diff --git a/api/controllers/admin/wraps.py b/api/controllers/admin/wraps.py
index da53af1272..2a1457c792 100644
--- a/api/controllers/admin/wraps.py
+++ b/api/controllers/admin/wraps.py
@@ -8,7 +8,8 @@ from werkzeug.exceptions import Forbidden, Unauthorized
 from configs import dify_config
 from extensions.ext_database import db
 from libs.passport import PassportService
-from models.account import AccountStatus, Tenant, TenantAccountJoinRole, TenantStatus
+from models.account import AccountStatus, Tenant, TenantStatus
+from models.organization import OrganizationMember, OrganizationRole
 from models.model import App
 from services.account_service import AccountService
 
@@ -43,12 +44,18 @@ def validate_admin_token_and_extract_info(view: Optional[Callable] = None):
                 raise Unauthorized("Invalid token: user not found")
             if account.status != AccountStatus.ACTIVE:
                 raise Unauthorized("Invalid token: account is not active")
-            allowed_roles = [
-                TenantAccountJoinRole.END_ADMIN.value,
-                TenantAccountJoinRole.OWNER.value,
-                TenantAccountJoinRole.ADMIN.value
-            ]
-            if account.current_role not in allowed_roles:
+            
+            # Check if user has admin role in their current organization
+            org_member = db.session.query(OrganizationMember).filter(
+                OrganizationMember.account_id == user_id,
+                OrganizationMember.organization_id == account.current_organization_id
+            ).first()
+            
+            if not org_member:
+                raise Unauthorized("Invalid token: user is not a member of any organization")
+            
+            # Check if the user has admin role
+            if org_member.role != OrganizationRole.ADMIN:
                 raise Unauthorized("Invalid token: account does not have admin privileges")
 
             app_id = request.headers.get("X-App-Id")