From ab9d31e01cdaca7b8910b4d19b0b038e4f2b9621 Mon Sep 17 00:00:00 2001
From: Bjarke Berg <mail@bergmania.dk>
Date: Tue, 23 Mar 2021 08:58:18 +0100
Subject: [PATCH] https://github.com/umbraco/Umbraco-CMS/issues/10030 - Fixed
 the two issues reported.

---
 src/Umbraco.Web.BackOffice/Controllers/ContentController.cs | 3 +--
 src/Umbraco.Web.BackOffice/Controllers/MediaController.cs   | 5 ++---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
index b314cb4fa1..c3690b4863 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
@@ -36,7 +36,6 @@ using Umbraco.Cms.Web.Common.ActionsResults;
 using Umbraco.Cms.Web.Common.Attributes;
 using Umbraco.Cms.Web.Common.Authorization;
 using Umbraco.Extensions;
-using Constants = Umbraco.Cms.Core.Constants;
 
 namespace Umbraco.Cms.Web.BackOffice.Controllers
 {
@@ -158,7 +157,7 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
 
             // Authorize...
             var resource = new ContentPermissionsResource(content, ActionRights.ActionLetter);
-            var authorizationResult = await _authorizationService.AuthorizeAsync(User, content, AuthorizationPolicies.ContentPermissionByResource);
+            var authorizationResult = await _authorizationService.AuthorizeAsync(User, resource, AuthorizationPolicies.ContentPermissionByResource);
             if (!authorizationResult.Succeeded)
             {
                 return Forbid();
diff --git a/src/Umbraco.Web.BackOffice/Controllers/MediaController.cs b/src/Umbraco.Web.BackOffice/Controllers/MediaController.cs
index 3eb8d740bc..3bb23e47e9 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/MediaController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/MediaController.cs
@@ -24,7 +24,6 @@ using Umbraco.Cms.Core.Media;
 using Umbraco.Cms.Core.Models;
 using Umbraco.Cms.Core.Models.ContentEditing;
 using Umbraco.Cms.Core.Models.Entities;
-using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Cms.Core.Models.Validation;
 using Umbraco.Cms.Core.Persistence.Querying;
 using Umbraco.Cms.Core.PropertyEditors;
@@ -42,7 +41,6 @@ using Umbraco.Cms.Web.Common.ActionsResults;
 using Umbraco.Cms.Web.Common.Attributes;
 using Umbraco.Cms.Web.Common.Authorization;
 using Umbraco.Extensions;
-using Constants = Umbraco.Cms.Core.Constants;
 
 namespace Umbraco.Cms.Web.BackOffice.Controllers
 {
@@ -647,7 +645,8 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
 
             // Authorize...
             var requirement = new MediaPermissionsResourceRequirement();
-            var authorizationResult = await _authorizationService.AuthorizeAsync(User, _mediaService.GetById(sorted.ParentId), requirement);
+            var resource = new MediaPermissionsResource(sorted.ParentId);
+            var authorizationResult = await _authorizationService.AuthorizeAsync(User, resource, requirement);
             if (!authorizationResult.Succeeded)
             {
                 return Forbid();