MailjetConfigurationAccessCheck blocks access to all pages for users except admin

Created on 5 August 2025, 4 days ago

Problem/Motivation

The MailjetConfigurationAccessCheck::applies() method incorrectly returns TRUE for all routes, causing the access check to be applied to every page on the site, not just Mailjet administration pages. This results in anonymous users being blocked from accessing any page on the site, even when Mailjet is properly configured.

Error thrown:
Drupal\Core\Http\Exception\CacheableAccessDeniedHttpException: in Drupal\Core\Routing\AccessAwareRouter->checkAccess()

This is a critical bug that makes the entire site inaccessible to anonymous users after installing the Mailjet module.

Steps to reproduce

  • Install and enable the Mailjet module (version 4.0.2)
  • Configure Mailjet API credentials in /admin/config/system/mailjet/api
  • Log out or access the site as an anonymous user
  • Try to access any page on the site
  • Result: Access denied error on all pages

Expected behavior: Anonymous users should be able to access public pages normally, with Mailjet access checks only applying to Mailjet administration routes.

Proposed resolution

Modify the applies() method in src/Access/MailjetConfigurationAccessCheck.php to only apply the access check to routes that actually require it:

// Current problematic code:
public function applies(Route $route) {
  return TRUE;  // Applies to ALL routes
}

// Proposed fix:
public function applies(Route $route) {
  return $route->hasRequirement('_mailjet_access_check');  // Only Mailjet admin routes
}

This change ensures that:

  • The access check only applies to routes with the _mailjet_access_check requirement
  • Anonymous users can access public pages normally
  • Mailjet administration pages remain properly protected
  • The module functions as intended

Remaining tasks

  • Review the proposed fix
  • Test the fix with different user roles and permissions
  • Verify that Mailjet administration pages remain secure
  • Test the fix in different Drupal versions
  • Create automated tests to prevent regression

User interface changes

None. This is a backend fix that doesn't affect the user interface.

API changes

None. This fix doesn't change any public APIs.

Data model changes

None. This fix doesn't modify any data structures or database schema.

🐛 Bug report
Status

Active

Version

4.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024