@rwboyer the issue with
accept_roles that lead to its removal from the codebase (though it was unfortunately left in the docs) was that it doesn’t actually enforce anything in a secure way. Because the
accept_roles setting only affected the client-side CMS, any user could work around it by simply authenticating manually and using the auth token it to authenticate any request they wanted, even requests to collections which weren’t configured to be accessible by that role.
Technically, this can still be worked around by using two
git-gateway instances with different roles allowed and different CMS configs, but this still doesn’t provide any actual security because any user with a
git-gateway token (which you receive when you log into the CMS) can use that token to edit any content in the repo, even if it’s not included in the
config.yml. The only current way to actually enforce roles would be to have the two
git-gateway instances pointing to different repos on GitHub. True role based access control is currently out of scope for Netlify CMS, and would need to be implemented in
git-gateway because the CMS, being a client-side app, can’t possibly enforce roles in a secure way.