Vulnerability in EPiServer.Forms
I was planning to submit this as a bug, but I'm placing it here instead, since this might be a huge problem in several projects. This is the scenario that casues the edit mode to fail:
BUT, if the editor with limited access instead uses the page tree (the gadget), this error will not occur, since the published version will be loaded and displayed instead.
This is clearly a major problem for websites with a large number of editors, were every editor has access to specifc parts of the website. Common on smaller intranets aswell. We will probably require a hotfix for this in one of our current projects, before we can relase it. The customer will probably not enjoy the workaround, which basically is to give all editors complete access (perhaps not publish access is required for this to work, haven't verified that).
If you haven't already, submit a bug report for this too. The core team does not see every forum post.