feat(config): allow restriction and disabling of uploads

Previously, image uploads were always allowed, unless `CMD_ALLOW_ANONYMOUS=false` and `CMD_ALLOW_ANONYMOUS_EDITS=false`.
This PR adds a new config option `CMD_ENABLE_UPLOADS` to configure image uploads independently. There are three different modes: `all` (everyone can upload, guests too), `registered` (only registered and logged-in users can upload images), and `none` to completely disable image uploads.
The default value is non-breaking as it is `all`, unless the config `CMD_ALLOW_ANONYMOUS=false` and `CMD_ALLOW_ANONYMOUS_EDITS=false` is set, in which case the value is `registered`.
The UI will reflect the setting and either show or hide the upload button.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>

public/docs/release-notes.md

@@ -2,6 +2,11 @@
 
 ## <i class="fa fa-tag"></i> 1.x.x <i class="fa fa-calendar-o"></i> UNRELEASED
 
+### Enhancements
+
+- Add `enableUploads` (`CMD_ENABLE_UPLOADS`) config option to restrict uploads to `registered` users, `all` users or
+  `none` to completely disable uploads.
+
 ### Bugfixes
 - Ignore the healthcheck endpoint in the "too busy" limiter
 

public/js/index.js

@@ -1079,6 +1079,10 @@ function changeMode (type) {
     // add and update tool bar
     if (!editorInstance.toolBar) {
       editorInstance.addToolBar()
+      const uploadButtonVisible = window.enableUploads === 'all' || (window.enableUploads === 'registered' && personalInfo.login)
+      if (!uploadButtonVisible) {
+        $('#uploadImage').remove()
+      }
     }
     // work around foldGutter might not init properly
     editor.setOption('foldGutter', false)

public/js/lib/common/constant.ejs

@@ -3,6 +3,7 @@ window.urlpath = '<%- urlpath %>'
 window.debug = <%- debug %>
 window.version = '<%- version %>'
 
+window.enableUploads = '<%- enableUploads %>'
 window.allowedUploadMimeTypes = <%- JSON.stringify(allowedUploadMimeTypes) %>
 
 window.linkifyHeaderStyle = '<%- linkifyHeaderStyle %>'