Why is this not in the Core?

[baschny]

Just a controversial issue / question:

Why is this functionality not part of the "Neos Core"? Overlaying a whole ACL concept via an external package and AOP seems to be absurd, as I would expect some ACL already in place in the content repository from "start".

Are there any plans to have this functionality part of the neos (or content repository) core? Maybe with the "new content repository"?

For us in particular this is a major selling argument for TYPO3 as an "enterprise" system: the complex ACL has been part of the core since the beginning (of course we also love EXT:be_acl as a nice add-on..). For Neos we currently abstain to recommend it for sites with "multiple diverging" editing needs mainly due to lack of ACL and customization / limitation possibilities of the backend for different sets of users.

[skurfuerst]

Hey Ernesto ❤️ Nothing controversial about this question 👍

First, ACLs are "basically" part of the core (as this package builds upon the core privileges in the Security system; and makes them configurable at runtime). This package also restricts the possible configuration options to a more limited set (which I believe is sensible).

The main reason this is not (yet) in the core is two-fold:

• we want to gain experience and see if the approach works before shipping a half-baked version in the core - so I definitely see this mid-term in the core 👍
• this approach won't be used with the event-sourced CR; but there we'll very likely have a custom security solution which takes into account the learnings of working with the current Security framework :)

All the best,
and hear you hopefully soon,
Sebastian