Websites nowadays are not about publishing content so much any more but also a lot about data handling in extbase.
TYPO3 lacks a very important layer which is the security layer. There are ideas about creating a role based approach with the rbac extension but in this case you can either call an extbase action or not at all.
What is missing is a nice layer for checking permissions if you are allowed to modify data or not.
Speaking about the blog_example, you should be able to edit your own post/comment but not others.
I fell in love with Laravel which has a really great layer for that: https://laravel.com/docs/5.6/authorization
I really love the simple way of calling a policy just by these lines:
if ($user->can('update', $post)) {
//
}
and define in the policy, if you are allowed to update the post or not.
I’m aware of the “initialize” actions in extbase but the permissions checks should be abstracted into an own layer and not in the controller imho.
What do you think about that?