You can do this with the roles and policies. The only caveat is that you cannot change it for admin level users because their permissions are set to all access.
We do this for our editors by setting parent node based permissions. So, users can create an Event only if the parent class is Calendar. What happens is we end up with a limited list of class choices that are the containers, and then separate lists of choices depending on the type of container the user to attempting to add a sub-item to.
Our policies look like this:
content create Class( FAQ Question ) , ParentClass( FAQ List )
content create Class( Event ) , ParentClass( Calendar )
content create Class( Forum topic ) , ParentClass( Forum ) content create Class( Forum reply ) , ParentClass( Forum topic )
The editing rights are much more basic, but the content create module allows very fine control. We then apply these rules with subtree limitations to control where different user groups can create new content.