You should be passing the id in the url
@Html.ActionLink("Add Pictures", "pictures",new { @id=item.ID})
And in your pictures action method, you should check whether the current User is a logged (Authentication) in user and he has proper permission to add picture (Authorization).
public ActionResult pictures(int id)
{
//TO DO : Check the user has sufficient permission to add pictures.
// The implementation of this checking is completely up to you.
// If not authorized redirect to a view to show the "Not authorized" message
}