Introduce granulated Media Gallery ACL resources and enforce for old media gallery

Author: Nazar65

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFiles.php

@@ -13,6 +13,11 @@
  */
 class DeleteFiles extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images implements HttpPostActionInterface
 {
+    /**
+     * @see _isAllowed()
+     */
+    public const ADMIN_RESOURCE = 'Magento_Cms::delete_assets';
+
     /**
      * @var \Magento\Framework\Controller\Result\JsonFactory
      */

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolder.php

@@ -17,6 +17,11 @@
  */
 class DeleteFolder extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images implements HttpPostActionInterface
 {
+    /**
+     * @see _isAllowed()
+     */
+    public const ADMIN_RESOURCE = 'Magento_Cms::delete_folder';
+
     /**
      * @var \Magento\Framework\Controller\Result\JsonFactory
      */

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/NewFolder.php

@@ -14,6 +14,11 @@
  */
 class NewFolder extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images implements HttpPostActionInterface
 {
+    /**
+     * @see _isAllowed()
+     */
+    public const ADMIN_RESOURCE = 'Magento_Cms::create_folder';
+
     /**
      * @var \Magento\Framework\Controller\Result\JsonFactory
      */
@@ -65,7 +70,7 @@ public function execute()
         }
         /** @var \Magento\Framework\Controller\Result\Json $resultJson */
         $resultJson = $this->resultJsonFactory->create();
-        
+
         return $resultJson->setData($result);
     }
 }

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/OnInsert.php

@@ -8,6 +8,11 @@
 
 class OnInsert extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images
 {
+    /**
+     * @see _isAllowed()
+     */
+    public const ADMIN_RESOURCE = 'Magento_Cms::insert_assets';
+
     /**
      * @var \Magento\Framework\Controller\Result\RawFactory
      */

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/Upload.php

@@ -17,6 +17,11 @@
  */
 class Upload extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images implements HttpPostActionInterface
 {
+    /**
+     * @see _isAllowed()
+     */
+    public const ADMIN_RESOURCE = 'Magento_Cms::upload_assets';
+
     /**
      * @var \Magento\Framework\Controller\Result\JsonFactory
      */
@@ -74,7 +79,7 @@ public function execute()
         }
         /** @var \Magento\Framework\Controller\Result\Json $resultJson */
         $resultJson = $this->resultJsonFactory->create();
-        
+
         return $resultJson->setData($response);
     }
 }

app/code/Magento/MediaGalleryUi/Controller/Adminhtml/Directories/Create.php

@@ -29,7 +29,7 @@ class Create extends Action implements HttpPostActionInterface
     /**
      * @see _isAllowed()
      */
-    public const ADMIN_RESOURCE = 'Magento_Cms::media_gallery';
+    public const ADMIN_RESOURCE = 'Magento_Cms::create_folder';
 
     /**
      * @var CreateDirectoriesByPathsInterface

app/code/Magento/MediaGalleryUi/Controller/Adminhtml/Directories/Delete.php

@@ -30,7 +30,7 @@ class Delete extends Action implements HttpPostActionInterface
     /**
      * @see _isAllowed()
      */
-    public const ADMIN_RESOURCE = 'Magento_Cms::media_gallery';
+    public const ADMIN_RESOURCE = 'Magento_Cms::delete_folder';
 
     /**
      * @var DeleteAssetsByPathsInterface

app/code/Magento/MediaGalleryUi/Controller/Adminhtml/Image/Delete.php

@@ -31,7 +31,7 @@ class Delete extends Action implements HttpPostActionInterface
     /**
      * @see _isAllowed()
      */
-    public const ADMIN_RESOURCE = 'Magento_Cms::media_gallery';
+    public const ADMIN_RESOURCE = 'Magento_Cms::delete_assets';
 
     /**
      * @var DeleteImage

app/code/Magento/MediaGalleryUi/Controller/Adminhtml/Image/Upload.php

@@ -28,7 +28,7 @@ class Upload extends Action implements HttpPostActionInterface
     /**
      * @see _isAllowed()
      */
-    public const ADMIN_RESOURCE = 'Magento_Cms::media_gallery';
+    public const ADMIN_RESOURCE = 'Magento_Cms::upload_assets';
 
     /**
      * @var UploadImage

app/code/Magento/MediaGalleryUi/etc/acl.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
+    <acl>
+        <resources>
+            <resource id="Magento_Backend::admin">
+                <resource id="Magento_Backend::content">
+                    <resource id="Magento_Backend::content_elements">
+                        <resource id="Magento_Cms::media_gallery">
+                            <resource id="Magento_Cms::upload_assets" title="Upload Assets" translate="title" sortOrder="70"/>
+                            <resource id="Magento_Cms::delete_assets" title="Delete Assets" translate="title" sortOrder="60"/>
+                            <resource id="Magento_Cms::insert_assets" title="Insert Assets into the content" translate="title" sortOrder="50"/>
+                            <resource id="Magento_Cms::create_folder" title="Create Folder" translate="title" sortOrder="40"/>
+                            <resource id="Magento_Cms::delete_folder" title="Delete Folder" translate="title" sortOrder="40"/>
+                        </resource>
+                    </resource>
+                </resource>
+            </resource>
+        </resources>
+    </acl>
+</config>