Improve permission handling for Mailjet admin pages

Open on Drupal.org →

Created on 21 March 2025, 3 months ago

Problem/Motivation

Currently, Mailjet admin pages require only the access administration pages permission, which means any user with this permission can view the Mailjet configuration pages. This creates an issue where administrators cannot properly restrict access to Mailjet settings.

Steps to reproduce

Create a user role with access administration pages permission but without administer mailjet configuration.
Log in as this user and navigate to /admin/config/services/mailjet.
Observe that the user can access the Mailjet settings even though they should not have permission to administer Mailjet.

Proposed resolution

Update Access/MailjetConfigurationAccessCheck.php file for Mailjet admin pages to use the "administer mailjet configuration" permission instead of access administration pages.
Review other admin-related routes to ensure correct permissions are applied.

Remaining tasks

User interface changes

API changes

Data model changes

✨ Feature request

Status

Active

Version

4.0

Component

Code

Created by

🇻🇳Vietnam tuan.hmt

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!70Improve permission handling for Mailjet admin pages
Open
🇮🇳India JatinGupta40
updated 24 days ago
!69Improve permission handling for Mailjet admin pages
Merged
Unnamed author
updated 2 months ago

Comments & Activities

Issue created by @tuan.hmt
Comment 3 months ago →
🇻🇳Vietnam tuan.hmt
patch to fix before merging
Comment 3 months ago →
🇻🇳Vietnam tuan.hmt
Merge request !69Issue #3514616 by tuan.hmt: Improve permission handling for Mailjet admin pages → (Merged) created by Unnamed author
Pipeline finished with Success
3 months ago
Total: 290s
#454005
First commit to issue fork.
Merge request !70Mailjet 3514616 → (Open) created by JatinGupta40
Comment 3 months ago →
🇮🇳India JatinGupta40
Pipeline finished with Success
3 months ago
Total: 144s
#467440
Comment 2 months ago →
System Message

mihaskep → committed cd32ec3c on 4.0.x authored by tuan.hmt →
Issue #3514616 by tuan.hmt: Improve permission handling for Mailjet...
Status changed to Needs review 24 days ago10:26am 3 June 2025
Comment 24 days ago →
🇮🇳India JatinGupta40
@mihaskep I have rebased the MR and resolved all the conflicts.
Pipeline finished with Success
24 days ago
Total: 156s
#513121

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024