diff --git a/controllers/base.go b/controllers/base.go
index d691d006..15bfb03c 100644
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -73,7 +73,7 @@ func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
 
 func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 	username := c.GetSessionUsername()
-	if strings.HasPrefix(username, "app/") {
+	if object.IsAppUser(username) {
 		// e.g., "app/app-casnode"
 		return true, nil
 	}
diff --git a/controllers/service.go b/controllers/service.go
index 15f12941..9a76c76f 100644
--- a/controllers/service.go
+++ b/controllers/service.go
@@ -120,7 +120,7 @@ func (c *ApiController) SendEmail() {
 	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
 	content = strings.Replace(content, "%s", code, 1)
 	userString := "Hi"
-	if !strings.HasPrefix(userId, "app/") {
+	if !object.IsAppUser(userId) {
 		var user *object.User
 		user, err = object.GetUser(userId)
 		if err != nil {
diff --git a/controllers/util.go b/controllers/util.go
index a27acd6e..0584e048 100644
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -96,7 +96,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 		return nil, false
 	}
 
-	if strings.HasPrefix(userId, "app/") {
+	if object.IsAppUser(userId) {
 		tmpUserId := c.Input().Get("userId")
 		if tmpUserId != "" {
 			userId = tmpUserId
@@ -142,7 +142,7 @@ func (c *ApiController) IsOrgAdmin() (bool, bool) {
 		return false, true
 	}
 
-	if strings.HasPrefix(userId, "app/") {
+	if object.IsAppUser(userId) {
 		return true, true
 	}
 
diff --git a/object/application.go b/object/application.go
index a9155cf6..14d509a0 100644
--- a/object/application.go
+++ b/object/application.go
@@ -405,8 +405,8 @@ func GetApplicationByUser(user *User) (*Application, error) {
 }
 
 func GetApplicationByUserId(userId string) (application *Application, err error) {
-	owner, name := util.GetOwnerAndNameFromId(userId)
-	if owner == "app" {
+	_, name := util.GetOwnerAndNameFromId(userId)
+	if IsAppUser(userId) {
 		application, err = getApplication("admin", name)
 		return
 	}
diff --git a/object/check.go b/object/check.go
index 2fe97a3e..5200cf1f 100644
--- a/object/check.go
+++ b/object/check.go
@@ -410,7 +410,7 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 	}
 
 	hasPermission := false
-	if strings.HasPrefix(requestUserId, "app/") {
+	if IsAppUser(requestUserId) {
 		hasPermission = true
 	} else {
 		requestUser, err := GetUser(requestUserId)
diff --git a/object/user.go b/object/user.go
index 8fe8bba5..dcd6e584 100644
--- a/object/user.go
+++ b/object/user.go
@@ -1003,7 +1003,7 @@ func (user *User) GetFriendlyName() string {
 }
 
 func isUserIdGlobalAdmin(userId string) bool {
-	return strings.HasPrefix(userId, "built-in/") || strings.HasPrefix(userId, "app/")
+	return strings.HasPrefix(userId, "built-in/") || IsAppUser(userId)
 }
 
 func ExtendUserWithRolesAndPermissions(user *User) (err error) {
diff --git a/object/user_util.go b/object/user_util.go
index e615fb0c..1f55ba0a 100644
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -464,3 +464,10 @@ func (user *User) IsAdminUser() bool {
 
 	return user.IsAdmin || user.IsGlobalAdmin()
 }
+
+func IsAppUser(userId string) bool {
+	if strings.HasPrefix(userId, "app/") {
+		return true
+	}
+	return false
+}