diff --git a/trigger_6/views.py b/trigger_6/views.py
index b2745e20217c60d0c1472e0254fd7f507127ed06..70bc5a9827a106159479fd5b5ff409e5b7aec7ac 100644
--- a/trigger_6/views.py
+++ b/trigger_6/views.py
@@ -12,6 +12,13 @@ def show_riwayat(request):
     role = request.COOKIES.get('role')
     email = request.COOKIES.get('email')
 
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     if role == 'restaurant':
         rname = request.COOKIES.get('rname')
         rbranch = request.COOKIES.get('rbranch')
@@ -45,11 +52,18 @@ def show_riwayat(request):
         'record': record,
         'adminid':request.COOKIES.get('adminid')
     }
-    print(record)
+
     return render(request, 'riwayat.html', context)
 
 
 def show_detail_riwayat(request, email, datetime):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+    cursor.execute('set search_path to sirest')
     # query riwayat by id
     sql = f'''select u.fname, u.lname, t.street, t.district, t.city, t.province, r.rname, r.rbranch, t.datetime, t.rating, foo.fname, foo.lname, co.platenum, co.vehicletype, co.vehiclebrand, 
     r.street, r.district, r.city, r.province, t.totalfood, t.totaldiscount, t.deliveryfee, t.totalprice, pm.name, ps.name from transaction t, courier co, transaction_food tf,  
@@ -86,6 +100,15 @@ def show_detail_riwayat(request, email, datetime):
 
 
 def show_form_penilaian(request, email, datetime):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     if request.method == 'POST':
         rating = request.POST.get('nilai')
         if rating != '0':
@@ -106,10 +129,25 @@ def show_form_penilaian(request, email, datetime):
 
 
 def show_buat_promo(request):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
     return render(request, 'buat_promo.html', {'role': request.COOKIES.get('role')})
 
 
 def show_form_promo_minimum(request):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     if request.method == "POST":
         name = request.POST.get('name')
         discount = request.POST.get('discount')
@@ -143,6 +181,15 @@ def show_form_promo_minimum(request):
 
 
 def show_form_promo_hari_spesial(request):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     if request.method == "POST":
         name = request.POST.get('name')
         discount = request.POST.get('discount')
@@ -170,6 +217,15 @@ def show_form_promo_hari_spesial(request):
 
 
 def show_daftar_promo(request):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute('select * from promo')
     records_promo = cursor.fetchall()
     records_promo = sorted(records_promo, key=lambda x: x[1].lower())
@@ -202,6 +258,15 @@ def show_daftar_promo(request):
 
 
 def show_ubah_promo(request, jenis, id):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute(f'select promoname from promo where id = \'{id}\'')
     record = cursor.fetchall()
     if request.method == 'POST':
@@ -240,6 +305,13 @@ def show_ubah_promo(request, jenis, id):
 
 
 def show_daftar_promo_restoran(request, rname, rbranch):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
     cursor.execute('set search_path to sirest')
     cursor.execute(f'select * from promo p, restaurant_promo r where p.id = r.pid and r.rname = \'{rname}\' and r.rbranch = \'{rbranch}\'')
     records_promo_resto = cursor.fetchall()
@@ -264,6 +336,13 @@ def show_daftar_promo_restoran(request, rname, rbranch):
 
 
 def show_form_promo_restoran(request):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
     cursor.execute('set search_path to sirest')
     rname = request.COOKIES.get('rname')
     rbranch = request.COOKIES.get('rbranch')
@@ -305,6 +384,15 @@ def show_form_promo_restoran(request):
 
 
 def show_form_ubah_promo_restoran(request, id):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute(
         f'select promoname, discount from promo where id = \'{id}\'')
     record_pname = cursor.fetchall()
@@ -372,6 +460,15 @@ def show_form_ubah_promo_restoran(request, id):
 
 
 def show_detail_promo(request, id):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute(f'select * from promo where id = \'{id}\'')
     records_promo = cursor.fetchmany()
 
@@ -399,6 +496,15 @@ def show_detail_promo(request, id):
 
 
 def show_detail_promo_restoran(request, rname, rbranch, id):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute(
         f'select * from promo p, restaurant_promo r where p.id = r.pid and r.pid = \'{id}\' and r.rname = \'{rname}\' and r.rbranch = \'{rbranch}\'')
     record_promo = cursor.fetchall()
@@ -430,18 +536,45 @@ def show_detail_promo_restoran(request, rname, rbranch, id):
 
 
 def delete_promo(request, id):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute(f'delete from promo where id = \'{id}\'')
     connection.commit()
     return HttpResponseRedirect(reverse('trigger_6:show_daftar_promo'))
 
 
 def delete_promo_restoran(request, rname, rbranch, id):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute(
         f'delete from restaurant_promo where pid = \'{id}\' and rname = \'{rname}\' and rbranch = \'{rbranch}\'')
     connection.commit()
     return HttpResponseRedirect(reverse('trigger_6:show_daftar_promo_restoran', kwargs={'rname':rname, 'rbranch':rbranch}))
 
 def ubah_form_input(request, id):
+    role = request.COOKIES.get('role')
+
+    if role == None:
+        return redirect("/login")
+    if role != 'restaurant':
+        return redirect("/")
+
+    cursor.execute('set search_path to sirest')
+
     cursor.execute(f'select discount from sirest.promo where id = \'{id}\'')
     discount = cursor.fetchone()