Major Feature #5659
Implement content security
This ticket is a placeholder for all commits related to content security. Obviously this feature still needs to be described properly.
In general, content security will be handled by aspects affecting the persistence framework enforcing policies for all kinds of operations related to content (i.e. objects and their properties).
Updated by Sebastian Kurfuerst over 11 years ago
I saw that you removed the request hash again, with the argument "... it puts content security into Fluid templates..."
I disagree here, it just makes sure that only displayed form fields can be updated as well. In particular this is crucial with the [__identity] property being set or not set, and I still think that this part should be determined from the Fluid template.
Curious about your ideas, how you want to solve this issue :-) Maybe we should make a phone call soon?