Let's say I have a site and want to restrict access to the content of the site to authenticated and authorized users (i.e. they have the Authenticated and Member roles). This would primarily be for sites that behave as extranets.
In Plone 5 I could change the workflow of all content so that the Member role was required for the View permission on everything. Going to the home page triggers a redirect to login. But you could still make it so that the root portal object itself gave "View" to the Anonymous role, so that they could have access to css resources, etc.
In Plone 6 the front page is no longer a content item, or at least it doesn't have workflow. As far as I can tell the only way to restrict access to it would be to require the Member role on the portal root object itself. But this has the side effect that if you use Plone to login that login form will not be able to even load any css.
Am I thinking about this correctly? I'm not sure if this is a problem for my team per se because we normally use SSO and require authentication on the Apache end, but if you are using Plone's login service on an extranet it seems like a problem.
True, I could set another content object as the default to mimic the old behavior.
Because this also removes access to the portal_registry and when they are prompted for credentials the login form does not have any css. Ultimately it would be nice to distinguish between access to content and access to css/theme.