How do I stop a product create/save/delete using observers?

Question

I am trying to disable a users ability to create / edit / delete a product based on acl permissions. I have built the permissions correctly and tested them to assure they work. I can check of a permission like so:

Mage::getSingleton('admin/session')->isAllowed('add_product');

This is the name I gave my add_product acl. I also have a edit_product and delete_product acl properly created.

I need to stop a product from saving or creating or deleted based on this permissions.

This is my xml snippet that calls the observer for the given event:

<catalog_product_save_before>
    <observers>
        <mymodule>
            <type>singleton</type>
            <class>Namespace_Mymodule_Model_Observer</class>
            <method>catalog_product_save_before</method>
        </mymodule>
    </observers>
</catalog_product_save_before>

And my Observer Class:

class Namespace_Mymodule_Model_Observer {

    public function catalog_product_save_before($observer) {

        if( ! Mage::getSingleton('admin/session')->isAllowed('add_product') ) {
            //stop creating the product
        }

    }
}

My question is two fold.

First, what observers should I be using for creating a product, deleting a product, and editing a product? I believe the above event is triggered only before a product is edited. Is this true? What other events should I be observing?

Second, once I observe the correct event. How do i tell magento "don't save" or "skip saving"? Same applies for creating and deleting? What about on image upload?

I have added changes to several blocks to remove certain buttons based on these acl's. I want to make sure I am stopping all actions and not just the buttons I have found.

Answer 1

In case you need to prevent the save method to execute for a core model (i.e. Catalog/Product), you can use reflection to set "$_dataSaveAllowed" to false:

   public function catalogProductSaveBefore($observer)
    {
        try {
            $product = $observer->getProduct();

            $reflectionClass = new ReflectionClass('Mage_Catalog_Model_Product');
            $reflectionProperty = $reflectionClass->getProperty('_dataSaveAllowed');
            $reflectionProperty->setAccessible(true);
            $reflectionProperty->setValue($product, false);
        } catch (Exception $e) {
                Mage::log($e->getMessage());
        }

        return $this;
    }

Answer 2

I think you can try snippet described in following article

http://blog.goods-pro.com/2137/create-a-read-only-privilege-magento-admin-panel-user/