From d89a3330fb0d8bebb4d3113d6e0406df21d2caf6 Mon Sep 17 00:00:00 2001
From: andy zheng <zgofmontreal@gmail.com>
Date: Wed, 10 Feb 2016 21:30:18 -0500
Subject: [PATCH 1/2] add the lack of file of
 Parts.MediaProcessing.ImageProfile.cshtml

---
 .../Orchard.MediaProcessing/Orchard.MediaProcessing.csproj     | 3 +++
 .../Views/Parts.MediaProcessing.ImageProfile.cshtml            | 2 ++
 2 files changed, 5 insertions(+)
 create mode 100644 src/Orchard.Web/Modules/Orchard.MediaProcessing/Views/Parts.MediaProcessing.ImageProfile.cshtml

diff --git a/src/Orchard.Web/Modules/Orchard.MediaProcessing/Orchard.MediaProcessing.csproj b/src/Orchard.Web/Modules/Orchard.MediaProcessing/Orchard.MediaProcessing.csproj
index d9ec5d30c..3cf89304d 100644
--- a/src/Orchard.Web/Modules/Orchard.MediaProcessing/Orchard.MediaProcessing.csproj
+++ b/src/Orchard.Web/Modules/Orchard.MediaProcessing/Orchard.MediaProcessing.csproj
@@ -158,6 +158,9 @@
   <ItemGroup>
     <Content Include="Placement.info" />
   </ItemGroup>
+  <ItemGroup>
+    <Content Include="Views\Parts.MediaProcessing.ImageProfile.cshtml" />
+  </ItemGroup>
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
diff --git a/src/Orchard.Web/Modules/Orchard.MediaProcessing/Views/Parts.MediaProcessing.ImageProfile.cshtml b/src/Orchard.Web/Modules/Orchard.MediaProcessing/Views/Parts.MediaProcessing.ImageProfile.cshtml
new file mode 100644
index 000000000..b8bea62c1
--- /dev/null
+++ b/src/Orchard.Web/Modules/Orchard.MediaProcessing/Views/Parts.MediaProcessing.ImageProfile.cshtml
@@ -0,0 +1,2 @@
+
+<h1>@Model.Name</h1>
\ No newline at end of file

From fc0e06408a96d6a4f87346e2dc1e4540bd39a48d Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebastienros@gmail.com>
Date: Thu, 11 Feb 2016 11:32:11 -0800
Subject: [PATCH 2/2] Adding permission check when updloading media from the
 admin

---
 .../Controllers/ClientStorageController.cs            | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/ClientStorageController.cs b/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/ClientStorageController.cs
index 62859a7b2..63a09632e 100644
--- a/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/ClientStorageController.cs
+++ b/src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/ClientStorageController.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Dynamic;
 using System.IO;
 using System.Web.Mvc;
 using Orchard.ContentManagement;
@@ -27,6 +26,16 @@ namespace Orchard.MediaLibrary.Controllers {
         public IOrchardServices Services { get; set; }
 
         public ActionResult Index(string folderPath, string type) {
+            if (!Services.Authorizer.Authorize(Permissions.ManageOwnMedia)) {
+                return new HttpUnauthorizedResult();
+            }
+            
+            // Check permission.
+            var rootMediaFolder = _mediaLibraryService.GetRootMediaFolder();
+
+            if (!Services.Authorizer.Authorize(Permissions.ManageMediaContent) && !_mediaLibraryService.CanManageMediaFolder(folderPath)) {
+                return new HttpUnauthorizedResult();
+            }
 
             var viewModel = new ImportMediaViewModel {
                 FolderPath = folderPath,