SSACC is a Symfony bundle that list all your project's routes that do not have permission checks.
The bundle will check if certain functions are called on the first line of the controller's action.
You can learn more about how to ensure that all the routes on my Symfony app have access control with this article.
composer require --dev ssacc/ssacc-bundleYou should create a config file like this one:
ssacc-config:
project_path: "./"
controllers_path: "src/"
exclude_all_routes_that_start_with:
- "web_profiler"
- "twig"
exclude_full_routes:
- "error_controller::preview"
security_requirement:
- "$this->denyAccessUnlessGranted"
- "!$this->isGranted"Those are the default values, you can change them as you wish.
You can use ssacc-config.dist.yaml as a template.
The default config path is ./ssacc-config.yaml, but you can change it in the next step.
project_path: The path to the root of your project.controllers_path: The path to the controllers directory.exclude_all_routes_that_start_with: An array of strings. All routes that start with any of those strings will be excluded.exclude_full_routes: An array of strings. All routes that match any of those strings will be excluded.security_requirement: An array of strings. All routes functions that do not have any of those strings on the first line of the controller's action will be listed.
The only argument is the relative path to the config file you created in the previous step.
It is optional and the default value is ssacc-config.yaml (root of your project).
php bin/console security:check-access-control myConfigDir/my-config-file.yaml
TODO: add the example code to this repo.