From 319384eaa160ccfe89f68611aeed7e9e18768c60 Mon Sep 17 00:00:00 2001
From: Tomas Votruba <tomas.vot@gmail.com>
Date: Sun, 27 Apr 2025 22:43:07 +0200
Subject: [PATCH] skip custom functions in
 NoBareAndSecurityIsGrantedContentsRule

---
 ...NoBareAndSecurityIsGrantedContentsRule.php | 27 +++++++++++++++++++
 .../Fixture/SkipCustomFunction.php            | 15 +++++++++++
 ...reAndSecurityIsGrantedContentsRuleTest.php |  1 +
 3 files changed, 43 insertions(+)
 create mode 100644 tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SkipCustomFunction.php

diff --git a/src/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule.php b/src/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule.php
index 45cdc0ac1..2ae98756b 100644
--- a/src/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule.php
+++ b/src/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule.php
@@ -51,10 +51,37 @@ public function processNode(Node $node, Scope $scope): array
             return [];
         }
 
+        if ($this->usesCustomFunctios($attributeExpr)) {
+            return [];
+        }
+
         $identifierRuleError = RuleErrorBuilder::message(self::ERROR_MESSAGE)
             ->identifier(SymfonyRuleIdentifier::REQUIRED_IS_GRANTED_ENUM)
             ->build();
 
         return [$identifierRuleError];
     }
+
+    private function usesCustomFunctios(String_ $string): bool
+    {
+        $joinedItems = preg_split('# (and|&&|or) #', $string->value, -1, PREG_SPLIT_NO_EMPTY);
+
+        if ($joinedItems === false) {
+            return false;
+        }
+
+        foreach ($joinedItems as $joinedItem) {
+            if (str_contains($joinedItem, 'is_granted')) {
+                continue;
+            }
+
+            if (str_contains($joinedItem, 'has_role')) {
+                continue;
+            }
+
+            return true;
+        }
+
+        return false;
+    }
 }
diff --git a/tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SkipCustomFunction.php b/tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SkipCustomFunction.php
new file mode 100644
index 000000000..135428908
--- /dev/null
+++ b/tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SkipCustomFunction.php
@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symplify\PHPStanRules\Tests\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule\Fixture;
+
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+
+#[IsGranted('custom_check("some_resource") && custom_check("another_resource")')]
+final class SkipCustomFunction
+{
+    public function run()
+    {
+    }
+}
diff --git a/tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/NoBareAndSecurityIsGrantedContentsRuleTest.php b/tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/NoBareAndSecurityIsGrantedContentsRuleTest.php
index 903f42bac..d973ad290 100644
--- a/tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/NoBareAndSecurityIsGrantedContentsRuleTest.php
+++ b/tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/NoBareAndSecurityIsGrantedContentsRuleTest.php
@@ -32,6 +32,7 @@ public static function provideData(): Iterator
         ]];
 
         yield [__DIR__ . '/Fixture/SkipInnerOr.php', []];
+        yield [__DIR__ . '/Fixture/SkipCustomFunction.php', []];
         yield [__DIR__ . '/Fixture/SkipSplitOne.php', []];
     }