diff --git a/routers/authz_filter.go b/routers/authz_filter.go
index 73ebfd63..979b29b6 100644
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@@ -22,7 +22,6 @@ import (
 
 	"github.com/astaxie/beego/context"
 	"github.com/casbin/casdoor/authz"
-	"github.com/casbin/casdoor/controllers"
 	"github.com/casbin/casdoor/object"
 	"github.com/casbin/casdoor/util"
 )
@@ -104,16 +103,6 @@ func getObject(ctx *context.Context) (string, string) {
 	}
 }
 
-func denyRequest(ctx *context.Context) {
-	w := ctx.ResponseWriter
-	w.WriteHeader(403)
-	resp := &controllers.Response{Status: "error", Msg: "Unauthorized operation"}
-	_, err := w.Write([]byte(util.StructToJson(resp)))
-	if err != nil {
-		panic(err)
-	}
-}
-
 func willLog(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if subOwner == "anonymous" && subName == "anonymous" && method == "GET" && (urlPath == "/api/get-account" || urlPath == "/api/get-app-login") && objOwner == "" && objName == "" {
 		return false
diff --git a/routers/base.go b/routers/base.go
new file mode 100644
index 00000000..18c3159c
--- /dev/null
+++ b/routers/base.go
@@ -0,0 +1,44 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package routers
+
+import "github.com/astaxie/beego/context"
+
+type Response struct {
+	Status string      `json:"status"`
+	Msg    string      `json:"msg"`
+	Data   interface{} `json:"data"`
+	Data2  interface{} `json:"data2"`
+}
+
+func responseError(ctx *context.Context, error string, data ...interface{}) {
+	resp := Response{Status: "error", Msg: error}
+	switch len(data) {
+	case 2:
+		resp.Data2 = data[1]
+		fallthrough
+	case 1:
+		resp.Data = data[0]
+	}
+
+	err := ctx.Output.JSON(resp, true, false)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func denyRequest(ctx *context.Context) {
+	responseError(ctx, "Unauthorized operation")
+}
diff --git a/web/src/UserEditPage.js b/web/src/UserEditPage.js
index beecdeee..ccdf94d2 100644
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -179,7 +179,7 @@ class UserEditPage extends React.Component {
               </Col>
             </Row>
             <Row style={{marginTop: '20px'}}>
-              <CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} targetFunction={UserBackend.uploadAvatar} />
+              <CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} />
             </Row>
           </Col>
         </Row>