New checker for hard-coded auth.User. Fix #244

Original implementation by myself from
https://github.com/kiwitcms/Kiwi/

Author: atodorov

pylint_django/checkers/__init__.py

@@ -3,6 +3,7 @@
 from pylint_django.checkers.models import ModelChecker
 from pylint_django.checkers.json_response import JsonResponseChecker
 from pylint_django.checkers.forms import FormChecker
+from pylint_django.checkers.auth_user import AuthUserChecker
 
 
 def register_checkers(linter):
@@ -11,3 +12,4 @@ def register_checkers(linter):
     linter.register_checker(DjangoInstalledChecker(linter))
     linter.register_checker(JsonResponseChecker(linter))
     linter.register_checker(FormChecker(linter))
+    linter.register_checker(AuthUserChecker(linter))

pylint_django/checkers/auth_user.py

@@ -0,0 +1,34 @@
+from pylint import interfaces
+from pylint import checkers
+from pylint.checkers import utils
+
+from pylint_django.__pkginfo__ import BASE_ID
+
+
+class AuthUserChecker(checkers.BaseChecker):
+    __implements__ = (interfaces.IAstroidChecker,)
+
+    name = 'auth-user-checker'
+
+    msgs = {'E%d41' % BASE_ID: ("Hard-coded 'auth.User'",
+                                'hard-coded-auth-user',
+                                "Don't hard-code the auth.User model. "
+                                "Use settings.AUTH_USER_MODEL instead!"),
+            'E%d42' % BASE_ID: ("User model imported from django.contrib.auth.models",
+                                'imported-auth-user',
+                                "Don't import django.contrib.auth.models.User model. "
+                                "Use django.contrib.auth.get_user_model() instead!")}
+
+    @utils.check_messages('hard-coded-auth-user')
+    def visit_const(self, node):
+        # for now we don't check if the parent is a ForeignKey field
+        # because the user model should not be hard-coded anywhere
+        if node.value == 'auth.User':
+            self.add_message('hard-coded-auth-user', node=node)
+
+    def visit_importfrom(self, node):
+        if node.modname == 'django.contrib.auth.models':
+            for imported_names in node.names:
+                if imported_names[0] in ['*', 'User']:
+                    self.add_message('imported-auth-user', node=node)
+                    break

pylint_django/tests/input/func_hard_coded_auth_user.py

@@ -0,0 +1,10 @@
+# pylint: disable=missing-docstring, wildcard-import, unused-wildcard-import
+# flake8: noqa=F401, F403
+
+from django.db import models
+from django.contrib.auth.models import *     # [imported-auth-user]
+from django.contrib.auth.models import User  # [imported-auth-user]
+
+
+class PullRequest(models.Model):
+    author = models.ForeignKey("auth.User", models.CASCADE)  # [hard-coded-auth-user]

pylint_django/tests/input/func_hard_coded_auth_user.txt

@@ -0,0 +1,3 @@
+imported-auth-user:5::User model imported from django.contrib.auth.models
+imported-auth-user:6::User model imported from django.contrib.auth.models
+hard-coded-auth-user:10:PullRequest:Hard-coded 'auth.User'

pylint_django/tests/input/func_noerror_string_foreignkey.py

@@ -2,7 +2,7 @@
 Checks that PyLint correctly handles string foreign keys
 https://github.com/PyCQA/pylint-django/issues/243
 """
-#  pylint: disable=missing-docstring
+# pylint: disable=missing-docstring, hard-coded-auth-user
 from django.db import models