Vulnerability in EPiServer.Forms
I am looking for an option to disable the move action in the content tree for certain user groups. Is there a way to disable this in Episerver 6?
I have been looking on the access rights options (Create, read, change, delete, administer, publish) but neither of the actions there inlcude the ability to only disable move, at least what I've seen.
Dont think it exist out of the box. An option is to listen on the moving event from Datafactory and then react accordingly (allow / cancel) depending on the role of the user.
In that case it's best to set it up in an initializable module like...
public class PageEventModule : IInitializableModule
public void Initialize(InitializationEngine context)
DataFactory.Instance.MovingPage += InstanceMovingPage;
protected void InstanceMovingPage(object sender, PageEventArgs e)
...Check on role, target page etc and then cancel action if needed
e.CancelAction = true;
e.CancelReason = "Not allowed!";
public void Uninitialize(InitializationEngine context)
DataFactory.Instance.MovingPage -= InstanceMovingPage;
Thank you, Daniel. Will definitely check it out.