The goal of this project is to make the frontend login and content security usable for integrators and editors.
Currently it’s some effort to make this work nicely and is a common requirement in many projects.
Make it possible to highlight protected pages/content in tree or in the page (this will need some discussions what can be done)
Give editors better feedback if an action is not permitted by showing a helpful message
Disable backend actions which are not permitted by a users role
TYPO3CR
Finish nodeProperty and parentNodeProperty conditions in NEOS-1458
Flowpack.Neos.FrontendLogin
Redirect after login/logout configurable
Hints on how to start with password reset in documentation (hard to implement in a generic way)
Implement example group visibility mixins
Improve documentation with examples
Tackle issues with csrf tokens and multiple login forms on the same page (First form always takes the token and the second one can’t access it, so just ignore token in index action)
could you elaborate on that a little? Is that about hiding/disabling buttons in the UI mainly?
And one concern regarding Flowpack.Neos.FrontendLogin: I think we should try to keep that as reusable as possible (that’s why I removed a lot of “example”-code from it at some point). The “redirect-feature” is certainly very useful and generic enough. But already the “password reset” can be quite specific to the “business needs” and the technical implementation (i.e. authentication provider…). Therefore I think it needs to be quite configurable or implemented in a separate package that depends on the FrontendLogin.
The other three bullet points are totally valid and it would be great if those were tackled.
Could you add some more details on the “Fix bugs with multiple logins”-part though?
Ok thanks for the feedback, I changed the points accordingly.
I think for the pw reset it’s good to give at least some hints in the documentation when people look for it.