Improve permission handling for Mailjet admin pages

Created on 21 March 2025, 16 days ago

Problem/Motivation

Currently, Mailjet admin pages require only the access administration pages permission, which means any user with this permission can view the Mailjet configuration pages. This creates an issue where administrators cannot properly restrict access to Mailjet settings.

Steps to reproduce

Create a user role with access administration pages permission but without administer mailjet configuration.
Log in as this user and navigate to /admin/config/services/mailjet.
Observe that the user can access the Mailjet settings even though they should not have permission to administer Mailjet.

Proposed resolution

Update Access/MailjetConfigurationAccessCheck.php file for Mailjet admin pages to use the "administer mailjet configuration" permission instead of access administration pages.
Review other admin-related routes to ensure correct permissions are applied.

Remaining tasks

User interface changes

API changes

Data model changes

✨ Feature request

Status

Active

Version

4.0

Component

Code

Created by

🇻🇳Vietnam tuan.hmt

Live updates comments and jobs are added and updated live.

Merge Requests

!69Improve permission handling for Mailjet admin pages
Open
Unnamed author
updated 16 days ago

Comments & Activities

Issue created by @tuan.hmt
Comment 16 days ago →
🇻🇳Vietnam tuan.hmt
patch to fix before merging
Comment 16 days ago →
🇻🇳Vietnam tuan.hmt
Merge request !69Issue #3514616 by tuan.hmt: Improve permission handling for Mailjet admin pages → (Open) created by Unnamed author

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024