diff --git a/app/Http/Controllers/Gallery/PhotoController.php b/app/Http/Controllers/Gallery/PhotoController.php
index abb9593..7a7a9de 100644
--- a/app/Http/Controllers/Gallery/PhotoController.php
+++ b/app/Http/Controllers/Gallery/PhotoController.php
@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Gallery;
 
 use App\Album;
 use App\Facade\Theme;
+use App\Helpers\DbHelper;
 use app\Http\Controllers\Admin\AlbumController;
 use App\Http\Controllers\Controller;
 use App\Photo;
@@ -14,10 +15,17 @@ class PhotoController extends Controller
 {
     public function download(Request $request, $albumUrlAlias, $photoFilename)
     {
-        $album = PhotoController::loadAlbumByAlias($albumUrlAlias);
+        $album = DbHelper::loadAlbumByUrlAlias($albumUrlAlias);
+        if (is_null($album))
+        {
+            App::abort(404);
+            return null;
+        }
+        $this->authorize('album.view', $album);
+
         $albumSource = $album->getAlbumSource();
 
-        $thumbnail = $request->get('t', $albumSource->getOriginalsFolder());
+        $thumbnail = $request->get('t');
         $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);
 
         return response()->file($albumSource->getPathToPhoto($photo, $thumbnail));
@@ -25,29 +33,21 @@ class PhotoController extends Controller
 
     public function show($albumUrlAlias, $photoFilename)
     {
-        $album = PhotoController::loadAlbumByAlias($albumUrlAlias);
-        $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);
-
-        return Theme::render('gallery.photo', [
-            'album' => $album,
-            'photo' => $photo
-        ]);
-    }
-
-    /**
-     * @param $id
-     * @return Album
-     */
-    public static function loadAlbumByAlias($alias)
-    {
-        $album = Album::where('url_alias', $alias)->first();
+        $album = DbHelper::loadAlbumByUrlAlias($albumUrlAlias);
         if (is_null($album))
         {
             App::abort(404);
             return null;
         }
 
-        return $album;
+        $this->authorize('album.view', $album);
+
+        $photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);
+
+        return Theme::render('gallery.photo', [
+            'album' => $album,
+            'photo' => $photo
+        ]);
     }
 
     /**
diff --git a/database/migrations/2016_09_09_155655_add_album_privacy_column.php b/database/migrations/2016_09_09_155655_add_album_privacy_column.php
new file mode 100644
index 0000000..32e22bd
--- /dev/null
+++ b/database/migrations/2016_09_09_155655_add_album_privacy_column.php
@@ -0,0 +1,39 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddAlbumPrivacyColumn extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('albums', function (Blueprint $table) {
+            $table->boolean('is_private');
+            $table->unsignedInteger('user_id');
+
+            $table->foreign('user_id')
+                ->references('id')->on('users')
+                ->onDelete('no action');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('albums', function (Blueprint $table) {
+            $table->dropForeign('albums_user_id_foreign');
+            $table->dropColumn('user_id');
+            $table->dropColumn('is_private');
+        });
+    }
+}