Medium-Priority Access Control Consolidation Test
==================================================

✓ ProfileController does not import RequestHelper
✓ ProfileController editPasswordForm has no authorization check
✓ ProfileController savePassword always uses current user
✓ MenuCustomizationController does not import AccessMiddleware
✓ MenuCustomizationController constructor does not have AccessMiddleware
✓ MenuCustomizationController saveMenuOverrides has no canUserAccessOtherUser call
✓ MenuCustomizationController saveMenuOverrides uses simple fallback
✗ App.php does not pass AccessMiddleware to MenuCustomizationController
  Error: MenuCustomizationController instantiation still includes AccessMiddleware
✗ AccessMiddleware defines OWNER_ONLY_ROUTE_PATTERNS
  Error: OWNER_ONLY_ROUTE_PATTERNS constant not found
✗ AccessMiddleware includes password route in OWNER_ONLY_ROUTE_PATTERNS
  Error: Password route pattern not found in OWNER_ONLY_ROUTE_PATTERNS
✗ AccessMiddleware has requiresOwnerOnlyCheckForUri method
  Error: requiresOwnerOnlyCheckForUri method not found
✗ AccessMiddleware has resolveAndValidateOwnerOnlyTargetUserId method
  Error: resolveAndValidateOwnerOnlyTargetUserId method not found
✗ AccessMiddleware handle method includes owner-only check
  Error: Owner-only check not found in handle method
✓ routes.json has access metadata for all routes
✓ routes.json ProfileController routes have access metadata
✓ routes.json MenuCustomizationController routes have access metadata
✓ routes.json password routes have owner_only ownership
✓ routes.json public routes marked correctly
✓ routes.json admin routes marked correctly
✓ routes.json resource routes have owner_or_admin with resource metadata

==================================================
Tests Run: 20
Tests Passed: 14
Tests Failed: 6
==================================================