Recently, while working on an EPiServer CMS5 R2 website build I was required to lock down the editors rights. The project required users to only be able to edit and publish pages, not create or delete them.
Controlling an editors rights within Edit Mode, the full screen, Windows explorer like console, is not an issue. All you need to do is modify their access rights and remove Create and Delete permission from the Root folder down.
Unfortunately, the Direct On Page Editing, or DOPE, accessed on page from the right click context menu, does not seam to take any notice of this.
The standard EPiServer on page edit menu.
Even with Create permission removed, editors still have access to the New menu option.
Also, personally I am not a fan of the On Screen editing option. I would rather make the editor use the full screen editors available via Quick-Edit or Edit Mode.
Unfortunately, there is no way to specify which menu options are available through the EPiServer context menu.
The simple way, would be to remove the menu altogether. To do this you set your template page class to inherit from EPiServer.SimplePage rather than the usual EPiServer.TemplatePage. The SimplePage does not support the context menu and this removes the problem.
If however you wish to keep the menu, but be able to remove certain options the only option is to create your own class that inherits from EPiServer.TemplatePage and modify the Menu options enabled state.
Turning off the menu options turned out to be rather simple. The EPiServer.TemplatePage has a property called ContextMenu. This allows access to the Menu object and a MenuItems collection that represents the elements of the menu.
The MenuItems have a property called EnabledScript. This property must contain some JavaScript, which needs to return a Boolean value, specifying if that MenuItem is active when the menu is rendered. All you need to do is set this property to "false" and the menu option you want is disabled.
The menu is created and populated when the page is loaded, so a little piece of code, run as part of the pages OnLoad event, will allow you to set the items active state.
Obviously you need a way to set which values you want to disable, so a simple delimited string value in the Web.Config appSettings collection allows for easy configuration.
Code Example:
if (!(string.IsNullOrEmpty(
WebConfigurationManager.AppSettings["DisabledMenuOptions"]);
{
string[] DisabledMenuOptions =
WebConfigurationManager.AppSettings["DisabledMenuOptions"]
.Split(new char[] {'|'});
for (int i = 0; i < this.ContextMenu.Menu.Items.Count; i++ )
{
if (DisabledMenuOptions.Contains(
this.ContextMenu.Menu.Items[i].Caption))
{
this.ContextMenu.Menu.Items[i].EnabledScript = "false";
}
}
}
Example AppSettings entry
<add key="DisabledMenuOptions" value="Edit|Save and Publish|Cancel|New|Quick-edit"/>