Authorization Security Check

Analyze PHP code for authorization and access control vulnerabilities.

Detection Patterns

1. Missing Access Control Checks

// CRITICAL: No authorization
public function deleteUser(int $id): Response
{
    $user = $this->userRepository->find($id);
    $this->userRepository->delete($user);
    // Anyone can delete any user!
}

// CRITICAL: Only checking authentication, not authorization
public function updateOrder(int $orderId): Response