Check if the user's has the CREATE ACL to upload a file

Controller/MediaAdminController.php

@@ -41,7 +41,7 @@ private function getTemplate($name)
     /**
      * Returns the response object associated with the browser action
      *
-     * @return @return               \Symfony\Bundle\FrameworkBundle\Controller\Response
+     * @return \Symfony\Component\HttpFoundation\Response
      * @throws AccessDeniedException
      */
     public function browserAction()
@@ -74,8 +74,18 @@ public function browserAction()
         ));
     }
 
+    /**
+     * Returns the response object associated with the upload action
+     *
+     * @return \Symfony\Component\HttpFoundation\Response
+     * @throws AccessDeniedException
+     */
     public function uploadAction()
     {
+        if (false === $this->admin->isGranted('CREATE')) {
+            throw new AccessDeniedException();
+        }
+
         $mediaManager = $this->get('sonata.media.manager.media');
 
         $request = $this->getRequest();

Tests/tests/bootstrap.php

@@ -9,7 +9,6 @@
  * file that was distributed with this source code.
  */
 
-
 if (file_exists($file = __DIR__.'/autoload.php')) {
     require_once $file;
 } elseif (file_exists($file = __DIR__.'/autoload.php.dist')) {