public ActionResult ManageAlbum(int id)
{
AlbumRepository albums = new AlbumRepository();
AlbumModel album = albums.GetByIdForManage(id);
UserRepository users = new UserRepository();
var user = users.GetByUsername(HttpContext.User.Identity.Name);
//access control
if (!albums.isUserAuthorizedToEditAlbum(album, user))
return View("NotAuthorizedEdit");
return View(album);
}