diff --git a/projects/permissions.py b/projects/permissions.py
index 5af6b320..886a6d72 100644
--- a/projects/permissions.py
+++ b/projects/permissions.py
@@ -159,7 +159,7 @@ class IsProjectLeaderOrReadOnly(BasePermission):
     Создавать/изменять/удалять может только лидер проекта.
     """
 
-    message = "Только лидер проекта может создавать, изменять или удалять цели."
+    message = "Только лидер проекта может создавать, изменять или удалять параметры."
 
     def has_permission(self, request, view):
         if request.method in SAFE_METHODS:
@@ -169,7 +169,7 @@ def has_permission(self, request, view):
             return False
 
         project_pk = view.kwargs.get("project_pk")
-        project_id = project_pk or request.data.get("project")
+        project_id = project_pk or view.kwargs.get("project_id") or request.data.get("project")
         if not project_id:
             return False
 
diff --git a/projects/views.py b/projects/views.py
index 78d45861..a3625c4e 100644
--- a/projects/views.py
+++ b/projects/views.py
@@ -943,9 +943,7 @@ def patch(self, request, project_id: int, company_id: int):
             return link_or_resp
         link = link_or_resp
 
-        perm_resp = self._check_permissions(request, project)
-        if perm_resp:
-            return perm_resp
+        self.check_object_permissions(request, link)
 
         serializer = ProjectCompanyUpdateSerializer(
             link, data=request.data, partial=True, context={"request": request}
@@ -988,9 +986,7 @@ def delete(self, request, project_id: int, company_id: int):
             return link_or_resp
         link = link_or_resp
 
-        perm_resp = self._check_permissions(request, project)
-        if perm_resp:
-            return perm_resp
+        self.check_object_permissions(request, link)
 
         link.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)