WordPress · creativecoder · Feb 22, 2024 · Feb 22, 2024 · Feb 22, 2024 · Feb 22, 2024
@@ -326,6 +326,14 @@ public function create_item( $request ) {
 			$settings    = $request->get_param( 'font_face_settings' );
 			$file_params = $request->get_file_params();
 
+			if ( ! empty( $file_params ) && ! current_user_can( 'upload_fonts' ) ) {
+				return new WP_Error(
+					'rest_cannot_upload_fonts',
+					__( 'You are not allowed to upload font files.', 'gutenberg' ),
+					array( 'status' => 403 )
+				);
+			}
+
 			// Check that the necessary font face properties are unique.
 			$query = new WP_Query(
 				array(

@@ -84,6 +84,35 @@ function gutenberg_create_initial_post_types() {
 	);
 }
 
+/**
-/**
+/**
+ * Modify the `delete_post` meta capability for font post types.
+ *
+ * For font families and font faces containing attached font files, file
+ * system access is required by the user in order to delete posts.
+ *
+ * @param string[] $caps    The primitive capabilities required for the given capability.
+ * @param string   $cap     The capability being checked.
+ * @param int      $user_id The user ID.
+ * @param array    $args    Context for the capability check.
+ * @return string[] The modified primitive capabilities required for the given capability.
+ */
+function gutenberg_delete_font_post_meta_caps( $caps, $cap, $user_id, $args ) {
+	if ( in_array( 'do_not_allow', $caps, true ) ) {
+		// It's already known that the user is not allowed to perform the requested capability.
+		return $caps;
+	}
+
+	if ( 'delete_post' !== $cap ) {
+		// This filter is only concerned with the 'delete_post' meta capability.
+		return $caps;
+	}
+
+	$post = get_post( $args[0] );
+	if ( ! $post ) {
+		$caps[] = 'do_not_allow';
+		return $caps;
+	}
+
+	$post_type = get_post_type( $post );
+
+	if ( 'wp_font_face' === $post_type ) {
+		// Are there any font files associated with this font face?
+		$font_files = get_post_meta( $post->ID, '_wp_font_face_file', false );
+
+		if ( empty( $font_files ) ) {
+			/*
+			* No font files.
+			*
+			* The user can delete the post based on the 'delete_post' meta capability.
+			*/
+			return $caps;
+		}
+
+		// The user can only delete the post if they can modify the file system.
+		$caps[] = 'upload_fonts';
+
+		return $caps;
+	}
+
+	if ( 'wp_font_family' === $post_type ) {
+		// Are there any font faces associated with this font family?
+		$font_faces = get_children(
+			array(
+				'post_parent' => $post->ID,
+				'post_type'   => 'wp_font_face',
+			)
+		);
+
+		if ( empty( $font_faces ) ) {
+			/*
+			 * No font faces.
+			 *
+			 * The user can delete the post based on the 'delete_post' meta capability.
+			 */
+			return $caps;
+		}
+
+		// If any of the font faces contain files, the user needs to be able to modify the file system.
+		foreach ( $font_faces as $font_face ) {
+			$font_files = get_post_meta( $font_face->ID, '_wp_font_face_file', false );
+
+			if ( ! empty( $font_files ) ) {
+				$caps[] = 'upload_fonts';
+				// File system caps are required, so no need to check further.
+				break;
+			}
+		}
+		return $caps;
+	}
+
+	// Return existing caps if the post type is not a font family or font face.
+	return $caps;
+}
+
+/**
-/**
+/**
+ * Modify the `delete_post` meta capability for font post types.
+ *
+ * For font families and font faces containing attached font files, file
+ * system access is required by the user in order to delete posts.
+ *
+ * @param string[] $caps    The primitive capabilities required for the given capability.
+ * @param string   $cap     The capability being checked.
+ * @param int      $user_id The user ID.
+ * @param array    $args    Context for the capability check.
+ * @return string[] The modified primitive capabilities required for the given capability.
+ */
+function gutenberg_delete_font_post_meta_caps( $caps, $cap, $user_id, $args ) {
+	if ( in_array( 'do_not_allow', $caps, true ) ) {
+		// It's already known that the user is not allowed to perform the requested capability.
+		return $caps;
+	}
+
+	if ( 'delete_post' !== $cap ) {
+		// This filter is only concerned with the 'delete_post' meta capability.
+		return $caps;
+	}
+
+	$post = get_post( $args[0] );
+	if ( ! $post ) {
+		$caps[] = 'do_not_allow';
+		return $caps;
+	}
+
+	$post_type = get_post_type( $post );
+
+	if ( 'wp_font_face' === $post_type ) {
+		// Are there any font files associated with this font face?
+		$font_files = get_post_meta( $post->ID, '_wp_font_face_file', false );
+
+		if ( empty( $font_files ) ) {
+			/*
+			* No font files.
+			*
+			* The user can delete the post based on the 'delete_post' meta capability.
+			*/
+			return $caps;
+		}
+
+		// The user can only delete the post if they can modify the file system.
+		$caps[] = 'upload_fonts';
+
+		return $caps;
+	}
+
+	if ( 'wp_font_family' === $post_type ) {
+		// Are there any font faces associated with this font family?
+		$font_faces = get_children(
+			array(
+				'post_parent' => $post->ID,
+				'post_type'   => 'wp_font_face',
+			)
+		);
+
+		if ( empty( $font_faces ) ) {
+			/*
+			 * No font faces.
+			 *
+			 * The user can delete the post based on the 'delete_post' meta capability.
+			 */
+			return $caps;
+		}
+
+		// If any of the font faces contain files, the user needs to be able to modify the file system.
+		foreach ( $font_faces as $font_face ) {
+			$font_files = get_post_meta( $font_face->ID, '_wp_font_face_file', false );
+
+			if ( ! empty( $font_files ) ) {
+				$caps[] = 'upload_fonts';
+				// File system caps are required, so no need to check further.
+				break;
+			}
+		}
+		return $caps;
+	}
+
+	// Return existing caps if the post type is not a font family or font face.
+	return $caps;
+}
+
+/**
+ * Filters the user capabilities to grant the 'upload_fonts' capability as necessary.
+ *
+ * To grant the 'upload_fonts' capability, file modifications must be allowed, the fonts directory must be
+ * writable, and the user must have the 'edit_theme_options' capability.
+ *
+ * @since 6.5.0
+ *
+ * @param bool[] $allcaps An array of all the user's capabilities.
+ * @return bool[] Filtered array of the user's capabilities.
+ */
+function gutenberg_maybe_grant_upload_font_cap( $allcaps, $caps ) {
+	if ( ! in_array( 'upload_fonts', $caps, true ) ) {
+		return $allcaps;
+	}
+
+	$fonts_dir = wp_get_font_dir()['path'];
+	if (
+		wp_is_file_mod_allowed( 'can_upload_fonts' ) &&
+		wp_is_writable( $fonts_dir ) &&
+		! empty( $allcaps['edit_theme_options'] )
+	) {
+		$allcaps['upload_fonts'] = true;
+	}
+
+	return $allcaps;
+}
+add_filter( 'user_has_cap', 'gutenberg_maybe_grant_upload_font_cap', 10, 2 );
+
 /**
  * Initializes REST routes.
  *
@@ -303,6 +332,21 @@ function _wp_before_delete_font_face( $post_id, $post ) {
 	add_action( 'before_delete_post', '_wp_before_delete_font_face', 10, 2 );
 }
 
+/**
+ * Filters the block editor settings to enable or disable font uploads according to user capability.
+ *
+ * @since 6.5.0
+ *
+ * @param array $settings Block editor settings.
+ * @return array Block editor settings.
+ */
+function gutenberg_font_uploads_settings( $settings ) {
+	$settings['fontUploadsEnabled'] = current_user_can( 'upload_fonts' );
+
+	return $settings;
+}
+add_filter( 'block_editor_settings_all', 'gutenberg_font_uploads_settings' );
+
 // @core-merge: Do not merge this back compat function, it is for supporting a legacy font family format only in Gutenberg.
 /**
  * Convert legacy font family posts to the new format.

diff --git a/packages/edit-site/src/components/global-styles/font-library-modal/font-collection.js b/packages/edit-site/src/components/global-styles/font-library-modal/font-collection.js
@@ -23,6 +23,8 @@ import {
 import { debounce } from '@wordpress/compose';
 import { sprintf, __, _x } from '@wordpress/i18n';
 import { search, closeSmall } from '@wordpress/icons';
+import { useSelect } from '@wordpress/data';
+import { store as editorStore } from '@wordpress/editor';
 
 /**
  * Internal dependencies
@@ -215,6 +217,7 @@ function FontCollection( { slug } ) {
 			<InstallFooter
 				handleInstall={ handleInstall }
 				isDisabled={ fontsToInstall.length === 0 }
+				selectedFont={ selectedFont }
 			/>
 		);
 	} else if ( ! renderConfirmDialog && totalPages > 1 ) {
@@ -400,16 +403,26 @@ function PaginationFooter( { page, totalPages, setPage } ) {
 	);
 }
 
-function InstallFooter( { handleInstall, isDisabled } ) {
+function InstallFooter( { handleInstall, isDisabled, selectedFont } ) {
 	const { isInstalling } = useContext( FontLibraryContext );
 
+	const fontUploadsEnabled = useSelect( ( select ) => {
+		const { getEditorSettings } = select( editorStore );
+		return getEditorSettings().fontUploadsEnabled;
+	}, [] );
+
+	const isInstallButtonDisabled =
+		isDisabled ||
+		isInstalling ||
+		( ! fontUploadsEnabled && selectedFont?.fontFace?.length );
+
 	return (
 		<Flex justify="flex-end">
 			<Button
 				variant="primary"
 				onClick={ handleInstall }
 				isBusy={ isInstalling }
-				disabled={ isDisabled || isInstalling }
+				disabled={ isInstallButtonDisabled }
 				__experimentalIsFocusable
 			>
 				{ __( 'Install' ) }

diff --git a/packages/edit-site/src/components/global-styles/font-library-modal/index.js b/packages/edit-site/src/components/global-styles/font-library-modal/index.js
@@ -6,6 +6,9 @@ import {
 	Modal,
 	privateApis as componentsPrivateApis,
 } from '@wordpress/components';
+import { store as coreStore } from '@wordpress/core-data';
+import { useSelect } from '@wordpress/data';
+import { store as editorStore } from '@wordpress/editor';
 import { useContext } from '@wordpress/element';
 
 /**
@@ -19,16 +22,15 @@ import { unlock } from '../../../lock-unlock';
 
 const { Tabs } = unlock( componentsPrivateApis );
 
-const DEFAULT_TABS = [
-	{
-		id: 'installed-fonts',
-		title: __( 'Library' ),
-	},
-	{
-		id: 'upload-fonts',
-		title: __( 'Upload' ),
-	},
-];
+const DEFAULT_TAB = {
+	id: 'installed-fonts',
+	title: __( 'Library' ),
+};
+
+const UPLOAD_TAB = {
+	id: 'upload-fonts',
+	title: __( 'Upload' ),
+};
 
 const tabsFromCollections = ( collections ) =>
 	collections.map( ( { slug, name } ) => ( {
@@ -44,11 +46,24 @@ function FontLibraryModal( {
 	defaultTabId = 'installed-fonts',
 } ) {
 	const { collections, setNotice } = useContext( FontLibraryContext );
+	const canUserCreate = useSelect( ( select ) => {
+		const { canUser } = select( coreStore );
+		return canUser( 'create', 'font-families' );
+	}, [] );
+	const fontUploadsEnabled = useSelect( ( select ) => {
+		const { getEditorSettings } = select( editorStore );
+		return getEditorSettings().fontUploadsEnabled;
+	}, [] );
+
+	const tabs = [ DEFAULT_TAB ];
+
+	if ( canUserCreate ) {
+		if ( fontUploadsEnabled ) {
+			tabs.push( UPLOAD_TAB );
+		}
 
-	const tabs = [
-		...DEFAULT_TABS,
-		...tabsFromCollections( collections || [] ),
-	];
+		tabs.push( ...tabsFromCollections( collections || [] ) );
+	}
 
 	// Reset notice when new tab is selected.
 	const onSelect = () => {

diff --git a/packages/edit-site/src/components/global-styles/font-library-modal/installed-fonts.js b/packages/edit-site/src/components/global-styles/font-library-modal/installed-fonts.js
@@ -12,6 +12,8 @@ import {
 	Spinner,
 	FlexItem,
 } from '@wordpress/components';
+import { store as coreStore } from '@wordpress/core-data';
+import { useSelect } from '@wordpress/data';
 
 /**
  * Internal dependencies
@@ -38,6 +40,20 @@ function InstalledFonts() {
 	} = useContext( FontLibraryContext );
 	const [ isConfirmDeleteOpen, setIsConfirmDeleteOpen ] = useState( false );
 
+	const customFontFamilyId =
+		libraryFontSelected?.source === 'custom' && libraryFontSelected?.id;
+
+	const canUserDelete = useSelect(
+		( select ) => {
+			const { canUser } = select( coreStore );
+			return (
+				customFontFamilyId &&
+				canUser( 'delete', 'font-families', customFontFamilyId )
+			);
+		},
+		[ customFontFamilyId ]
+	);
+
 	const handleUnselectFont = () => {
 		handleSetLibraryFontSelected( null );
 	};
@@ -84,7 +100,9 @@ function InstalledFonts() {
 		: null;
 
 	const shouldDisplayDeleteButton =
-		!! libraryFontSelected && libraryFontSelected?.source !== 'theme';
+		!! libraryFontSelected &&
+		libraryFontSelected?.source !== 'theme' &&
+		canUserDelete;
 
 	useEffect( () => {
 		handleSelectFont( libraryFontSelected );

diff --git a/packages/editor/src/store/defaults.js b/packages/editor/src/store/defaults.js
@@ -10,6 +10,7 @@ import { SETTINGS_DEFAULTS } from '@wordpress/block-editor';
  * @property {boolean}       richEditingEnabled    Whether rich editing is enabled or not
  * @property {boolean}       codeEditingEnabled    Whether code editing is enabled or not
  * @property {boolean}       fontLibraryEnabled    Whether the font library is enabled or not.
+ * @property {boolean}       fontUploadsEnabled    Whether uploading fonts in the font library is enabled or not.
  * @property {boolean}       enableCustomFields    Whether the WordPress custom fields are enabled or not.
  *                                                 true  = the user has opted to show the Custom Fields panel at the bottom of the editor.
  *                                                 false = the user has opted to hide the Custom Fields panel at the bottom of the editor.
@@ -28,6 +29,7 @@ export const EDITOR_SETTINGS_DEFAULTS = {
 	richEditingEnabled: true,
 	codeEditingEnabled: true,
 	fontLibraryEnabled: true,
+	fontUploadsEnabled: true,
 	enableCustomFields: undefined,
 	defaultRenderingMode: 'post-only',
 };