public ActionResult Show(int id)
{
AlbumRepository albums = new AlbumRepository();
AlbumModel album = albums.GetByIdForShow(id);
UserRepository users = new UserRepository();
var user = users.GetByUsername(HttpContext.User.Identity.Name);
// check if album has a password, if it does, authorize
if (!albums.authorizeWithPassword(album, user, (string)Session["Album" + album.Id.ToString()]))
return RedirectToAction("PasswordForAlbum", new { id = album.Id });
// if user is not authorized
if (!albums.IsUserAuthorizedToViewAlbum(album, user, true))
return View("NotAuthorized");
if (user == null || user.Id != album.User.Id) //if not logged in or not an author
{
//increment views
album.Views += 1;
albums.Update(album);
}
@ViewBag.user = user;
return View(album);
}
