diff --git a/data/model.py b/data/model.py
index 9b4cbcac0..e211b4ea2 100644
--- a/data/model.py
+++ b/data/model.py
@@ -737,6 +737,24 @@ def set_repository_visibility(repo, visibility):
   repo.save()
 
 
+def __apply_default_permissions(repo, proto_query, name_property,
+                                create_permission_func):
+  final_protos = {}
+  for proto in proto_query:
+    applies_to = proto_query.delegate_team or proto_query.delegate_user
+    name = getattr(applies_to, name_property)
+    # We will skip the proto if it is pre-empted by a more important proto
+    if name in final_protos and proto.activating_user is None:
+      continue
+
+    # By this point, it is either a user specific proto, or there is no
+    # proto yet, so we can safely assume it applies
+    final_protos[name] = (applies_to, proto.role)
+
+  for delegate, role in final_protos.values():
+    create_permission_func(delegate, repo, role)
+
+
 def create_repository(namespace, name, creating_user, visibility='private'):
   private = Visibility.get(name=visibility)
   repo = Repository.create(namespace=namespace, name=name,
@@ -744,8 +762,8 @@ def create_repository(namespace, name, creating_user, visibility='private'):
   admin = Role.get(name='admin')
 
   if creating_user and not creating_user.organization:
-    permission = RepositoryPermission.create(user=creating_user,
-                                             repository=repo, role=admin)
+    RepositoryPermission.create(user=creating_user, repository=repo,
+                                role=admin)
 
     if creating_user.username != namespace:
       # Permission prototypes only work for orgs
@@ -758,41 +776,23 @@ def create_repository(namespace, name, creating_user, visibility='private'):
                       .where(PermissionPrototype.org == org, user_clause,
                              PermissionPrototype.delegate_user >> None))
 
-      final_protos = {}
-      for proto in team_protos:
-        # We will skip the proto if it is pre-empted by a more important proto
-        if (proto.delegate_team.name in final_protos and
-            proto.activating_user is None):
-          continue
-
-        # By this point, it is either a user specific proto, or there is no
-        # proto yet, so we can safely assume it applies
-        final_protos[proto.delegate_team.name] = (proto.delegate_team,
-                                                  proto.role)
-
-      for team, role in final_protos.values():
+      def create_team_permission(team, repo, role):
         RepositoryPermission.create(team=team, repository=repo, role=role)
 
+      __apply_default_permissions(repo, team_protos, 'name',
+                                  create_team_permission)
+
       user_protos = (PermissionPrototype
                       .select()
                       .where(PermissionPrototype.org == org, user_clause,
                              PermissionPrototype.delegate_team >> None))
 
-      final_user_protos = {}
-      for proto in user_protos:
-        # We will skip the proto if it is pre-empted by a more important proto
-        if (proto.delegate_user.username in final_user_protos and
-            proto.activating_user is None):
-          continue
-
-        # By this point, it is either a user specific proto, or there is no
-        # proto yet, so we can safely assume it applies
-        final_user_protos[proto.delegate_user.username] = (proto.delegate_user,
-                                                           proto.role)
-
-      for user, role in final_user_protos.values():
+      def create_user_permission(user, repo, role):
         RepositoryPermission.create(user=user, repository=repo, role=role)
 
+      __apply_default_permissions(repo, user_protos, 'username',
+                                  create_user_permission)
+
   return repo