[symfony] Add NoBareAndSecurityIsGrantedContentsRule (#214)

Author: TomasVotruba

config/symfony-rules.neon

@@ -26,3 +26,4 @@ rules:
 
     # attributes
     - Symplify\PHPStanRules\Rules\Symfony\RequireIsGrantedEnumRule
+    - Symplify\PHPStanRules\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule

src/Enum/SensioClass.php

@@ -7,4 +7,6 @@
 final class SensioClass
 {
     public const IS_GRANTED = 'Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted';
+
+    public const SECURITY = 'Sensio\Bundle\FrameworkExtraBundle\Configuration\Security';
 }

src/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symplify\PHPStanRules\Rules\Symfony;
+
+use PhpParser\Node;
+use PhpParser\Node\Attribute;
+use PhpParser\Node\Scalar\String_;
+use PHPStan\Analyser\Scope;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleErrorBuilder;
+use Symplify\PHPStanRules\Enum\RuleIdentifier\SymfonyRuleIdentifier;
+use Symplify\PHPStanRules\Enum\SensioClass;
+use Symplify\PHPStanRules\Enum\SymfonyClass;
+
+/**
+ * @see \Symplify\PHPStanRules\Tests\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule\NoBareAndSecurityIsGrantedContentsRuleTest
+ *
+ * @implements Rule<Attribute>
+ */
+final class NoBareAndSecurityIsGrantedContentsRule implements Rule
+{
+    public const ERROR_MESSAGE = 'Instead of using one long "and" condition join, split into multiple standalone #[IsGranted] attributes';
+
+    public function getNodeType(): string
+    {
+        return Attribute::class;
+    }
+
+    /**
+     * @param Attribute $node
+     */
+    public function processNode(Node $node, Scope $scope): array
+    {
+        if (! in_array($node->name->toString(), [SensioClass::SECURITY, SensioClass::IS_GRANTED, SymfonyClass::IS_GRANTED], true)) {
+            return [];
+        }
+
+        $attributeExpr = $node->args[0]->value;
+        if (! $attributeExpr instanceof String_) {
+            return [];
+        }
+
+        // nothing to split
+        if (str_contains($attributeExpr->value, ' or ')) {
+            return [];
+        }
+
+        if (! str_contains($attributeExpr->value, ' and ') && ! str_contains($attributeExpr->value, ' && ')) {
+            return [];
+        }
+
+        $identifierRuleError = RuleErrorBuilder::message(self::ERROR_MESSAGE)
+            ->identifier(SymfonyRuleIdentifier::REQUIRED_IS_GRANTED_ENUM)
+            ->build();
+
+        return [$identifierRuleError];
+    }
+}

tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SkipInnerOr.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symplify\PHPStanRules\Tests\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule\Fixture;
+
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+
+#[IsGranted('(has_role("some_resource") and is_granted("another_resource")) or is_granted("yet_another_resource")')]
+final class SkipInnerOr
+{
+    public function run()
+    {
+    }
+}

tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SkipSplitOne.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symplify\PHPStanRules\Tests\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule\Fixture;
+
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+
+#[IsGranted('some_resource')]
+#[IsGranted('another_resource')]
+final class SkipSplitOne
+{
+    public function run()
+    {
+    }
+}

tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SomeControllerWithAmpersand.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symplify\PHPStanRules\Tests\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule\Fixture;
+
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+
+#[IsGranted('has_role("some_resource") && is_granted("another_resource")')]
+final class SomeControllerWithAmpersand
+{
+    public function run()
+    {
+    }
+}

tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/Fixture/SomeControllerWithComplexAttribute.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symplify\PHPStanRules\Tests\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule\Fixture;
+
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+
+#[IsGranted('has_role("some_resource") and is_granted("another_resource")')]
+final class SomeControllerWithComplexAttribute
+{
+    public function run()
+    {
+    }
+}

tests/Rules/Symfony/NoBareAndSecurityIsGrantedContentsRule/NoBareAndSecurityIsGrantedContentsRuleTest.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symplify\PHPStanRules\Tests\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule;
+
+use Iterator;
+use PHPStan\Rules\Rule;
+use PHPStan\Testing\RuleTestCase;
+use PHPUnit\Framework\Attributes\DataProvider;
+use Symplify\PHPStanRules\Rules\Symfony\NoBareAndSecurityIsGrantedContentsRule;
+
+final class NoBareAndSecurityIsGrantedContentsRuleTest extends RuleTestCase
+{
+    /**
+     * @param mixed[] $expectedErrorMessagesWithLines
+     */
+    #[DataProvider('provideData')]
+    public function testRule(string $filePath, array $expectedErrorMessagesWithLines): void
+    {
+        $this->analyse([$filePath], $expectedErrorMessagesWithLines);
+    }
+
+    public static function provideData(): Iterator
+    {
+        yield [__DIR__ . '/Fixture/SomeControllerWithComplexAttribute.php', [
+            [NoBareAndSecurityIsGrantedContentsRule::ERROR_MESSAGE, 9],
+        ]];
+
+        yield [__DIR__ . '/Fixture/SomeControllerWithAmpersand.php', [
+            [NoBareAndSecurityIsGrantedContentsRule::ERROR_MESSAGE, 9],
+        ]];
+
+        yield [__DIR__ . '/Fixture/SkipInnerOr.php', []];
+        yield [__DIR__ . '/Fixture/SkipSplitOne.php', []];
+    }
+
+    protected function getRule(): Rule
+    {
+        return new NoBareAndSecurityIsGrantedContentsRule();
+    }
+}