diff --git a/models/org.go b/models/org.go
index ce50670582..31db8e3643 100644
--- a/models/org.go
+++ b/models/org.go
@@ -507,7 +507,7 @@ func (t *Team) AddRepository(repo *Repository) (err error) {
 	mode := AuthorizeToAccessType(t.Authorize)
 
 	for _, u := range t.Members {
-		auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id)
+		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
 		if err != nil {
 			sess.Rollback()
 			return err
@@ -517,13 +517,7 @@ func (t *Team) AddRepository(repo *Repository) (err error) {
 			UserName: u.LowerName,
 			RepoName: path.Join(repo.Owner.LowerName, repo.LowerName),
 		}
-		if auth == 0 {
-			access.Mode = mode
-			if _, err = sess.Insert(access); err != nil {
-				sess.Rollback()
-				return fmt.Errorf("fail to insert access: %v", err)
-			}
-		} else if auth < t.Authorize {
+		if auth < t.Authorize {
 			if err = addAccessWithAuthorize(sess, access, mode); err != nil {
 				sess.Rollback()
 				return err
@@ -570,7 +564,7 @@ func (t *Team) RemoveRepository(repoId int64) error {
 
 	// Remove access to team members.
 	for _, u := range t.Members {
-		auth, err := GetHighestAuthorize(t.OrgId, u.Id, t.Id, repo.Id)
+		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
 		if err != nil {
 			sess.Rollback()
 			return err
@@ -668,7 +662,7 @@ func GetTeamById(teamId int64) (*Team, error) {
 }
 
 // GetHighestAuthorize returns highest repository authorize level for given user and team.
-func GetHighestAuthorize(orgId, uid, teamId, repoId int64) (AuthorizeType, error) {
+func GetHighestAuthorize(orgId, uid, repoId, teamId int64) (AuthorizeType, error) {
 	ts, err := GetUserTeams(orgId, uid)
 	if err != nil {
 		return 0, err
@@ -687,6 +681,7 @@ func GetHighestAuthorize(orgId, uid, teamId, repoId int64) (AuthorizeType, error
 			}
 		}
 	}
+
 	return auth, nil
 }
 
@@ -728,7 +723,7 @@ func UpdateTeam(t *Team, authChanged bool) (err error) {
 				// ORG_WRITABLE is the highest authorize level for now.
 				// Skip checking others if current team has this level.
 				if t.Authorize < ORG_WRITABLE {
-					auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id)
+					auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
 					if err != nil {
 						sess.Rollback()
 						return err
@@ -782,7 +777,7 @@ func DeleteTeam(t *Team) error {
 	// Delete all accesses.
 	for _, repo := range t.Repos {
 		for _, u := range t.Members {
-			auth, err := GetHighestAuthorize(org.Id, u.Id, t.Id, repo.Id)
+			auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, t.Id)
 			if err != nil {
 				sess.Rollback()
 				return err
@@ -943,7 +938,7 @@ func AddTeamMember(orgId, teamId, uid int64) error {
 	// Give access to team repositories.
 	mode := AuthorizeToAccessType(t.Authorize)
 	for _, repo := range t.Repos {
-		auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id)
+		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, teamId)
 		if err != nil {
 			sess.Rollback()
 			return err
@@ -953,14 +948,7 @@ func AddTeamMember(orgId, teamId, uid int64) error {
 			UserName: u.LowerName,
 			RepoName: path.Join(org.LowerName, repo.LowerName),
 		}
-		// Equal 0 means given access doesn't exist.
-		if auth == 0 {
-			access.Mode = mode
-			if _, err = sess.Insert(access); err != nil {
-				sess.Rollback()
-				return fmt.Errorf("fail to insert access: %v", err)
-			}
-		} else if auth < t.Authorize {
+		if auth < t.Authorize {
 			if err = addAccessWithAuthorize(sess, access, mode); err != nil {
 				sess.Rollback()
 				return err
@@ -1037,7 +1025,7 @@ func removeTeamMemberWithSess(orgId, teamId, uid int64, sess *xorm.Session) erro
 
 	// Delete access to team repositories.
 	for _, repo := range t.Repos {
-		auth, err := GetHighestAuthorize(orgId, uid, teamId, repo.Id)
+		auth, err := GetHighestAuthorize(t.OrgId, u.Id, repo.Id, teamId)
 		if err != nil {
 			sess.Rollback()
 			return err
diff --git a/modules/middleware/repo.go b/modules/middleware/repo.go
index 68a9a2d7fb..82ef3c799e 100644
--- a/modules/middleware/repo.go
+++ b/modules/middleware/repo.go
@@ -109,7 +109,7 @@ func RepoAssignment(redirect bool, args ...bool) macaron.Handler {
 			}
 			// Check if current user has admin permission to repository.
 			if u.IsOrganization() {
-				auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, 0, repo.Id)
+				auth, err := models.GetHighestAuthorize(u.Id, ctx.User.Id, repo.Id, 0)
 				if err != nil {
 					ctx.Handle(500, "GetHighestAuthorize", err)
 					return
diff --git a/routers/org/teams.go b/routers/org/teams.go
index b0a69da76e..9aa8e50214 100644
--- a/routers/org/teams.go
+++ b/routers/org/teams.go
@@ -94,7 +94,7 @@ func TeamsAction(ctx *middleware.Context) {
 		if err == models.ErrLastOrgOwner {
 			ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
 		} else {
-			log.Error(4, "Action(%s): %v", ctx.Params(":action"), err)
+			log.Error(3, "Action(%s): %v", ctx.Params(":action"), err)
 			ctx.JSON(200, map[string]interface{}{
 				"ok":  false,
 				"err": err.Error(),
@@ -133,7 +133,7 @@ func TeamsRepoAction(ctx *middleware.Context) {
 	}
 
 	if err != nil {
-		log.Error(4, "Action(%s): %v", ctx.Params(":action"), err)
+		log.Error(3, "Action(%s): %v", ctx.Params(":action"), err)
 		ctx.JSON(200, map[string]interface{}{
 			"ok":  false,
 			"err": err.Error(),
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 2354fbc13f..b30de91a3a 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -213,7 +213,7 @@ func SettingsCollaboration(ctx *middleware.Context) {
 		needDelete := true
 		if ctx.User.IsOrganization() {
 			// Check if user belongs to a team that has access to this repository.
-			auth, err := models.GetHighestAuthorize(ctx.Repo.Owner.Id, ctx.User.Id, 0, ctx.Repo.Repository.Id)
+			auth, err := models.GetHighestAuthorize(ctx.Repo.Owner.Id, ctx.User.Id, ctx.Repo.Repository.Id, 0)
 			if err != nil {
 				ctx.Handle(500, "GetHighestAuthorize", err)
 				return