diff --git a/routes/web.php b/routes/web.php
index 330d9d3..972638c 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -19,4 +19,6 @@ Route::get('/login', 'Auth\LoginController@showLoginForm')->name('auth.show-logi
 Route::post('/login', 'Auth\LoginController@login')->name('auth.login');
 Route::post('/logout', 'Auth\LoginController@logout')->name('auth.logout');
 
-Route::get('/backstage/concerts/new', 'Backstage\ConcertsController@create');
+Route::group(['middleware' => 'auth'], function () {
+    Route::get('/backstage/concerts/new', 'Backstage\ConcertsController@create');
+});
diff --git a/tests/Feature/Backstage/AddConcertTest.php b/tests/Feature/Backstage/AddConcertTest.php
index b7ec2c2..1af3b64 100644
--- a/tests/Feature/Backstage/AddConcertTest.php
+++ b/tests/Feature/Backstage/AddConcertTest.php
@@ -11,4 +11,23 @@ use Illuminate\Foundation\Testing\DatabaseMigrations;
 class AddConcertTest extends TestCase
 {
     use DatabaseMigrations;
+
+    /** @test */
+    function promoters_can_view_the_add_concert_form()
+    {
+        $user = factory(User::class)->create();
+
+        $response = $this->actingAs($user)->get('/backstage/concerts/new');
+
+        $response->assertStatus(200);
+    }
+
+    /** @test */
+    function guests_cannot_view_the_add_concert_form()
+    {
+        $response = $this->get('/backstage/concerts/new');
+
+        $response->assertStatus(302);
+        $response->assertRedirect('/login');
+    }
 }