, pipelineName, runId, req.Request); err == nil {
-		for _, node := range res {
-			fmt.Println("nodeid", node.ID)
-			if node.ID != nodeId {
-				continue
-			}
-
-			for _, step := range node.Steps {
-				fmt.Println("stepid", step.ID, step.Input)
-				if step.ID != stepId && step.Input != nil {
-					continue
-				}
-
-				submitter := step.Input.Submitter
-				fmt.Println(submitter)
-
-				if currentUesrName != submitter {
-					resp.Write([]byte("no permission"))
-					return
-				}
-			}
+	if ok, err = h.hasSubmitPermission(req); !ok || err != nil {
+		msg := map[string]string{
+			"allow":   "false",
+			"message": fmt.Sprintf("%v", err),
 		}
+
+		response, _ = json.Marshal(msg)
 	} else {
-		log.Infof("cannot get the nodes detail when submit a branch input step")
+		response, err = h.devopsOperator.SubmitBranchInputStep(projectName, pipelineName, branchName, runId, nodeId, stepId, req.Request)
+		if err != nil {
+			parseErr(err, resp)
+			return
+		}
 	}
 
-	res, err := h.devopsOperator.SubmitBranchInputStep(projectName, pipelineName, branchName, runId, nodeId, stepId, req.Request)
-	if err != nil {
-		parseErr(err, resp)
-		return
-	}
-
-	resp.Write(res)
+	resp.Write(response)
 }
 
 func (h *ProjectPipelineHandler) GetBranchNodesDetail(req *restful.Request, resp *restful.Response) {
diff --git a/pkg/kapis/devops/v1alpha2/handler.go b/pkg/kapis/devops/v1alpha2/handler.go
index 447b0f6ac..35044a8b0 100644
--- a/pkg/kapis/devops/v1alpha2/handler.go
+++ b/pkg/kapis/devops/v1alpha2/handler.go
@@ -29,18 +29,18 @@ import (
 type ProjectPipelineHandler struct {
 	devopsOperator          devops.DevopsOperator
 	projectCredentialGetter devops.ProjectCredentialGetter
-	abc                     am.AccessManagementInterface
+	amInterface             am.AccessManagementInterface
 }
 
 type PipelineSonarHandler struct {
 	pipelineSonarGetter devops.PipelineSonarGetter
 }
 
-func NewProjectPipelineHandler(devopsClient devopsClient.Interface, abc am.AccessManagementInterface) ProjectPipelineHandler {
+func NewProjectPipelineHandler(devopsClient devopsClient.Interface, amInterface am.AccessManagementInterface) ProjectPipelineHandler {
 	return ProjectPipelineHandler{
 		devopsOperator:          devops.NewDevopsOperator(devopsClient, nil, nil, nil, nil),
 		projectCredentialGetter: devops.NewProjectCredentialOperator(devopsClient),
-		abc:                     abc,
+		amInterface:             amInterface,
 	}
 }
 
diff --git a/pkg/kapis/devops/v1alpha2/register.go b/pkg/kapis/devops/v1alpha2/register.go
index e8916b09d..dcb30747b 100644
--- a/pkg/kapis/devops/v1alpha2/register.go
+++ b/pkg/kapis/devops/v1alpha2/register.go
@@ -47,10 +47,10 @@ const (
 
 var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
 
-func AddToContainer(container *restful.Container, ksInformers externalversions.SharedInformerFactory, devopsClient devops.Interface, sonarqubeClient sonarqube.SonarInterface, ksClient versioned.Interface, s3Client s3.Interface, endpoint string, abc am.AccessManagementInterface) error {
+func AddToContainer(container *restful.Container, ksInformers externalversions.SharedInformerFactory, devopsClient devops.Interface, sonarqubeClient sonarqube.SonarInterface, ksClient versioned.Interface, s3Client s3.Interface, endpoint string, amInterface am.AccessManagementInterface) error {
 	ws := runtime.NewWebService(GroupVersion)
 
-	err := AddPipelineToWebService(ws, devopsClient, abc)
+	err := AddPipelineToWebService(ws, devopsClient, amInterface)
 	if err != nil {
 		return err
 	}
@@ -75,12 +75,12 @@ func AddToContainer(container *restful.Container, ksInformers externalversions.S
 	return nil
 }
 
-func AddPipelineToWebService(webservice *restful.WebService, devopsClient devops.Interface, abc am.AccessManagementInterface) error {
+func AddPipelineToWebService(webservice *restful.WebService, devopsClient devops.Interface, amInterface am.AccessManagementInterface) error {
 
 	projectPipelineEnable := devopsClient != nil
 
 	if projectPipelineEnable {
-		projectPipelineHandler := NewProjectPipelineHandler(devopsClient, abc)
+		projectPipelineHandler := NewProjectPipelineHandler(devopsClient, amInterface)
 
 		webservice.Route(webservice.GET("/devops/{devops}/credentials/{credential}/usage").
 			To(projectPipelineHandler.GetProjectCredentialUsage).
diff --git a/pkg/simple/client/devops/pipeline_test.go b/pkg/simple/client/devops/pipeline_test.go
new file mode 100644
index 000000000..2f9bb0ed6
--- /dev/null
+++ b/pkg/simple/client/devops/pipeline_test.go
@@ -0,0 +1,34 @@
+package devops
+
+import (
+	"gotest.tools/assert"
+	"testing"
+)
+
+func TestGetSubmitters(t *testing.T) {
+	input := &Input{}
+	assert.Equal(t, len(input.GetSubmitters()), 0,
+		"errors happen when try to get submitters without any submitters")
+
+	input.Submitter = "a , b, c,d"
+	submitters := input.GetSubmitters()
+	assert.Equal(t, len(submitters), 4, "get incorrect number of submitters")
+	assert.DeepEqual(t, submitters, []string{"a", "b", "c", "d"})
+}
+
+func TestApprovable(t *testing.T) {
+	input := &Input{}
+
+	assert.Equal(t, input.Approvable(""), true, "should allow anyone to approve it if there's no submitter given")
+	assert.Equal(t, input.Approvable("fake"), true, "should allow anyone to approve it if there's no submitter given")
+
+	input.Submitter = "fake"
+	assert.Equal(t, input.Approvable(""), false, "should not approve by nobody if there's a particular submitter")
+	assert.Equal(t, input.Approvable("rick"), false, "should not approve by who is not the specific one")
+	assert.Equal(t, input.Approvable("fake"), true, "should be approvable")
+
+	input.Submitter = "fake, good ,bad"
+	assert.Equal(t, input.Approvable("fake"), true, "should be approvable")
+	assert.Equal(t, input.Approvable("good"), true, "should be approvable")
+	assert.Equal(t, input.Approvable("bad"), true, "should be approvable")
+}