Role-based authorization is for the portal, the page and the individual portlet instance. It is not for portlet modes. I don't think that extending an API would help - you would also need some mechanism to enable an administrator to set the permission and you would also have to change the layout managers to use the permissions to display or hide the mode icons.
Ok, but reading JSR-168 spec (pag. 35), I have noticed this:
The availability of the portlet modes, for a portlet, may be restricted to specific user roles
by the portal. For example, anonymous users could be allowed to use the VIEW and HELP
portlet modes but only authenticated users could use the EDIT portlet mode.
I think this is optional for a JSR-168 implementation, so, in this case, is better to create separate Portlets to View and Edit datas, if I need different permissions for to modes, right?
just fyi. As part of our roadmap we are designing a completely new Security engine with much more robust authorization component. This will be used to support much more complex yet practical rule based access control for Portal resources.
To follow developments on this component here is a starting point.
As things progress, we will keep the communication channel open so we can get valuable feedback and contribution. Especially various usecases that this component should support by design.