diff --git a/handlers/handlers.go b/handlers/handlers.go
index 2451f7ad..56ea9055 100644
--- a/handlers/handlers.go
+++ b/handlers/handlers.go
@@ -253,6 +253,10 @@ func (h *Handlers) cookieExtractor(r *http.Request) (string, error) {
 	return string(token), nil
 }
 
+func getClaims(r *http.Request) jwt.MapClaims {
+	return r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
+}
+
 func DefaultRecoverHandler(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		defer func() {
@@ -280,7 +284,10 @@ func (h *Handlers) setFlashMessage(w http.ResponseWriter, r *http.Request, key s
 	return nil
 }
 
-func (h *Handlers) hasPermission(role, path string) bool {
+func (h *Handlers) hasPermission(r *http.Request, path string) bool {
+	claims := getClaims(r)
+	role := claims["role"].(string)
+
 	if h.permissions[role] == nil {
 		return false
 	}
@@ -288,61 +295,48 @@ func (h *Handlers) hasPermission(role, path string) bool {
 	return h.permissions[role][path]
 }
 
+func (h *Handlers) callModelFunc(w http.ResponseWriter, r *http.Request, model string, pattern config.PathPattern) (interface{}, error) {
+	fn, err := h.Database.GetFunc(pattern.Path(model))
+	if err != nil {
+		return nil, err
+	}
+	if !h.hasPermission(r, pattern.Path(model)) {
+		return nil, errors.NotAuthorized
+	}
+	data, err := fn(h.Database, mux.Vars(r), w, r)
+	if err != nil {
+		return nil, err
+	}
+
+	return data, nil
+}
+
 func (h *Handlers) get(w http.ResponseWriter, r *http.Request, model string, pattern config.PathPattern) error {
-	format := r.URL.Query().Get("format")
-	getFn, err := h.Database.GetFunc(pattern.Path(model))
+	data, err := h.callModelFunc(w, r, model, pattern)
 	if err != nil {
 		return err
-	} else {
-		claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
-		role := claims["role"].(string)
-		if !h.hasPermission(role, pattern.Path(model)) {
-			return errors.NotAuthorized
-		} else {
-			data, err := getFn(h.Database, mux.Vars(r), w, r)
-			if err != nil {
-				h.Renderer[format].Render(w, r, h.CookieStore, err)
-			} else {
-				h.Renderer[format].Render(w, r, h.CookieStore, data, r.URL.Query())
-			}
-		}
 	}
+	format := r.URL.Query().Get("format")
+	h.Renderer[format].Render(w, r, h.CookieStore, data, r.URL.Query())
 
 	return nil
 }
 
 func (h *Handlers) post(w http.ResponseWriter, r *http.Request, model string, pattern config.PathPattern) error {
-	var (
-		data interface{}
-		err  error
-	)
-
-	respFormat := renderer.GetContentFormat(r)
-	postFn, err := h.Database.GetFunc(pattern.Path(model))
-
+	data, err := h.callModelFunc(w, r, model, pattern)
 	if err != nil {
 		return err
-	} else {
-		claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
-
-		role := claims["role"].(string)
-		if !h.hasPermission(role, pattern.Path(model)) {
-			return errors.NotAuthorized
+	}
+	if pattern.RedirectPattern != "" {
+		if id := mux.Vars(r)["id"]; id != "" {
+			modelId, _ := strconv.Atoi(id)
+			http.Redirect(w, r, pattern.RedirectPath(model, uint(modelId)), http.StatusSeeOther)
 		} else {
-			data, err = postFn(h.Database, mux.Vars(r), w, r)
-			if err != nil {
-				return err
-			} else if pattern.RedirectPattern != "" {
-				if id := mux.Vars(r)["id"]; id != "" {
-					modelId, _ := strconv.Atoi(id)
-					http.Redirect(w, r, pattern.RedirectPath(model, uint(modelId)), http.StatusSeeOther)
-				} else {
-					http.Redirect(w, r, pattern.RedirectPath(model, data.(orm.IDer).GetID()), http.StatusSeeOther)
-				}
-			} else {
-				h.Renderer[respFormat].Render(w, r, h.CookieStore, data.(orm.IDer).GetID())
-			}
+			http.Redirect(w, r, pattern.RedirectPath(model, data.(orm.IDer).GetID()), http.StatusSeeOther)
 		}
+	} else {
+		format := renderer.GetContentFormat(r)
+		h.Renderer[format].Render(w, r, h.CookieStore, data.(orm.IDer).GetID())
 	}
 
 	return nil
@@ -350,34 +344,21 @@ func (h *Handlers) post(w http.ResponseWriter, r *http.Request, model string, pa
 }
 
 func (h *Handlers) delete(w http.ResponseWriter, r *http.Request, model string, pattern config.PathPattern) error {
-	var data interface{}
+	data, err := h.callModelFunc(w, r, model, pattern)
+	if err != nil {
+		return err
+	}
+	if pattern.RedirectPattern != "" {
+		var data struct {
+			RedirectUrl string `json:"redirect_url"`
+		}
+		data.RedirectUrl = pattern.RedirectPath(model)
 
-	respFormat := renderer.GetContentFormat(r)
-
-	claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
-	role := claims["role"].(string)
-	if !h.hasPermission(role, pattern.Path(model)) {
-		return errors.NotAuthorized
+		w.Header().Set("Content-Type", "application/json")
+		json.NewEncoder(w).Encode(data)
 	} else {
-		postFn, err := h.Database.GetFunc(pattern.Path(model))
-		if err != nil {
-			return err
-			// h.Renderer[r.URL.Query().Get("format")].Render(w, r, h.CookieStore, err)
-		}
-		data, err = postFn(h.Database, mux.Vars(r), w, r)
-		if err != nil {
-			return err
-		} else if pattern.RedirectPattern != "" {
-			var data struct {
-				RedirectUrl string `json:"redirect_url"`
-			}
-			data.RedirectUrl = pattern.RedirectPath(model)
-
-			w.Header().Set("Content-Type", "application/json")
-			json.NewEncoder(w).Encode(data)
-		} else {
-			h.Renderer[respFormat].Render(w, r, h.CookieStore, data.(orm.IDer).GetID())
-		}
+		format := renderer.GetContentFormat(r)
+		h.Renderer[format].Render(w, r, h.CookieStore, data.(orm.IDer).GetID())
 	}
 
 	return nil
@@ -453,7 +434,8 @@ func (h *Handlers) modelHandler(model string, pattern config.PathPattern) handle
 
 func DefaultHomeHandler() http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
-		claims := r.Context().Value("user").(*jwt.Token).Claims.(jwt.MapClaims)
+
+		claims := getClaims(r)
 
 		switch claims["role"] {