diff --git a/backend/domain/logic/subject.py b/backend/domain/logic/subject.py
index 7fff59fb..91aaf9c4 100644
--- a/backend/domain/logic/subject.py
+++ b/backend/domain/logic/subject.py
@@ -3,6 +3,8 @@
 from db.errors.database_errors import ActionAlreadyPerformedError
 from db.models.models import Student, Subject, Teacher
 from domain.logic.basic_operations import get, get_all
+from domain.logic.student import is_user_student
+from domain.logic.teacher import is_user_teacher
 from domain.models.SubjectDataclass import SubjectDataclass
 
 
@@ -55,3 +57,14 @@ def get_subjects_of_student(session: Session, student_id: int) -> list[SubjectDa
     student: Student = get(session, Student, ident=student_id)
     subjects: list[Subject] = student.subjects
     return [vak.to_domain_model() for vak in subjects]
+
+
+def is_user_authorized_for_subject(subject_id: int, session: Session, uid: int) -> bool:
+    subjects = []
+    if is_user_teacher(session, uid):
+        subjects += get_subjects_of_teacher(session, uid)
+    if is_user_student(session, uid):
+        subjects += get_subjects_of_student(session, uid)
+    if subject_id in [subject.id for subject in subjects]:
+        return True
+    return False
diff --git a/backend/routes/dependencies/role_dependencies.py b/backend/routes/dependencies/role_dependencies.py
index 84ac0666..785af22b 100644
--- a/backend/routes/dependencies/role_dependencies.py
+++ b/backend/routes/dependencies/role_dependencies.py
@@ -3,8 +3,9 @@
 
 from db.sessions import get_session
 from domain.logic.admin import get_admin, is_user_admin
+from domain.logic.project import get_project
 from domain.logic.student import get_student, is_user_student
-from domain.logic.subject import get_subjects_of_student, get_subjects_of_teacher
+from domain.logic.subject import get_subjects_of_student, get_subjects_of_teacher, is_user_authorized_for_subject
 from domain.logic.teacher import get_teacher, is_user_teacher
 from domain.models.AdminDataclass import AdminDataclass
 from domain.models.StudentDataclass import StudentDataclass
@@ -47,12 +48,17 @@ def ensure_user_authorized_for_subject(
     session: Session = Depends(get_session),
     uid: int = Depends(get_authenticated_user),
 ) -> None:
-    subjects = []
-    if is_user_teacher(session, uid):
-        subjects += get_subjects_of_teacher(session, uid)
-    if is_user_student(session, uid):
-        subjects += get_subjects_of_student(session, uid)
-    if subject_id not in [subject.id for subject in subjects]:
+    if not is_user_authorized_for_subject(subject_id, session, uid):
+        raise NoAccessToSubjectError
+
+
+def ensure_user_authorized_for_project(
+    project_id: int,
+    session: Session = Depends(get_session),
+    uid: int = Depends(get_authenticated_user),
+) -> None:
+    project = get_project(session, project_id)
+    if not is_user_authorized_for_subject(project.subject_id, session, uid):
         raise NoAccessToSubjectError
 
 
diff --git a/backend/routes/project.py b/backend/routes/project.py
index 2e3a4045..feae4d6f 100644
--- a/backend/routes/project.py
+++ b/backend/routes/project.py
@@ -2,15 +2,32 @@
 from sqlalchemy.orm import Session
 
 from db.sessions import get_session
+from domain.logic.group import get_groups_of_project
 from domain.logic.project import get_project
+from domain.models.GroupDataclass import GroupDataclass
 from domain.models.ProjectDataclass import ProjectDataclass
-from routes.dependencies.role_dependencies import ensure_user_authorized_for_subject
+from routes.dependencies.role_dependencies import (
+    ensure_user_authorized_for_project,
+    get_authenticated_user,
+)
 
 project_router = APIRouter()
 
 
-@project_router.get("/projects/{project_id}")
-def project_get(project_id: int, session: Session = Depends(get_session)) -> ProjectDataclass:
+@project_router.get("/projects/{project_id}", dependencies=[Depends(ensure_user_authorized_for_project)])
+def project_get(
+    project_id: int,
+    session: Session = Depends(get_session),
+    uid: int = Depends(get_authenticated_user),
+) -> ProjectDataclass:
     project: ProjectDataclass = get_project(session, project_id)
-    ensure_user_authorized_for_subject(project.subject_id)
     return project
+
+
+@project_router.get("/projects/{project_id}/groups", dependencies=[Depends(ensure_user_authorized_for_project)])
+def project_get_groups(
+    project_id: int,
+    session: Session = Depends(get_session),
+    uid: int = Depends(get_authenticated_user),
+) -> list[GroupDataclass]:
+    return get_groups_of_project(session, project_id)