Identity/Git Gateway users with insufficient permissions see UI with "no entries"

[verythorough]

- Do you want to request a feature or report a bug?
bug

- What is the current behavior?
When using Netlify Identity & Git Gateway, you're able to specify which user roles (assigned with Identity) have permission to access the site's Git Gateway. If the CMS is set up with a git-gateway backend, and a user not assigned a role with permission to use Git Gateway logs in, the user will get access to the CMS UI, including the Collections side bar, but without any content. Collection names are visible, but clicking on any collection produces "no entries" in the main section.

- If the current behavior is a bug, please provide the steps to reproduce.

1. Create a site with Netlify CMS, using git-gateway backend and Netlify Identity. (You can do this by using the Deploy to Netlify button in the test drive doc.)
2. From the site dashboard, go to Settings > Identity > Services, and under Git Gateway, click Edit settings. Add a role to the Roles field (call it whatever you like) and save.
3. Go to the Identity tab and Invite yourself as a user on the site. Don't assign any roles to the user.
4. Go to your email, and click the confirmation link in the invitation email.
5. Log in, and see the behavior described above.

- What is the expected behavior?
I would expect that the user not be able to log in to the CMS at all, preferably with an error message explaining that they don't have permission.

- Please mention your CMS, node.js, and operating system version.
CMS 0.5.0-beta.8 on current Chrome

[t1merickson]

Video snippet from a user test wherein this bug was seen. It's a bit confusing to watch as you only hear me speaking and not the test participant as well.

http://share.neutyp.com/0D2N3o2c3G33

[tech4him1]

The applicable code almost looks invalid:
https://github.com/netlify/netlify-cms/blob/78b60c0a0bd3b0d3b69b6a88dea7c1209ec475e1/src/backends/git-gateway/implementation.js#L57-L60

[erquhart]

Yep that's wrong.

[tech4him1]

OK, that code was only breaking #792, this issue is separate. How do you guys see this being done? Just log out if we get a 401 from git-gateway? Or should there be a special endpoint that we could ping to check permissions without doing an actual request (I didn't see one in https://github.com/netlify/git-gateway)?

[tech4him1]

Gitter chat with fix: https://gitter.im/netlify/NetlifyCMS?at=5a073c0b505b630c05ce92b9.

[erquhart]

Agreed, here are the relevant bits from that chat:

Caleb @tech4him1 Nov 11 12:59
@erquhart @biilmann What git-gatway endpoint do you think would make sense to ping to make sure we had permission to use it?
Just try to access the main branch and see if we get a 401?

Mathias Biilmann @biilmann Nov 11 13:06
fetch('/.netlify/git/github/branches/${branch}', {headers: {Authorization: 'Bearer ${token}'}}) something like that might make the most sense, yeah

Caleb @tech4him1 Nov 11 13:12
OK, that sounds good.
That's probably the smallest response we can do as well, other than opening up a new endpoint.

Mathias Biilmann @biilmann Nov 11 13:25
yeah, that’s what I was thinking
and it has the bonus of verifygin that the branch configured actually exists