I want to add a simple community feature to my project. I would like to use git-gateway (or maybe the github graphql feature) so that comments and posts from users are repo commits that kick off a build and deploy (regular ol’ JAMstack workflow). Everything makes sense and I have a working prototype, however, I don’t understand how role based access control works in this model. For example: an authenticated user (I’m using Netlify identity) should be able to post a comment to a thread, however, they should not be able to create or merge any other kinds of commits.
If someone can point me in the right direction for either documentation or an example on how to handle RBAC with git-gateway, that would be extremely helpful. I know the Smashing case study included a comments feature, but I haven’t found any technical details on how that was accomplished, other than the general fact that user comments are committed to the repo.