From 3f6246663292bac323ed3ff61efd13a1359aaf5a Mon Sep 17 00:00:00 2001
From: Grant Kinney <hi@grant.mk>
Date: Thu, 15 Feb 2024 12:16:22 -0600
Subject: [PATCH 1/2] Add setting for disabling font upload tab

---
 lib/compat/wordpress-6.5/fonts/fonts.php        |  9 +++++++++
 .../global-styles/font-library-modal/index.js   | 17 +++++++++++++----
 packages/editor/src/store/defaults.js           |  2 ++
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/lib/compat/wordpress-6.5/fonts/fonts.php b/lib/compat/wordpress-6.5/fonts/fonts.php
index 1f29645a9c2b90..b269e4fcfc02c3 100644
--- a/lib/compat/wordpress-6.5/fonts/fonts.php
+++ b/lib/compat/wordpress-6.5/fonts/fonts.php
@@ -216,6 +216,15 @@ function wp_get_font_dir( $defaults = array() ) {
 	}
 }
 
+function gutenberg_font_upload_settings( $settings ) {
+	$fonts_dir = wp_get_font_dir()['path'];
+
+	$settings['fontUploadEnabled'] = wp_is_file_mod_allowed( 'can_upload_fonts' ) && wp_is_writable( $fonts_dir );
+
+	return $settings;
+}
+add_filter( 'block_editor_settings_all', 'gutenberg_font_upload_settings' );
+
 // @core-merge: Filters should go in `src/wp-includes/default-filters.php`,
 // functions in a general file for font library.
 if ( ! function_exists( '_wp_after_delete_font_family' ) ) {
diff --git a/packages/edit-site/src/components/global-styles/font-library-modal/index.js b/packages/edit-site/src/components/global-styles/font-library-modal/index.js
index dc0fcd7ea373b0..73e578ba7a1e88 100644
--- a/packages/edit-site/src/components/global-styles/font-library-modal/index.js
+++ b/packages/edit-site/src/components/global-styles/font-library-modal/index.js
@@ -7,6 +7,8 @@ import {
 	privateApis as componentsPrivateApis,
 } from '@wordpress/components';
 import { useContext } from '@wordpress/element';
+import { store as editorStore } from '@wordpress/editor';
+import { useSelect } from '@wordpress/data';
 
 /**
  * Internal dependencies
@@ -24,12 +26,13 @@ const DEFAULT_TABS = [
 		id: 'installed-fonts',
 		title: __( 'Library' ),
 	},
-	{
-		id: 'upload-fonts',
-		title: __( 'Upload' ),
-	},
 ];
 
+const UPLOAD_TAB = {
+	id: 'upload-fonts',
+	title: __( 'Upload' ),
+};
+
 const tabsFromCollections = ( collections ) =>
 	collections.map( ( { slug, name } ) => ( {
 		id: slug,
@@ -44,9 +47,15 @@ function FontLibraryModal( {
 	defaultTabId = 'installed-fonts',
 } ) {
 	const { collections, setNotice } = useContext( FontLibraryContext );
+	const fontUploadEnabled = useSelect(
+		( select ) =>
+			select( editorStore ).getEditorSettings().fontUploadEnabled,
+		[]
+	);
 
 	const tabs = [
 		...DEFAULT_TABS,
+		...( fontUploadEnabled ? [ UPLOAD_TAB ] : [] ),
 		...tabsFromCollections( collections || [] ),
 	];
 
diff --git a/packages/editor/src/store/defaults.js b/packages/editor/src/store/defaults.js
index e4f86b3a7dfb21..9541fda159e617 100644
--- a/packages/editor/src/store/defaults.js
+++ b/packages/editor/src/store/defaults.js
@@ -10,6 +10,7 @@ import { SETTINGS_DEFAULTS } from '@wordpress/block-editor';
  * @property {boolean}       richEditingEnabled    Whether rich editing is enabled or not
  * @property {boolean}       codeEditingEnabled    Whether code editing is enabled or not
  * @property {boolean}       fontLibraryEnabled    Whether the font library is enabled or not.
+ * @property {boolean}       fontUploadEnabled     Whether uploading fonts in the font library is enabled or not.
  * @property {boolean}       enableCustomFields    Whether the WordPress custom fields are enabled or not.
  *                                                 true  = the user has opted to show the Custom Fields panel at the bottom of the editor.
  *                                                 false = the user has opted to hide the Custom Fields panel at the bottom of the editor.
@@ -28,6 +29,7 @@ export const EDITOR_SETTINGS_DEFAULTS = {
 	richEditingEnabled: true,
 	codeEditingEnabled: true,
 	fontLibraryEnabled: true,
+	fontUploadEnabled: true,
 	enableCustomFields: undefined,
 	defaultRenderingMode: 'post-only',
 };

From 2e1d6c62f88c0797b087c3b12fc3c8122a541820 Mon Sep 17 00:00:00 2001
From: Grant Kinney <hi@grant.mk>
Date: Thu, 15 Feb 2024 13:15:21 -0600
Subject: [PATCH 2/2] Falls back to using remote font urls if uploading is not
 allowed

---
 .../class-wp-rest-font-faces-controller.php   | 20 +++++++++++++++++++
 .../font-library-modal/font-collection.js     | 13 +++++++++---
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/lib/compat/wordpress-6.5/fonts/class-wp-rest-font-faces-controller.php b/lib/compat/wordpress-6.5/fonts/class-wp-rest-font-faces-controller.php
index 8a4040e3397e0c..1a38aa4de18e05 100644
--- a/lib/compat/wordpress-6.5/fonts/class-wp-rest-font-faces-controller.php
+++ b/lib/compat/wordpress-6.5/fonts/class-wp-rest-font-faces-controller.php
@@ -326,6 +326,14 @@ public function create_item( $request ) {
 			$settings    = $request->get_param( 'font_face_settings' );
 			$file_params = $request->get_file_params();
 
+			if ( ! empty( $file_params ) && ! $this->can_upload_fonts() ) {
+				return new WP_Error(
+					'rest_cannot_upload_fonts',
+					__( 'You are not allowed to upload font files.', 'gutenberg' ),
+					array( 'status' => 403 )
+				);
+			}
+
 			// Check that the necessary font face properties are unique.
 			$query = new WP_Query(
 				array(
@@ -903,6 +911,18 @@ public function handle_font_file_upload_error( $file, $message ) {
 			return new WP_Error( $code, $message, array( 'status' => $status ) );
 		}
 
+		/**
+		 * Checks if fonts can be uploaded to the site.
+		 *
+		 * @since 6.5.0
+		 *
+		 * @return bool Whether font assets can be upload.
+		 */
+		protected function can_upload_fonts() {
+			$fonts_dir = wp_get_font_dir()['path'];
+			return wp_is_file_mod_allowed( 'can_upload_fonts' ) && wp_is_writable( $fonts_dir );
+		}
+
 		/**
 		* Returns relative path to an uploaded font file.
 		*
diff --git a/packages/edit-site/src/components/global-styles/font-library-modal/font-collection.js b/packages/edit-site/src/components/global-styles/font-library-modal/font-collection.js
index 6236ea8fe3f246..c0ef746e79e31a 100644
--- a/packages/edit-site/src/components/global-styles/font-library-modal/font-collection.js
+++ b/packages/edit-site/src/components/global-styles/font-library-modal/font-collection.js
@@ -23,6 +23,8 @@ import {
 import { debounce } from '@wordpress/compose';
 import { sprintf, __, _x } from '@wordpress/i18n';
 import { search, closeSmall } from '@wordpress/icons';
+import { store as editorStore } from '@wordpress/editor';
+import { useSelect } from '@wordpress/data';
 
 /**
  * Internal dependencies
@@ -161,13 +163,13 @@ function FontCollection( { slug } ) {
 		setFontsToInstall( [] );
 	};
 
-	const handleInstall = async () => {
+	const handleInstall = async ( shouldUpload = true ) => {
 		setNotice( null );
 
 		const fontFamily = fontsToInstall[ 0 ];
 
 		try {
-			if ( fontFamily?.fontFace ) {
+			if ( fontFamily?.fontFace && shouldUpload ) {
 				await Promise.all(
 					fontFamily.fontFace.map( async ( fontFace ) => {
 						if ( fontFace.src ) {
@@ -398,12 +400,17 @@ function PaginationFooter( { page, totalPages, setPage } ) {
 
 function InstallFooter( { handleInstall, isDisabled } ) {
 	const { isInstalling } = useContext( FontLibraryContext );
+	const fontUploadEnabled = useSelect(
+		( select ) =>
+			select( editorStore ).getEditorSettings().fontUploadEnabled,
+		[]
+	);
 
 	return (
 		<Flex justify="flex-end">
 			<Button
 				variant="primary"
-				onClick={ handleInstall }
+				onClick={ () => handleInstall( fontUploadEnabled ) }
 				isBusy={ isInstalling }
 				disabled={ isDisabled || isInstalling }
 				__experimentalIsFocusable