public ActionResult Show(int id) { AlbumRepository albums = new AlbumRepository(); AlbumModel album = albums.GetByIdForShow(id); UserRepository users = new UserRepository(); var user = users.GetByUsername(HttpContext.User.Identity.Name); // check if album has a password, if it does, authorize if (!albums.authorizeWithPassword(album, user, (string)Session["Album" + album.Id.ToString()])) return RedirectToAction("PasswordForAlbum", new { id = album.Id }); // if user is not authorized if (!albums.IsUserAuthorizedToViewAlbum(album, user, true)) return View("NotAuthorized"); if (user == null || user.Id != album.User.Id) //if not logged in or not an author { //increment views album.Views += 1; albums.Update(album); } @ViewBag.user = user; return View(album); }