How to show admin specific information on my Django website? - django

I'm currently building a Hospital Management system with Django but encountered an issue. In this website, admins will register for their respective hospitals and manage their doctors, patients etc. But, I don't want one hospital's admin to see the informations of ther hospitals' doctors or patients. So how can I make sure that the admin only sees the data of his own hospital and not others'. What changes can I make in my models to do so?

If you are asking about using Django Admin module, I think that you sooner or later will find out that you need to do this outside of Django Admin, which is powerful, but it has it's own limitations. It is a handy tool that is more than adequate for your own admin stuff, but it is not intended (I believe) to be used by many admins for their regular stuff.
That said you will have to decide how to handle separation in your app. It is not easy task and you will need to take extra precaution to separate things between them. One of the solutions is to have separate databases for separate hospitals, other solution is to have all in same database and separate data programatically. It is really up to you to decide.

Related

Design Issue: To what extent should the Django Admin site be used?

I'm relatively new to Django and especially new to the admin functionality. I've read many articles expounding the benefits of the built-in admin site but I'm not sure to what extent they should be used.
Some general questions:
What sort of database interactions should be in admin and which should be part of the general site functionality?
I understand that models can be easily changed/deleted on the admin site but is it the best way to add new objects rather than in a custom page?
A more specific question:
I'm creating a website for tracking packages. The idea is that staff would scan and insert many (hundreds of) packages into the database on a daily basis. I'm unsure whether this could be done efficiently in admin as the current process of adding a model is a slow, multi-step process (I don't know to what extent that can be customized). As this is one of the site's main functionalities it also seems odd that it would reside in the admin site. Would it make more sense in the Django framework to write my own page? Or would I just be rewriting (probably less efficiently) what's already been created with django-admin?
Any suggestions or Django standards you guys have would be greatly appreciated.
Generally the django-admin should be used for CRUD (Create, Read, Update and Delete) operations. It should be used where you want to quickly setup a facility to allow people to manage the data. It can handle complex database relationships and inline editing, however it would be more appropriate to build a seperate django application if your adminstration facility is going to be bespoke. Django-admin can be customised heavily and you can subclass its inner workings, however it's a lot easier in the long run to code and maintain your own application albeit it will take longer to get it up and running.
One way of finding out if the django-admin is appropriate to use or not is to pick one important requirement and try to implement it, if it feels like it's a lot of work trying to implement it in django-admin then it's probably a case of shoehorning. I think sometimes requirements are shoehorned into django-admin by developers who think it's a one-size-fits-all solution which it simply isn't.

Implementing multiple administration levels in Django

I have decided to move a project from PHP to Python and despite hours of searching, I cannot find a way to implement the following design. I have attempted extending the user class and doing customised Admin Sites but not really got anywhere useful.
I have at the root level, myself. I manage 'clients', who themselves manage 'customers'.
The customers control a kind of detailed survey, in which users and invitees take part.
An example of the rough design:
ME (Super User)
Clients
Customers
Survey Collections
Users
Invitees
Surveys
Invitees (invitee is a child of both survey and user)
Questions
Etc
I am unsure of the best implementation style. I like the django admin interface, but I would need clients to only be able to modify THEIR customers, surveysets etc, customers to only manage their own surveysets and so on.
Is there a way to implement this in Django, perhaps by doing customised user types via inheritance and assigning them custom Admin Sites?
I understand it may be easier to just make my own apps to manage the various 'admin' interfaces, in which case is there an easy way to manage separate authentication of these user types and their various admin-style management systems?
The closest I got to this was based on How to have 2 different admin sites in a Django project? and is related to another question I asked: seperate 'admin' interfaces for different user types in django
I ended up creating two seperate instances of django admin and each one had it's own validation which was applied to filters on models and CRUD actions shared between them.

Is Django's admin panel intended to just be temporary scaffolding?

I've been successfully using Django's admin panel for internal users for a while but I recently hit a brick wall while trying to customize it and I'm curious if I'm spending too much time on it. So, my question is:
Is Django's admin panel intended to just be temporary scaffolding, that is, to be used only during the initial development of the application and to be replaced by custom code similar to Rails' scaffolding?
Obviously by using the admin panel I get a lot of functionality for free and as new features are added I get those for free too. What do other people do?
I wouldn't say the admin is meant to be temporary scaffolding but it might not be the best choice for many cases. I've worked with a very large and well known media company that used the admin as the basis for the entire workflow interface for its producers and editors. Unfortunately, your decision making process about when or when not to use the admin will benefit largely from your overall knowledge about the internals of Django; you'll probably get stuck a few times before you gain the experience to know when not to get stuck. :p
The "customizability" of the admin can be somewhat subjective. I've seen teams bend it to their will but it also requires a pretty good working knowledge of the lower level-details of Models, Forms (and naturally things like ModelForms and FormSets), and templates. I think a lot of the conventional wisdom and best practices hasn't yet surfaced into organized documentation. Be prepared to do a lot of digging around in the source code. The good news is that you'll probably come away with a much deeper understanding of how to take advantage of some of the first-class entities in the framework. The bad news is your boss probably won't be happy that it took you most of a day to change single input on a form.
Recent enhancements have made it easier to place your own views under the admin URL space so you might consider an approach of writing your own views to suit your needs and sprinkling in links in appropriate places within the standard admin pages. I generally advise people who are newer to Django or who are just getting into admin customization to strongly consider just rolling your own administrative views. After all, Django already makes it ridiculously easy to create CRUD style apps and you won't have to feel like you're fighting against a rigid system whenever you want to change presentation or behaviors.
Django Admin is for things where there's no value in doing anything more than the default add/change/delete processing it offers.
Databases are full of lookup and administrative tables. The zip-code to state mapping, for example, that no end-user should see. The log of background batch job executions.
Your app will probably have some tables which are these sort of more-or-less "administrative" -- someone maintains them, but not the large community of users.
Your app will probably have some tables which are for end-users to add/change/delete. You might want to provide extensive customized pages for this activity.
Django grew up in the news business. Writers and editors prepare data (using the admin interface). Customers read the data through customized web pages.
We have administrative staff that use the admin pages. We have customized pages for our customers. We use both.
We provide default admin pages on almost everything to our internal admins. We provide default admin on selected tables to customer-side admins. And we provide carefully crafted application-specific pages for our customers.
I asked a similar question about 6 months ago when I was first starting out in Django.
Is it worth it using the built-in Django admin for a decent sized project?
For that particular application I opted not to use Django admin, and that was a very smart decision in hindsight. Since then, I've generally not used it, but sometimes there are situations when it's great. For me, it really depends on the users. If we are building a custom data-driven app for a client and are working off a feature set provided by them, I would never want to use the Django admin. In those cases, almost certainly they will have changes that could be a real pain to try to get working in the admin. And if it's an evolving project, these changes will become more and more of a hack and you'd probably end up having to start ripping out pieces into non-Django admin parts of the site, at which point there are now two interfaces for doing stuff.
However, if the clients are more of the mindset of accepting the way the app works, then the Django admin would be fine, assuming there's generally a 1:1 correspondence between your tables and the data they're dealing with.
As Brian Luft said, it's really easy to create interfaces for CRUD apps, so if you sense you'll need any customization in the future, it might be easiest just to write your own from the start. You can always keep the django admin around for your own needs as a super-user. That's usually what I do, so I can easily have table-level access to change fields that might not be shown in the normal user admin.
No, I wouldn't compare it to Rails' scaffolding. It's not clear from your question what kind of issues you are running into-- can you provide an example?
There's a lot of customization you can do to the admin by adding custom ModelAdmin classes: hide fields, show additional fields, allow for editing of related-items on the same page or limit/ filter the options that appear in a foreign key field. You can also make things easier for users to find by adding sorting, filters to the front page, search fields. Newer versions of Django also let you create your own custom commands that can be applied to multiple objects at once.
But if the problem isn't with the basic change list and edit form, you can completely customize those by creating model-specific templates and overriding the default admin templates.
No, you can for sure use it for administrating your site, but as Django says; only for trusted users. So if you create a cms, its great. Because (hopefully) the back end users will be trusted users!

Creating an entire web application using django admin

I was thinking that django admin is an utility to provide trusted administrators of the site, full access to the site's data model.
However, after going through django admin in detail, I understand that it is very powerful set of views and templates that one can use to create an entire application.
How often do you create an entire application using admin alone? Is it easier to create using views itself than customizing admin that much?
How about building prototype using admin. Do we even need to build prototype? The admin customization cannot be re-used in real application.
If I want to use a part of the admin code in real application (with different templates), is there some kind of scaffolding option available?
"The Admin is not your app."
If the customization goes beyond the trivial, write your own views.
In my experience, I leave the internal admin pages relatively untouched. Instead, I override the admin index template, where I put links to custom-written views when the user needs to do nontrivial reporting or form handling.
I have done something like that before. It was a CMS for a university completely implemented by extending Django admin. It turned out it was a bad design descision. I had to jump through hoops to do some things.
It really depends on what the requirements are for your application. If there needs to be lots of ajax or some specific workflow extending the admin will not be the right thing to do. But I think 60% of cases can be covered by extending the admin.
It's also excellent for building prototypes.
EDIT
OK, that was in the 0.96 days.
So far I've built 2 "big" sites that are in production completely on top of the new admin. These are mostly case management, data entry and reporting so they could be squeezed into the workflow of the admin. But, not without a big effort going into extending the base Site, ModelAdmin, InlineModelAdmin etc. The decision to go this way is we were pressed to do it quick. But in the first case it was a perfect fit for the requirements too. Both run on an intranet in the government sector. Both do their job fine. One with 200 tables handling tens of thousands of entries. The other one manages payments.
So, yes it's true. The admin is not your app. However, it's extendable enough although much of it is not documented. And it fits in most basic enterpresey workflows. So it's worth considering in a limited number of scenarios.
I disagree with most of the other answers.
Simply put, there is no match for what you get for free using the admin app.
Your first customization of the admin will be tough as you'll be facing a steep learning curve (you will need to deal with overriding templates, Managers, ModelAdmins, probably use database views, the CSS and JS, some additional forms and validation rules, etc...). But once that is done, you'll start to feel king in bending the admin system to your needs. I have built a complex inventory and accounting web application with data-entry, reporting, and permission system all based solely on the admin interface and back-end.
The Django Admin is incredibly flexible and can be overridden in multiple ways. Unfortunately there is more than one way to do the overriding and some of the techniques are not terribly well documented.
The good news is that the following strategy seems to work well:
Override, customize and subclass the admin app until it all starts feeling a little painful and at that point just drop into your own views where needed.
There's some useful links in my answer to this question
In short:
Try out the admin part for your needs. Modify the standard views. If there is something missing, you can always develop your own view.
For me, I can't imagine an entire (bigger than rolodex) application based only on django-admin.
A.

Is it worth it using the built-in Django admin for a decent sized project?

I haven't been using Django too long, but I'm about to start a pretty hefty-sized project. I'm always nervous using fairly new frameworks (new to me) on large projects because I've been burned before. However, I'm pretty confident in Django...this will finally be the project that makes me leap from my home-grown PHP framework to a popular Python framework. (yay!)
Anyway, my question is whether or not the built-in Django admin is robust enough to use for a fully-fledged customer-facing interface (the clients will be using it themselves, not me). I see that it's pretty customizable, but I'm wondering if extensible enough to handle various non-standard cases. I don't have any concrete examples yet since I haven't started yet.
Has anyone used the Django admin for some pretty customized interfaces that non-programmer users use? Was it worth it? Would you rather have just created a home-grown admin interface specifically for the site?
Just to clarify, the users would be completely non-techy.
If I understand it correctly, you want to use the django admin for all users, to let them update the site.
If this is true, I think you may be using it in a different way from what was its main purpose, as you can get from the Django book (emphasis is mine):
For a certain class of Web sites, an
admin interface is an essential part
of the infrastructure. This is a
Web-based interface, limited to
trusted site administrators, that
enables the adding, editing and
deletion of site content.
If your users need to update content (like, let's say, adding a new article) then it may be OK.
But if you want to use it for any site interaction, then I think the user experience will not be as good.
I think a very nice example of how the admin can be used, and when it should not be used is in ReviewBoard: there, most of user actions are handled directly by the site, and only the configuration and management are then handled using the admin.
In the end, it is a matter of usability. If you think that it is OK for your application to have a different section to manage addition to the site, then Django's admin site may be a real time saver. In all other cases, maybe it is better to invest some time more.
My company has built a CMS on top of Django that handles numerous tasks (flat pages, blogs, members-only sections, importing and parsing data from external sites like youtube and flickr, mailing lists, albums songs and lyrics for artists, etc.) and so far we're still using the built-in admin. We have several very non-technical clients using it regularly.
You can go pretty far in customizing it with the admin.py files when you really get into it. The only things we've added are tinyMCE and Filebrowser to make those aspects easier for the end users.
I will say that we are working on a gallery module that is going to need a custom admin, though. Otherwise I've been pretty happy and impressed with how flexible and powerful Django's admin can be. And it's as user-friendly as you can think to make it.
It depends. The admin will let you customize quite a bit, with different groups of users having access to different tables, and if you give them access to different admin interfaces, you can even give them different sets of columns available on the tables. However, the admin isn't really set up to let you restrict users' row level access based on their authorization level. Once you've let them into a table, they can make changes to any object available to them.
You can customize widgets however you like by subclassing widget types (though the built-in filter_horizontal and raw_id_admin are indispensable and make this task simple for certain data types!)
So I guess it depends on what you mean by customers. If you mean the people who hired you to write the website (I think I'd call them clients rather than customers), then there's a good chance the admin will suit you just fine. If you mean the end users of a website, I would stick with hand-crafted django forms.
In general I view the Django admin as an interface to performing the tedious tasks of insert delete and editing. So, I'm not afraid of customizing it to a large extent (even if this means subclassing internal Django objects and passing them back to the admin interface at runtime), but be aware it will require you to read Django source (which fortunately isn't very hard to do).
So for me, the discriminator of using it or not is "insert, delete, update" of concepts that map very well to the database tables, not amount of user technical knowledge, amount I trust the users, or project size.