I'm new to Mosaic and think I am running into a similar issue. I'd like to have a class of users that can edit a page but not change the layout, at least on some pages. As far as I can tell, mosaic and tiles do not have any custom permissions associated at all so this isn't really possible to configure.
I would have thought this was a fairly common use case though, surely someone has come up with some kind of solution? An inelegant one would be to have a style resource that hides the Layout button, and have this loaded conditionally based on some permission. Obviously that isn't an actual security solution, but we're just trying to save users from themselves here.
I did not find a solution, so I ended up with a custom content type and a custom view (see below). I tried several approaches, but especially with my theme that relies heavily on theme fragments ( almost the whole site is built with fragments), it looks like the fragments gets saved 'anyway' (even if some field are 'restricted'). I am not sure if tiles have the same problem (for example with (special) permissions on certain fields.)
That said: If if is OK to let users change ALL page content, but not change the 'view', I think it is much easier. Maybe just dont 'share' the views (so there is only one available for 'normal users'.?
I made some settings to change the view (so if image is present, use layout version A, if not: use layout version B etc)
Awesome, thank you! After not seeing anything that looked relevant in the Security tab I looked at the code for a rolemap.xml in plone.app.mosaic, plone.tiles, plone.app.tiles, and plone.app.standardtiles. Apparently these permissions are in plone.app.blocks
Probably badly explained by me: What I meant is that if you set permissions on some fields of a (fragment) tile, all fields are still saved (so you end up with an empty field'. My goal was to keep some parts of the page (some fields) uneditable for most users.
I guess I'm not fully understanding what you're doing. Can we see an example? If you want to allow editing of different subthings based on permissions then I'd be using a content type for which you define permissions on the add/edit form, and you create a different view form that renders however you need.
What I needed was (also) to let someone ( headmaster) edit some content of a fragmentile / some of the tiles, and someone else (teacher) to add others.
Adding the fields to the content type (instead of adding them to the fragment) solves this, but then it was as easy to just make templates.
Conclusion: In the XML file of a theme fragment, you can set the same permissions on fields as on a content type. Unfortunately, those fields that you don't have permissions to will save as empty (instead of what was the original value). The workaround is to define the fields in the content type, and have a fragment.pt that shows context/some_fields , but this is a bit confusing for some (especially teachers (?) )