diff --git a/app/controllers/AuthorController.php b/app/controllers/AuthorController.php
index 8f79d098d9ad9d42ae4cdc459b5a0852814ccae4..98d582ca12f179b5500ee51bf44e6c173c658234 100644
--- a/app/controllers/AuthorController.php
+++ b/app/controllers/AuthorController.php
@@ -15,9 +15,19 @@ class AuthorController extends Controller implements ControllerInterface
 
     public function add() 
     {
+        if (!isset($_SESSION['username'])) {
+            http_response_code(301);
+            header("Location: /user/login", true, 301);
+            exit;
+        }
         try {
             switch ($_SERVER['REQUEST_METHOD']) {
                 case 'GET':
+                    if ($_SESSION['role'] != UserRole::Admin) {
+                        $unauthorizedView = $this->view('.', 'UnauthorizedView');
+                        $unauthorizedView->render();
+                        exit;   
+                    }
                     // show the register page
                     $addBookView = $this->view('admin', 'AddAuthorView');
                     $addBookView->render();
diff --git a/app/controllers/BookController.php b/app/controllers/BookController.php
index 567aafeafbd8b06193889e8c2266c6e4ab5bb0dc..134b4df9338f8f701a899876f621c4b9dcbfadb2 100644
--- a/app/controllers/BookController.php
+++ b/app/controllers/BookController.php
@@ -57,9 +57,19 @@ class BookController extends Controller implements ControllerInterface{
 
     public function add() 
     {
+        if (!isset($_SESSION['username'])) {
+            http_response_code(301);
+            header("Location: /user/login", true, 301);
+            exit;
+        }
         try {
             switch ($_SERVER['REQUEST_METHOD']) {
                 case 'GET':
+                    if ($_SESSION['role'] != UserRole::Admin) {
+                        $unauthorizedView = $this->view('.', 'UnauthorizedView');
+                        $unauthorizedView->render();
+                        exit;   
+                    }
                     // show the add book page
                     $addBookView = $this->view('admin', 'AddBookView');
                     $addBookView->render(); 
diff --git a/app/controllers/GenreController.php b/app/controllers/GenreController.php
index 427862633c87067188b82cb7154cb6d6663fb967..aaccffc5f96141bb81de64681f87fcb9da36aba0 100644
--- a/app/controllers/GenreController.php
+++ b/app/controllers/GenreController.php
@@ -15,9 +15,19 @@ class GenreController extends Controller implements ControllerInterface
 
     public function add() 
     {
+        if (!isset($_SESSION['username'])) {
+            http_response_code(301);
+            header("Location: /user/login", true, 301);
+            exit;
+        }
         try {
             switch ($_SERVER['REQUEST_METHOD']) {
                 case 'GET':
+                    if (!isset($_SESSION['username'])) {
+                        http_response_code(301);
+                        header("Location: /user/login", true, 301);
+                        exit;
+                    }
                     // show the register page
                     $addGenreView = $this->view('admin', 'AddGenreView');
                     $addGenreView->render();