From 9a039c3d8d97848a3ee41863b3d7e80397d4f755 Mon Sep 17 00:00:00 2001
From: Caleb <inchristalway-tech4him@yahoo.com>
Date: Wed, 28 Mar 2018 09:40:37 -0600
Subject: [PATCH 1/2] Prevent Git Gateway users without permission from login.

---
 src/backends/git-gateway/API.js            |  4 ++++
 src/backends/git-gateway/implementation.js | 11 ++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/backends/git-gateway/API.js b/src/backends/git-gateway/API.js
index 10737bb35a61..73e3be283fe7 100644
--- a/src/backends/git-gateway/API.js
+++ b/src/backends/git-gateway/API.js
@@ -10,6 +10,10 @@ export default class API extends GithubAPI {
     this.repoURL = "";
   }
 
+  hasWriteAccess() {
+    return this.getBranch()
+      .then(() => true, () => false);
+  }
 
   getRequestHeaders(headers = {}) {
     return this.tokenPromise()
diff --git a/src/backends/git-gateway/implementation.js b/src/backends/git-gateway/implementation.js
index cd8f029cc17d..447c5324d570 100644
--- a/src/backends/git-gateway/implementation.js
+++ b/src/backends/git-gateway/implementation.js
@@ -75,7 +75,16 @@ export default class GitGateway extends GitHubBackend {
       } else {
         throw new Error("You don't have sufficient permissions to access Netlify CMS");
       }
-    });
+    })
+    .then(userData =>
+      this.api.hasWriteAccess().then(canWrite => {
+        if (canWrite) {
+          return userData;
+        } else {
+          throw new Error("You don't have sufficient permissions to access Netlify CMS");
+        }
+      })
+    );
   }
 
   logout() {

From 6e50b9584471d17cd53eb3296cf877363f04de5a Mon Sep 17 00:00:00 2001
From: Caleb <inchristalway-tech4him@yahoo.com>
Date: Wed, 28 Mar 2018 10:07:01 -0600
Subject: [PATCH 2/2] Handle Git Gateway token expiry explicitly.

This often happens when a user changes a repo from public to private, so
we want to make that specific case very clear.
---
 src/backends/git-gateway/API.js | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/backends/git-gateway/API.js b/src/backends/git-gateway/API.js
index 73e3be283fe7..91221f03a71f 100644
--- a/src/backends/git-gateway/API.js
+++ b/src/backends/git-gateway/API.js
@@ -12,7 +12,19 @@ export default class API extends GithubAPI {
 
   hasWriteAccess() {
     return this.getBranch()
-      .then(() => true, () => false);
+      .then(() => true)
+      .catch(error => {
+        if (error.status === 401) {
+          if (error.message === "Bad credentials") {
+            throw new Error("Git Gateway Error: Please ask your site administrator to reissue the Git Gateway token.");
+          } else {
+            return false;
+          }
+        } else {
+          console.error("Problem fetching repo data from GitHub");
+          throw error;
+        }
+      });
   }
 
   getRequestHeaders(headers = {}) {