Templating: Prevent editing of templates and partial views in production runtime mode (closes #21564)

[AndyButland]

Description

This PR addresses #21564 which points out that we don't have the same behaviour in 17 as we do in 13 when it comes to surfacing information about templates and partial views being restricted for editing when running in production runtime mode.

The following updates are introduced:

• Prevents editing of templates and partial views when Umbraco is running in Production runtime mode.
• For templates: blocks create/delete operations fully; blocks content changes but allows metadata updates (e.g., name).
• For partial views: blocks all create, update, delete, and rename operations.
• Adds server-side validation at the service layer with appropriate operation status codes.
• Updates the backoffice UI to remove entity actions, hide the save button, show a warning banner, and make editors read-only when running in production mode.

Change Details

Server-side

• Added NotAllowedInProductionMode status to PartialViewOperationStatus.
• Added NotAllowedInProductionMode and ContentChangeNotAllowedInProductionMode statuses to TemplateOperationStatus.
• Updated PartialViewService to check runtime mode and block modifications in production.
• Updated TemplateService to check runtime mode, blocking create/delete fully and content changes on update.
• Updated API controllers to return appropriate error responses for the new statuses.

Client-side

• Added IsProductionMode condition for workspace actions.
• Hidden save button in production mode via workspace action conditions.
• Added warning banner in template and partial view workspace editors.
• Set code editors to read-only in production mode.
• Disabled interactive buttons (insert menu, query builder, etc.) in production mode.

Tests

• Added integration tests for PartialViewService production mode behaviour.
• Added integration tests for TemplateService production mode behaviour.

UX

For the warning message, I couldn't find an existing example to copy styling-wise, so have used the available colour variables to make something that looks good (to my eyes at least).

However in FE review it could be you'll want to change this, either stylistically or to make consistent with some other similar informational label.

Testing

To set up for testing:

• Configure Umbraco:CMS:Runtime:Mode to Production in appsettings.json
• Configure Umbraco:CMS:ModelsBuilder:ModelsMode to None in appsettings.json
• On start-up you'll likely get warnings about other things you need to do to run in production mode. If you want to avoid setting all that up, you can temporarily amend RuntimeModeValidationService.Validate to early return with validationErrorMessage = null; return true;.

Then you can check the following:

• Open template workspace - verify save button is hidden, editor is read-only, warning message displayed.
• Open partial view workspace - verify save button is hidden, editor is read-only, warning message displayed.
• Verify API calls returns 400 when attempting to create/update/delete templates or partial views. Here you can use a GET request to retrieve the details of the template/partial view, then a PUT to update and check the response. In particular note that for templates, updates are allowed unless there's an attempt to change the file content.

Normal editing should work when production mode is not enabled.

[Copilot]

Pull request overview

Prevents editing of templates and partial views when Umbraco is running in Production runtime mode, enforcing restrictions both server-side (services/API) and client-side (backoffice UI), with added integration tests.

Changes:

• Add new operation statuses and enforce production-mode restrictions in TemplateService and PartialViewService (plus API error mapping).
• Update backoffice templating editors/actions to become read-only and hide/disable save and editing affordances in production mode.
• Add integration tests for production-mode behavior and extend repository tests around file writing behavior by runtime mode.

Reviewed changes

Copilot reviewed 27 out of 27 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/TemplateServiceTests.cs	Adds production-mode service tests for template create/delete/update behavior.
tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Persistence/Repositories/TemplateRepositoryTest.cs	Adds runtime-mode-dependent repository save tests (file write suppression in production).
tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Persistence/Repositories/PartialViewRepositoryTests.cs	Updates repository construction and adds runtime-mode-dependent file write tests for partial views.
tests/Umbraco.Tests.Integration/Umbraco.Core/Services/PartialViewServiceTests.cs	Adds production-mode service tests for partial view create/update/delete/rename behavior.
src/Umbraco.Web.UI.Client/src/packages/templating/workspace-editor-styles.ts	Introduces shared templating workspace editor styles and production warning banner styles.
src/Umbraco.Web.UI.Client/src/packages/templating/templates/workspace/template-workspace-editor.element.ts	Makes template editor read-only in production and adds warning banner + disables actions.
src/Umbraco.Web.UI.Client/src/packages/templating/templates/workspace/manifests.ts	Hides/disables template save workspace action in production via condition.
src/Umbraco.Web.UI.Client/src/packages/templating/partial-views/workspace/partial-view-workspace-editor.element.ts	Makes partial view editor read-only in production and adds warning banner + disables actions.
src/Umbraco.Web.UI.Client/src/packages/templating/partial-views/workspace/manifests.ts	Hides/disables partial view save workspace action in production via condition.
src/Umbraco.Web.UI.Client/src/packages/core/server/server.context.ts	Adds server information fetching and derives an isProductionMode observable for UI gating.
src/Umbraco.Web.UI.Client/src/packages/core/server/manifests.ts	Registers server-related condition manifests.
src/Umbraco.Web.UI.Client/src/packages/core/server/index.ts	Exports server conditions for consumption by other packages.
src/Umbraco.Web.UI.Client/src/packages/core/server/conditions/types.ts	Adds config typing for “is production mode” condition.
src/Umbraco.Web.UI.Client/src/packages/core/server/conditions/manifests.ts	Registers “Server Is Production Mode” condition.
src/Umbraco.Web.UI.Client/src/packages/core/server/conditions/is-production-mode.condition.ts	Implements condition logic for extension gating based on production mode.
src/Umbraco.Web.UI.Client/src/packages/core/server/conditions/index.ts	Exports condition constants/types.
src/Umbraco.Web.UI.Client/src/packages/core/server/conditions/constants.ts	Defines the production-mode condition alias constant.
src/Umbraco.Web.UI.Client/src/packages/core/manifests.ts	Wires server manifests into the core manifest bundle.
src/Umbraco.Web.UI.Client/src/assets/lang/en.ts	Adds localized string for production-mode non-editable warning.
src/Umbraco.Infrastructure/Persistence/Repositories/Implement/PartialViewRepository.cs	Injects runtime settings and prevents filesystem writes for partial views in production mode.
src/Umbraco.Core/Services/TemplateService.cs	Adds runtime-mode checks to block create/delete and block content changes on update in production.
src/Umbraco.Core/Services/PartialViewService.cs	Adds runtime-mode checks to block create/update/delete/rename in production.
src/Umbraco.Core/Services/OperationStatus/TemplateOperationStatus.cs	Adds production-mode-related operation statuses for templates.
src/Umbraco.Core/Services/OperationStatus/PartialViewOperationStatus.cs	Adds production-mode-related operation status for partial views.
src/Umbraco.Core/DependencyInjection/UmbracoBuilder.cs	Updates DI registration to use ActivatorUtilities to support new constructors.
src/Umbraco.Cms.Api.Management/Controllers/Template/TemplateControllerBase.cs	Maps new template operation statuses to 400 responses with clearer problem details.
src/Umbraco.Cms.Api.Management/Controllers/PartialView/PartialViewControllerBase.cs	Maps new partial view operation status to 400 response with problem details.

[Zeegaan]

I can't really comment on the frontend changes, other than it works for me 🙈

Just have 1 small thing from a backend perspective 😁

[Zeegaan]

Looks good from a backend perspective and the frontend works 😁

[madsrasmussen]

FE comments:

The conditions work as expected. The individual actions are removed when running in Production Mode. I have left a few inline comments suggesting an alternative approach to the warning bar. It is a UI concept we would like to avoid at this point.

I can still open the insert menu. The value does not get inserted, but it feels a little off that this button is still enabled.

[AndyButland]

Thanks for the review and feedback @madsrasmussen. I've addressed it, so the disabled feature now looks like this (I've put the longer phrase I had before in the warning bar as a tooltip on the tag).

The insert button and drop-down next to it are now disabled too.

[KevinJump]

Hi,

Just to clarify, this update now makes it not possible to create a template via code in production mode ?

if so, what it the supported method for creating new templates on existing sites that are in production mode ? e.g

1. User has site, it is in production mode.
2. created new template on development site (this creates the file and the db entry)
3. publishes site in production mode
4. site files will contain template but database will not contain the temoplate entry.

the template entry is needed as the id is still used in ContentTypes and Content items ?

previously uSync would create the template and then remove the subsequent view from disk, (so this was a hack and it's good to know that bit has gone).

but i don't see how new template db entries can now end up in the production database ?

is there a method to call that skips the verify so it can be done?

is it to go via the repository layer? i can see that will save, but it doesn't seem the right way to go?

[AndyButland]

This is an oversight I would say @KevinJump - it's correct that we have server-side validation as well as enforcing this on the client, but on reflection I can see it's wrong in the service layer, and should be moved to the management API.

I'm looking to address this in #22383.

[AndyButland]

The service level changes will be reverted via #22383 in 17.3.2.