RFC: new checker: hard-coded usage of auth.User/User.objects

[atodorov]

Django recommends that you do not use the User model directly. Neither to issue queries against it, nor to use it as a foreign key reference. Instead you should be using the get_user_model() function and the AUTH_USER_MODEL setting.

The reason for all of this is that this can be overridden and applications which do not hard-code the values are in theory more portable downstream. That is they can be used directly inside an environment where the User model has been overridden.

In another project of mine we have a simple checker which warns for both of the above scenarios: https://github.com/kiwitcms/Kiwi/blob/master/kiwi_lint/auth_user.py

Questions are:

• Do people want to have this in pylint-django (kind of makes sense) ?
• Should it be enabled by default or made an extension like pylint_django.checkers.db_performance ?

Please vote and comment for your preferences.

[imomaliev]

I think this should be part of pylint-django

[carlio]

I think this makes a lot of sense, pylint and pylint-django is as much about good practices as about finding errors.

[Doskious]

This seems like something good to add, and to enable by default, as it would be echoing the design recommendations of the Django documentation itself.