Accept_roles returning blank /admin page

[fraktar]

- Do you want to request a feature or report a bug?
Bug.

- What is the current behavior?
Attempting to restrict access to the Git Gateway/editorial workflow to a role. Both collections and editorial workflow are empty for all roles.

I also get a blank /admin page if I attempt to restrict the role via config.yml. The console outputs this error:

TypeError: (e.getIn(...) || Object(...)(...)).toArray is not a function at new t (cms.js:181) at r (cms.js:18) at cms.js:18 at t.value (cms.js:181) at t.value (cms.js:181) at u (cms.js:163) at beginWork (cms.js:163) at i (cms.js:163) at u (cms.js:163) at c (cms.js:163)

- If the current behavior is a bug, please provide the steps to reproduce.
Tried two methods.

a) Add a role via Identity > Click on a user > Edit settings > Add role and set that role in Identity Settings > Git Gateway settings > Type role > Generate API access token > Save.

b) Add accept_roles: Role in /admin/config.yml under backend.

- What is the expected behavior?
I'd expect this to allow access to the specified role(s) only.

- Please mention your CMS, node.js, and operating system version.
Netlify CMS version 0.7.0, Node v.4.7.3, Windows 10 x64

Github Repo with all the code
https://github.com/fraktar/gutsignal

Live Demo
https://gutsignal.netlify.com

Possible Hint
https://github.com/netlify/netlify-cms/blob/78b60c0a0bd3b0d3b69b6a88dea7c1209ec475e1/src/backends/git-gateway/implementation.js#L36

[tech4him1]

@fraktar accept_roles is supposed to be a list, like this:

accept_roles:
  - admin
  - editor

Can you try that, please?

[fraktar]

@tech4him1 thanks, but now I get permission denied on all roles.

Can't login.

My config.yml code looks fine to me https://github.com/fraktar/gutsignal/blob/master/admin/config.yml

[tech4him1]

@fraktar Have you tried changing Admin to lowercase?

[tech4him1]

I'm beginning to wonder if this is related to #647.

[fraktar]

@tech4him1 yes, already tried that.

[verythorough]

@tech4him1 I'm getting the same results as @fraktar when I set accept_roles in my CMS config, regardless of how I have things set in my Netlify Identity/Git Gateway settings.

However, if I remove the accept_roles field, and set user roles with the Netlify Git Gateway settings, like this:

It works, at least in the sense that I can log in with a user that has the role, and I can't with a user that doesn't.

Interestingly, because role-based access control can be handled entirely by Git Gateway (even in the open source version), I wonder if the accept_roles config is necessary for this backend at all.

The main flaw in my test setup with Git Gateway handling the user roles is that the non-authorized user gets a flash of the CMS UI, then kicked back to the login screen, without any error message to explain why. If we set an error for that, maybe that's actually the way to go for this backend.

Thinking of possible gotchas to that approach:

• Someone may use Git Gateway for more than one service at a time on a single site, and authorize multiple roles at the Git Gateway level, but not all of those roles get access to the CMS. In that case, you could handle the issue in other ways, like path-based redirects, but possibly worth thinking about.
• If (when) we add more granular role-based permissions to the CMS itself (e.g., only the 'publisher' role can publish entries), we're going to have to start dealing with roles again, so we won't escape them forever. 😄