diff --git a/api/shortcut_organizer.go b/api/shortcut_organizer.go
deleted file mode 100644
index 8ce67aa..0000000
--- a/api/shortcut_organizer.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package api
-
-type ShortcutOrganizer struct {
-	ShortcutID int
-	UserID     int
-	Pinned     bool
-}
-
-type ShortcutOrganizerFind struct {
-	ShortcutID int
-	UserID     int
-}
-
-type ShortcutOrganizerUpsert struct {
-	ShortcutID int
-	UserID     int
-	Pinned     bool `json:"pinned"`
-}
diff --git a/server/acl.go b/server/acl.go
index 39bdd2f..4356ffb 100644
--- a/server/acl.go
+++ b/server/acl.go
@@ -80,7 +80,7 @@ func aclMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc {
 			}
 		}
 
-		if common.HasPrefixes(path, "/api/ping", "/api/status") && c.Request().Method == http.MethodGet {
+		if common.HasPrefixes(path, "/api/ping", "/api/status", "/api/workspace") && c.Request().Method == http.MethodGet {
 			return next(c)
 		}
 
diff --git a/server/shortcut.go b/server/shortcut.go
index 248059e..856af9b 100644
--- a/server/shortcut.go
+++ b/server/shortcut.go
@@ -26,6 +26,17 @@ func (s *Server) registerShortcutRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post shortcut request").SetInternal(err)
 		}
 
+		existingShortcut, err := s.Store.FindShortcut(ctx, &api.ShortcutFind{
+			Name:        &shortcutCreate.Name,
+			WorkspaceID: &shortcutCreate.WorkspaceID,
+		})
+		if err != nil && common.ErrorCode(err) != common.NotFound {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find shortcut").SetInternal(err)
+		}
+		if existingShortcut != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Shortcut with name %s already exists", shortcutCreate.Name))
+		}
+
 		shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create shortcut").SetInternal(err)
@@ -48,6 +59,29 @@ func (s *Server) registerShortcutRoutes(g *echo.Group) {
 		if err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("shortcutId"))).SetInternal(err)
 		}
+		userID, ok := c.Get(getUserIDContextKey()).(int)
+		if !ok {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
+		}
+
+		shortcut, err := s.Store.FindShortcut(ctx, &api.ShortcutFind{
+			ID: &shortcutID,
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find shortcut").SetInternal(err)
+		}
+
+		workspaceUser, err := s.Store.FindWordspaceUser(ctx, &api.WorkspaceUserFind{
+			UserID:      &userID,
+			WorkspaceID: &shortcut.WorkspaceID,
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find workspace user").SetInternal(err)
+		}
+
+		if shortcut.CreatorID != userID && workspaceUser.Role != api.RoleAdmin {
+			return echo.NewHTTPError(http.StatusForbidden, "Forbidden to patch shortcut")
+		}
 
 		shortcutPatch := &api.ShortcutPatch{
 			ID: shortcutID,
@@ -56,7 +90,7 @@ func (s *Server) registerShortcutRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch shortcut request").SetInternal(err)
 		}
 
-		shortcut, err := s.Store.PatchShortcut(ctx, shortcutPatch)
+		shortcut, err = s.Store.PatchShortcut(ctx, shortcutPatch)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch shortcut").SetInternal(err)
 		}
diff --git a/store/db/migration/dev/LATEST__SCHEMA.sql b/store/db/migration/dev/LATEST__SCHEMA.sql
index d4ee07e..1eb9227 100644
--- a/store/db/migration/dev/LATEST__SCHEMA.sql
+++ b/store/db/migration/dev/LATEST__SCHEMA.sql
@@ -70,7 +70,7 @@ CREATE TABLE shortcut (
   row_status TEXT NOT NULL CHECK (row_status IN ('NORMAL', 'ARCHIVED')) DEFAULT 'NORMAL',
   workspace_id INTEGER NOT NULL,
   name TEXT NOT NULL,
-  link TEXT NOT NULL DEFAULT '',
+  link TEXT NOT NULL,
   description TEXT NOT NULL DEFAULT '',
   visibility TEXT NOT NULL CHECK (visibility IN ('PRIVATE', 'WORKSPACE', 'PUBLIC')) DEFAULT 'PRIVATE'
 );
@@ -78,12 +78,4 @@ CREATE TABLE shortcut (
 INSERT INTO
   sqlite_sequence (name, seq)
 VALUES
-  ('shortcut', 1000);
-
--- shortcut_organizer
-CREATE TABLE shortcut_organizer (
-  shortcut_id INTEGER NOT NULL,
-  user_id INTEGER NOT NULL,
-  pinned INTEGER NOT NULL CHECK (pinned IN (0, 1)) DEFAULT 0,
-  UNIQUE(shortcut_id, user_id)
-);
\ No newline at end of file
+  ('shortcut', 1000);
\ No newline at end of file
diff --git a/store/db/migration/prod/LATEST__SCHEMA.sql b/store/db/migration/prod/LATEST__SCHEMA.sql
index d4ee07e..1eb9227 100644
--- a/store/db/migration/prod/LATEST__SCHEMA.sql
+++ b/store/db/migration/prod/LATEST__SCHEMA.sql
@@ -70,7 +70,7 @@ CREATE TABLE shortcut (
   row_status TEXT NOT NULL CHECK (row_status IN ('NORMAL', 'ARCHIVED')) DEFAULT 'NORMAL',
   workspace_id INTEGER NOT NULL,
   name TEXT NOT NULL,
-  link TEXT NOT NULL DEFAULT '',
+  link TEXT NOT NULL,
   description TEXT NOT NULL DEFAULT '',
   visibility TEXT NOT NULL CHECK (visibility IN ('PRIVATE', 'WORKSPACE', 'PUBLIC')) DEFAULT 'PRIVATE'
 );
@@ -78,12 +78,4 @@ CREATE TABLE shortcut (
 INSERT INTO
   sqlite_sequence (name, seq)
 VALUES
-  ('shortcut', 1000);
-
--- shortcut_organizer
-CREATE TABLE shortcut_organizer (
-  shortcut_id INTEGER NOT NULL,
-  user_id INTEGER NOT NULL,
-  pinned INTEGER NOT NULL CHECK (pinned IN (0, 1)) DEFAULT 0,
-  UNIQUE(shortcut_id, user_id)
-);
\ No newline at end of file
+  ('shortcut', 1000);
\ No newline at end of file
diff --git a/store/db/seed/10000__reset.sql b/store/db/seed/10000__reset.sql
index afd5a14..66c04fc 100644
--- a/store/db/seed/10000__reset.sql
+++ b/store/db/seed/10000__reset.sql
@@ -1,6 +1,3 @@
-DELETE FROM
-  shortcut_organizer;
-
 DELETE FROM
   shortcut;
 
diff --git a/web/src/components/ShortcutListView.tsx b/web/src/components/ShortcutListView.tsx
index 1401519..199a1ef 100644
--- a/web/src/components/ShortcutListView.tsx
+++ b/web/src/components/ShortcutListView.tsx
@@ -1,11 +1,14 @@
 import { Tooltip } from "@mui/joy";
 import copy from "copy-to-clipboard";
 import { useState } from "react";
+import { UNKNOWN_ID } from "../helpers/consts";
 import { shortcutService, workspaceService } from "../services";
 import { useAppSelector } from "../store";
-import { UNKNOWN_ID } from "../helpers/consts";
+import { unknownWorkspace, unknownWorkspaceUser } from "../store/modules/workspace";
+import { absolutifyLink } from "../helpers/utils";
 import { showCommonDialog } from "./Alert";
 import Icon from "./Icon";
+import toastHelper from "./Toast";
 import Dropdown from "./common/Dropdown";
 import CreateShortcutDialog from "./CreateShortcutDialog";
 
@@ -20,14 +23,22 @@ interface State {
 
 const ShortcutListView: React.FC<Props> = (props: Props) => {
   const { workspaceId, shortcutList } = props;
-  const { user } = useAppSelector((state) => state.user);
+  const user = useAppSelector((state) => state.user.user as User);
+  const { workspaceList } = useAppSelector((state) => state.workspace);
   const [state, setState] = useState<State>({
     currentEditingShortcutId: UNKNOWN_ID,
   });
+  const workspace = workspaceList.find((workspace) => workspace.id === workspaceId) ?? unknownWorkspace;
+  const workspaceUser = workspace.workspaceUserList.find((workspaceUser) => workspaceUser.userId === user.id) ?? unknownWorkspaceUser;
+
+  const havePermission = (shortcut: Shortcut) => {
+    return workspaceUser.role === "ADMIN" || shortcut.creatorId === user.id;
+  };
 
   const handleCopyButtonClick = (shortcut: Shortcut) => {
     const workspace = workspaceService.getWorkspaceById(workspaceId);
-    copy(`${location.host}/${workspace?.name}/go/${shortcut.name}`);
+    copy(absolutifyLink(`/${workspace?.name}/${shortcut.name}`));
+    toastHelper.error("Shortcut link copied to clipboard.");
   };
 
   const handleEditShortcutButtonClick = (shortcut: Shortcut) => {
@@ -79,14 +90,14 @@ const ShortcutListView: React.FC<Props> = (props: Props) => {
                   actions={
                     <>
                       <button
-                        disabled={shortcut.creatorId !== user?.id}
+                        disabled={!havePermission(shortcut)}
                         className="w-full px-3 text-left leading-10 cursor-pointer rounded hover:bg-gray-100 disabled:cursor-not-allowed disabled:bg-gray-100 disabled:opacity-60"
                         onClick={() => handleEditShortcutButtonClick(shortcut)}
                       >
                         Edit
                       </button>
                       <button
-                        disabled={shortcut.creatorId !== user?.id}
+                        disabled={!havePermission(shortcut)}
                         className="w-full px-3 text-left leading-10 cursor-pointer rounded text-red-600 hover:bg-gray-100 disabled:cursor-not-allowed disabled:bg-gray-100 disabled:opacity-60"
                         onClick={() => {
                           handleDeleteShortcutButtonClick(shortcut);
diff --git a/web/src/helpers/utils.ts b/web/src/helpers/utils.ts
index c49ff38..4af273e 100644
--- a/web/src/helpers/utils.ts
+++ b/web/src/helpers/utils.ts
@@ -4,49 +4,8 @@ export const isNullorUndefined = (value: any) => {
   return isNull(value) || isUndefined(value);
 };
 
-export function getNowTimeStamp(): number {
-  return Date.now();
-}
-
-export function getOSVersion(): "Windows" | "MacOS" | "Linux" | "Unknown" {
-  const appVersion = navigator.userAgent;
-  let detectedOS: "Windows" | "MacOS" | "Linux" | "Unknown" = "Unknown";
-
-  if (appVersion.indexOf("Win") != -1) {
-    detectedOS = "Windows";
-  } else if (appVersion.indexOf("Mac") != -1) {
-    detectedOS = "MacOS";
-  } else if (appVersion.indexOf("Linux") != -1) {
-    detectedOS = "Linux";
-  }
-
-  return detectedOS;
-}
-
-export function debounce(fn: FunctionType, delay: number) {
-  let timer: number | null = null;
-
-  return () => {
-    if (timer) {
-      clearTimeout(timer);
-      timer = setTimeout(fn, delay);
-    } else {
-      timer = setTimeout(fn, delay);
-    }
-  };
-}
-
-export function throttle(fn: FunctionType, delay: number) {
-  let valid = true;
-
-  return () => {
-    if (!valid) {
-      return false;
-    }
-    valid = false;
-    setTimeout(() => {
-      fn();
-      valid = true;
-    }, delay);
-  };
+export function absolutifyLink(rel: string): string {
+  const anchor = document.createElement("a");
+  anchor.setAttribute("href", rel);
+  return anchor.href;
 }
diff --git a/web/src/pages/ShortcutRedirector.tsx b/web/src/pages/ShortcutRedirector.tsx
index 3dae414..800cd38 100644
--- a/web/src/pages/ShortcutRedirector.tsx
+++ b/web/src/pages/ShortcutRedirector.tsx
@@ -1,37 +1,35 @@
 import { useEffect, useState } from "react";
-import { useNavigate, useParams } from "react-router-dom";
+import { useParams } from "react-router-dom";
 import Header from "../components/Header";
 import { getShortcutWithNameAndWorkspaceName } from "../helpers/api";
 import useLoading from "../hooks/useLoading";
-import { userService } from "../services";
 
 interface State {
   errMessage?: string;
 }
 
 const ShortcutRedirector: React.FC = () => {
-  const navigate = useNavigate();
   const params = useParams();
   const [state, setState] = useState<State>();
   const loadingState = useLoading();
 
   useEffect(() => {
-    if (!userService.getState().user) {
-      navigate("/user/auth");
-      return;
-    }
-
     const workspaceName = params.workspaceName || "";
     const shortcutName = params.shortcutName || "";
     getShortcutWithNameAndWorkspaceName(workspaceName, shortcutName)
       .then(({ data: { data: shortcut } }) => {
         if (shortcut) {
           window.location.href = shortcut.link;
+        } else {
+          setState({
+            errMessage: "Not found",
+          });
+          loadingState.setFinish();
         }
       })
-      .catch((err) => {
+      .catch((error) => {
         setState({
-          errMessage: err?.message || "Not found",
+          errMessage: error.response.data.error || "Error occurred",
         });
         loadingState.setFinish();
       });
diff --git a/web/src/router/index.tsx b/web/src/router/index.tsx
index 238290c..4725959 100644
--- a/web/src/router/index.tsx
+++ b/web/src/router/index.tsx
@@ -62,21 +62,8 @@ const router = createBrowserRouter([
     },
   },
   {
-    path: "/:workspaceName/go/:shortcutName",
+    path: "/:workspaceName/:shortcutName",
     element: <ShortcutRedirector />,
-    loader: async () => {
-      try {
-        await userService.initialState();
-        await workspaceService.fetchWorkspaceList();
-      } catch (error) {
-        // do nth
-      }
-
-      const { user } = userService.getState();
-      if (isNullorUndefined(user)) {
-        return redirect("/user/auth");
-      }
-    },
   },
 ]);