diff --git a/controllers/cashTransactionController.js b/controllers/cashTransactionController.js
index 77d9750..3696ba7 100644
--- a/controllers/cashTransactionController.js
+++ b/controllers/cashTransactionController.js
@@ -1,25 +1,37 @@
 var cashTransactionModel = require('../models/cashTransactionModel.js');
+var UserModel = require('../models/userModel');
 
 module.exports = {
 
-  list: function (req, res) {
-    cashTransactionModel.find()
-      .then(transactions => {
-        var data = {
-          messages: transactions
-        };
-        return res.render('cash', data);
-      })
-      .catch(err => {
+  list: async function (req, res) {
+    const password = req.body.pass;
+    try{
+      const userFound = await UserModel.findOne({ pass: password });
+      if (!userFound) {
+        return res.status(404).json({ message: 'Wrong password' });
+      }
+      const transactions = await cashTransactionModel.find()
+      const data = {
+        messages: transactions
+      };
+      return res.render('cash', data);
+    }catch (err) {
         return res.status(500).json({
           message: 'Error when getting transactions.',
           error: err
         });
-      });
+      };
   },
 
   create: async function (req, res) {
     const rawString = req.body.messageBody;
+    const password = req.body.pass;
+
+    const userFound = await UserModel.findOne({ pass: password });
+    if (!userFound) {
+      return res.status(404).json({ message: 'Wrong password' });
+    }
+
     const transaction = new cashTransactionModel({
       raw: rawString,
       day: 0,
@@ -69,7 +81,12 @@ module.exports = {
     }
   },
 
-  delete: function (req, res) {
+  delete: async function (req, res) {
+    const password = req.body.pass;
+    const userFound = await UserModel.findOne({ pass: password });
+    if (!userFound) {
+      return res.status(404).json({ message: 'Wrong password' });
+    }
     cashTransactionModel.deleteMany({})
     .then(data =>{
       res.status(201).json({message:"OK"});