diff --git a/dao/projectmember.go b/dao/projectmember.go
index a4357bc38..d994afb43 100644
--- a/dao/projectmember.go
+++ b/dao/projectmember.go
@@ -26,11 +26,9 @@ func AddProjectMember(projectID int64, userID int, role int) error {
 
 	sql := "insert into project_member (project_id, user_id , role) values (?, ?, ?)"
 
-	if _, err := o.Raw(sql, projectID, userID, role).Exec(); err != nil {
-		return err
-	}
+	_, err := o.Raw(sql, projectID, userID, role).Exec()
 
-	return nil
+	return err
 }
 
 // UpdateProjectMember updates the record in table project_member
@@ -39,11 +37,9 @@ func UpdateProjectMember(projectID int64, userID int, role int) error {
 
 	sql := "update project_member set role = ? where project_id = ? and user_id = ?"
 
-	if _, err := o.Raw(sql, role, projectID, userID).Exec(); err != nil {
-		return err
-	}
+	_, err := o.Raw(sql, role, projectID, userID).Exec()
 
-	return nil
+	return err
 }
 
 // DeleteProjectMember delete the record from table project_member
diff --git a/dao/role.go b/dao/role.go
index 210e1949b..43062a1fc 100644
--- a/dao/role.go
+++ b/dao/role.go
@@ -16,6 +16,8 @@
 package dao
 
 import (
+	"fmt"
+
 	"github.com/astaxie/beego/orm"
 	"github.com/vmware/harbor/models"
 )
@@ -43,10 +45,20 @@ func GetUserProjectRoles(userID int, projectID int64) ([]models.Role, error) {
 	return roleList, nil
 }
 
-// IsAdminRole returns whether the user  is admin.
-func IsAdminRole(userID int) (bool, error) {
+// IsAdminRole returns whether the user is admin.
+func IsAdminRole(userIDOrUsername interface{}) (bool, error) {
+	u := models.User{}
 
-	user, err := GetUser(models.User{UserID: userID})
+	switch v := userIDOrUsername.(type) {
+	case int:
+		u.UserID = v
+	case string:
+		u.Username = v
+	default:
+		return false, fmt.Errorf("invalid parameter, only int and string are supported: %v", userIDOrUsername)
+	}
+
+	user, err := GetUser(u)
 	if err != nil {
 		return false, err
 	}
diff --git a/dao/user.go b/dao/user.go
index b8ded99fe..655e69d21 100644
--- a/dao/user.go
+++ b/dao/user.go
@@ -84,6 +84,8 @@ func LoginByDb(auth models.AuthModel) (*models.User, error) {
 		return nil, nil
 	}
 
+	user.Password = "" //do not return the password
+
 	return &user, nil
 }
 
@@ -111,22 +113,9 @@ func ListUsers(query models.User) ([]models.User, error) {
 func ToggleUserAdminRole(u models.User) error {
 	o := orm.NewOrm()
 
-	var user models.User
-	err := o.Raw(`select sysadmin_flag from user where user_id = ?`, u.UserID).QueryRow(&user)
-	if err != nil {
-		return err
-	}
+	sql := `update user set sysadmin_flag =not sysadmin_flag where user_id = ?`
 
-	var sysAdminFlag int
-	if user.HasAdminRole == 0 {
-		sysAdminFlag = 1
-	} else {
-		sysAdminFlag = 0
-	}
-
-	sql := `update user set sysadmin_flag = ? where user_id = ?`
-
-	r, err := o.Raw(sql, sysAdminFlag, u.UserID).Exec()
+	r, err := o.Raw(sql, u.UserID).Exec()
 	if err != nil {
 		return err
 	}
@@ -140,45 +129,32 @@ func ToggleUserAdminRole(u models.User) error {
 
 // ChangeUserPassword ...
 func ChangeUserPassword(u models.User, oldPassword ...string) (err error) {
+	if len(oldPassword) > 1 {
+		return errors.New("Wrong numbers of params.")
+	}
+
 	o := orm.NewOrm()
 
 	var r sql.Result
 	if len(oldPassword) == 0 {
 		//In some cases, it may no need to check old password, just as Linux change password policies.
 		r, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID).Exec()
-		if err != nil {
-			return err
-		}
-
-		c, err := r.RowsAffected()
-		if err != nil {
-			return err
-		}
-
-		if c == 0 {
-			return errors.New("No record has been modified, change password failed.")
-		}
-
-		return nil
-	}
-
-	if len(oldPassword) == 1 {
+	} else {
 		r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID, utils.Encrypt(oldPassword[0], u.Salt)).Exec()
-		if err != nil {
-			return err
-		}
-		c, err := r.RowsAffected()
-		if err != nil {
-			return err
-		}
-		if c == 0 {
-			return errors.New("No record has been modified, change password failed.")
-		}
-
-		return nil
 	}
 
-	return errors.New("Wrong numbers of params.")
+	if err != nil {
+		return err
+	}
+	c, err := r.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if c == 0 {
+		return errors.New("No record has been modified, change password failed.")
+	}
+
+	return nil
 }
 
 // ResetUserPassword ...