Currently it only allows the admins or content admins to upload. The bulk upload in the folder gallery was only added recently. Previously this feature only allowed upload by ftp which meant a trusted/privileged user therefore I kept it secure by limiting uploading to admin or content admin.
I'm not sure what the best solution would be because the user can choose the folder where the images come from so if we allow the user to upload then he can upload to any folder beneath the /Data/Sites/[SiteID]/FolderGalleries folder. Having this ability to choose the folder that is the root of the gallery is fine when he does not have upload permission because he can't hurt anything he can only choose which folder to show images from. But if we allow him also to upload, then as I say it becomes more problematic because the combination of being able to choose the folder and upload means he can upload anywhere beneath the mentioned absolute root of the site folder galleries.
I'm open to suggestion of how the logic should work as long as its not too complicated.
Maybe the logic should be that if the user has only permission as a specific user not by roles then he cannot change the folder of the gallery but can only upload?