Can you lock that to a user, so the can not add the missing view?
Certainly you can! policy "sensitive" controls (among other features) whether user see or does not see the "design skin" button. (I just tested it myself)
Since you need a username and password to login to the web, can you prevent the same user from login using Winbox (mac-connection)?
Again - yes. All you need is to disable corresponding policies.
For my testing, i ended up with following user group:
add name=wireless policy="read,write,web,!local,!telnet,!ssh,!ftp,!reboot,!policy,!test,!winbox,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp" skin=wireless
With this, user can't login via local console, ssh, winbox, telnet (including mac-winbox and mac-telnet) and others....
Only allowed is "web" service. User can read/write setting but thanks to limited skin, nothing except wireless password can be changed.
This method may not be 100% secure agains hackers but c'mon - all you need is hide stuff from common folks so they don't play with buttons they don't understand.