Deploying Django admin and Site as different applications - django

Is there a way to deploy Django Admin and your main application separately, though both of them sharing the same Models / Business logic services.
I come from Grails background where you can create a plugin which can hold your Entities and common business logic and that plugin can be utilized by other application deployed and scaled separately though using the same Database. You don't have to repackage your plugin again for every change rather its just sibling folder to your other projects.
Can I achieve something similar with Django?

Assuming a typical setup, in order to be useful Django Admin needs access to project's apps and their models.
So a setup that you've described would require at least:
simple URLconf with just Django Admin
models and their Admin bindings for all apps that need Admin
settings with database credentials
Even if your models and Admin bindings are not dependent on other parts of the codebase,
extracting the above components to a separate project and then keeping everything
in sync sounds pretty hard.
Summarizing: I would say it's hard but possible if it's something that you really need,
but Django Admin hasn't been designed with such use case in mind.

Django admin is actually separate from the main application by placing it on its own url. Even if they know the admin url, users cannot log in to the site's admin unless they have already been assigned Staff status via the admin. You can set the admin prefix to anything you want, so if you want to "hide" the admin login page, just make it something long and random (good for security too), and basically no one but those you tell will even know where the admin site can be found.

Related

access /admin functionality and features for some user groups

My english is not perfect thus the title is confusing. I don't know how to really put what i want to say. Anyway, I have a django 1.11 application that is running well. Wrote admin.py for some apps and a bunch of admin forms overridden. But client said he wants a different way of doing things (instead of admin carrying out the task, everyone registered on the app can). I already have a dashboard for those users and he wants the admin forms to be in that dashboard as opposed to the /admin default dashboard.
I failed to find such a thing in the documentation, I think. But basically, I want some forms to be avalibale, as they are, in the client dashboard? Is that possible?

django frontend and backend seperation for security

I have written a web app in Django with usual Django project structure. At my company, they want to separate front end and backend on different servers. Frontend server will have internet access and backend will have a strong firewall and no net access. What I understand from this concept is, they want to separate back-end (view.py) from Django project to shared folder (shared with the back-end server). Is it possible to separate view.py file to the different folder and then import it to project?
Also another question on the same topic. Does Django have good security or security ideas like this are required to protect against hacking? What measures should I take to ensure protecting my backend against hacking if I can't separate backend? (I have already implemented LDAP authentication, using CSRF tokens and all pages are protected by #login_required)
What you can do is creating two projects, one for serving your "front end" with a disabled admin (simply remove the 'admin' in your project's urls.py) and another one for managing the django admin and only accessible from inside your company's network.
Make them share the same database where the database server should only be accessible from within your company's network, as well. Be sure to only create the models only in one app, preferably in the front end app as you might want to have user input handled by django forms.
Register the "front-end" app models in the "back-end" project via the admin.py in the "back end" app. That should allow you accessing the data stored in the db.
When it comes to third party apps and plugins be sure to check their urls.py (and disable the admin in case), models.py and admin.py in order to implement it in your "back-end".
Hope that helps!

Moving from PHP/Laravel to Python/Django

I want some clarity. I want to learn more about django and use it as replacement for php/laravel. But the default structure and convention of django confuses me a bit.
My PHP/Laravel project has 3 parts:
- Administration
- Core (Web app for regular users)
- API Service (REST-API for mobile apps)
However all of controllers, models and views are contained in a single Laravel application. I separated Auth, Admin, Api controllers into their own folders/namespaces.
One thing that confuses me is the default Django structure 1 view 1 model file. How should i go about reworking this application in Django should each of my controllers be a separate app in my django project or should I have same approach as in Laravel. 3 Django apps in one project one for admin one for core and one for api ? Where should I keep my models than since in Laravel all models are used by all 3 parts ?
My current structure:
./
./controllers/
./auth/
LoginController.php
RegistrationController.php
...
./admin/
ReportsController.php
UserController.php (Admins overview of all users)
...
./api/
HealthController.php (API CRUD for Health resource)
ExerciseController.php
HomeController.php
UserController.php (Regular users profile page CRUD)
...
./models/
User.php
Health.php
Exercise.php
...
One thing to remember about Django is that an app in Laravel doens't necessary translate to an app in Django. In Django, there are projects, and each project can have any number of apps. For example, I have a "Backup Admin" project where I manage a lot of the day-to-day issues of managing a tape backup environment. I have an app for media (that has 3 models, one for regular media, one for cleaning media, and one for media that we want to exclude from tape ejections). I have an app that represents the backup images, and another for backup jobs (to check status codes). Each sub-piece of my project goes into another app.
If I wanted to do another Django project that had nothing to do with backups, I'd make that a completely separate project, which would have a separate directory structure from my backup project. It'd have it's own urls.py, settings.py, etc.
Regarding the models piece, I put all of one app's models in the same file. For example, in my media app, I have models.py, which contains all three models that I mentioned above. This is completely optional, but I do it just so while importing these models into other parts of the project, I don't have to remember what the file names are, instead I can just do this:
from media.models import CleaningMedia,Media,EjectExclusions
Otherwise I'd have to have 3 different import statements if they were in different files. It's completely possible, but based on your preferences.
Regarding the controller, Django lets you do it either way. You have a project-wide urls.py file that you can use to control all of the traffic, or you can have separate urls.py files in each app to control that app's traffic. I prefer a single file, but that's just me. Personally if you have a lot of controller entries, you should probably split them up into app-specific urls.py files, just to keep it clean, but again, either method would work. I think of maintainability (especially with respect to teammates having to support it) when I make these types of decisions.
The admin interface is built-in, so there's not really an app for that, but you can decide which models and which apps have entries on the admin interface quite easily. Each app has an admin.py file that controls this.
A side note, for a RESTful API, you also might want to consider Django Rest Framework. It's a great piece of software, and the documentation (and tutorials) are very helpful.
Edit:
The 1 view/1 model thing again is just preference. You can have as many files as you want. The only trade off is when you import them into other files, you have to specify the file you're importing it from. That's really all there is to it. I know people who have a views/ directory, and inside there, have separate files for each view, keeping each class/function separate. Totally a matter of preference.

create an admin's like application in django

Im really confused about what is all i need to consider for creating a django aplication with almost similar functionality to it's own admin.
The index page should deploy the list of models the user has access to modify or create...almost the same as when you put admin.site.register(MyModel) but with permission restriction. Im not sure how should i ckeck permissions, and show 1 ,2 or many "ModelAdmis" on my main page.
btw admin users are redirected to the admin index page, non-admins go to my page
Before you consider creating a django admin from scratch, you should read the answers to this question Django Admin app or roll my own?
I couldn't find any resource on how to create a django admin from scratch, but here's what you should do if this is your first time overriding a framework's functionality (in my humble opinion):
Understand and make sure you are comfortable with the django admin app
start from the docs https://docs.djangoproject.com/en/1.7/#the-admin
Head over to the django admin app source code so you can start reading the internals of the functionality you want to implement/override in your new admin app.
source code can be found here https://github.com/django/django/tree/master/django/contrib/admin
(this may involve reading other apps source code too)
After those two steps you should have an idea on how the admin app is implemented and it's dependencies, then you can start creating your custom admin app.
an example on how this may go can be found in this qestion:
How to override Django admin's views?
If you are building something new, try to separate the UI from the backend. You can build your UI using react, angular or whatever and interact with django using the API. To build the API you can use the Django Rest Framework.
Don't use the Django Admin as a public interface. Use that only for the admins!
If you start to use the Django Admin as interface for your public site, you'll fight with the package to tailor and secure the views to avoid destructive actions. What happen if you forget a readonly field? What if the user deleted something ON_CASCADE?
Building the UI you are totally free and you can customise easily everything without fighting the django admin package (it's awesome package but is not provided for public use)

Where is recommended spot for storing admin customizations for Django contrib apps?

I want to add Django Sessions to my Django Admin, and I am following an SO post about this, but it is unclear where I store this code. Do I put it in an admin.py file? Under what directory?
In short, it doesn't matter. You can put the code into any of your apps' admin.py files. However, in situations like these I tend to use a generic app in my project, usually named something like utils, that exists for the sole purpose of housing code that doesn't belong to one specific app or could be used by multiple apps.
If you want to be more specific, you can create a sessions app in your project specifically devoted to this code and any other code related to session management for your project, or perhaps an existing app that is somewhat related. For example, I put customizations to the User admin in my accounts app that holds the UserProfile model.