How to use Git Gateway with Netlify Identity

Hi all. I am new to Netlify, and trying Netlify CMS as the preferred editor for users who contribute to my open-source documentation site. I am struggling to follow the instructions for using Git Gateway with Netlify Identity. I have added accept_role to my config.yml but it seems that anyone who logs into the CMS with Github can then publish with the CMS and thereby push changes directly to the repo, even if their GitHub account is not authorized to do so.

Perhaps my problem is that my Netlify account has only one member – me – and I’m trying to use GitHub teams as my primary basis of defining roles and permissions. Is there a way I can have Netlify CMS align its user roles with that? Or does Netlify CMS ignore my GitHub teams and force me to also define roles and permissions with Netlify identity? In that case, would I end up paying $15 a month for every single individual that I define with Netlify Identity?

Thank you for help with this!

You don’t need roles for this. In your site’s Identity settings, you can set signups to invite-only and just invite the one person that needs to edit. No one else would be able to signup, and in turn, make changes.

Noe that, this is an identity invite that I’m talking about and not the team invite and it’s free for 5 users.

Thank you @hrishikesh for your helpful reply. That sounds very doable. Would you agree that, in your proposed approach, I would not want to use Git-Gateway? (It seems like Git-Gateway would just provide a way of bypassing the control provided by Netlify Identity.)

I am curious then how to use Git-Gateway, which is billed as “the way to add editors to your site CMS without giving them direct push access to your GitHub repository,” because it seems to give everyone (with a GitHub account) push access. Apologies if this is the wrong place for this question.

thanks for your help!

Hey @behoppe,

Git Gateway is required in any case. That’s the only way users using Netlify Identity can access your Git repo - which is a required functionality of the CMS. Once you’ve turned off public registration, you should not worry about the repo being written to by anyone else as no one would be able to login except for the invited members.

Note that, users without an account in your Netlify Identity instance cannot use Git Gateway to write to your repo.

Thank you @hrishikesh. I am still digesting this. I experimented with a non-Git-Gateway technique by using OAuth provider tokens (using that Netlify documentation to create my own GitHub OAuth App). I liked how that approach connects directly with GitHub accounts. My users and I are not happy, though, with how authorizing my GitHub OAuth app requires them to grant much broader permissions than we are comfortable with. So I am waffling between a backend of Git-Gateway vs GitHub/OAuth.

We’re happy to help @behoppe :slight_smile:
If there are other questions about this or more we can do to assist, please reply here anytime.