Vulnerability in EPiServer.Forms
I want to disable all users from being able to create HomePage types except 1 specific role. I don't want other users to be able to see the page types when adding pages, but I do want them to be able to edit and publish content on pages already created of that type as normal.
Is that possible? I've had a look at the Access attribute, but you can't have additional Access attributes for each role I need to define access for?
You can set create access on a content type per role in admin mode that will restrict users from creating any content of that type (though copying will unfortunately still work...)
Saidly it is not possible to filter access on that way, either you got access to create and update or no access at all.
This could have changed but at least that is what I know.
You could implement it yourself by listning to the events and disable it from beeing created if the user does not have access (http://world.episerver.com/documentation/Class-library/?documentId=cms/7.5/AB9BAB77).
On other thing you can do is to set homepage pagetype to displayineditmode equals to false after it has been created, in that way it can not be created, but the users can update the pages that has already been created.
Check page 75 (printed 73) on how to set create access on content type in admin handbook.