Django: Restrict frontend developer access to backend code - django

We run a "classic" django website (rendering templates in the backend) and host the complete source code on github.
We also use the "classic" folder structure:
/source/ # For python related django code and packages
/templates/ # Just the normal django templates
/static/img/ # static images
/static/sass/ # Sass files
/static/css/ # Generated css files from sass (django-pipeline)
For the development purpose we use vagrant and ssh into the machine to start the django development server. Changes are pushed to github.
This is our current state and it works good for developer which are involved in the project.
But we also have for example external designers which should not have access to the backend.
Problem:
Designer should only have access to the /static/ folder (locally and on git) or if they also want to modify the html structure they need access to the /static/ and /templates/ folder.
So how can they run the Project without having access to the backend files? (Policy, installing and explaining vagrant is time consuming for non developers ...)
I couldn't find a solution but I have the following idea:
Create for the static folder a new repository
Create a server with everything what is needed to run the server
Mount the local /static/ (and /templates/) folder from the developer on the server. So that the local changes are served by the server. That way the designer don't need access to the backend source and also don't need the vagrant overhead. (Not sure how to solve this problem)
This is currently the only way which I see. Is there maybe a better solution and how can I implement step 3?

Related

Does ember's dist output require node?

When you build an Ember application the output is placed in the dist folder. Can I take this output and stick it into IIS on a server without installing node? I understand that during development I need to have node.js installed. I'm asking if the production host server will require node.js if I'm hosting in IIS?
A built Ember application (the contents of the /dist folder) is composed of files that can be served statically, so there's no requirement for node.js.
You should be able to serve them with IIS without a problem, just make sure you configure the routes properly if you're using the history API (location: 'auto'/location: history).

Git - How to commit a local repository to a subfolder of another local repository?

I have a Django project that I've started some time ago and I was hosting it at bitbucket. Now I need to host it at openshift, and the way to do that is that they provide you with a git repository and every time you push they deploy automatically. The problem is that the repository comes with several top-level folder for configuration and setup, and the effective django project must be inside a subfolder called wsig/openshift.
My question is, how can I commit my changes from my local django repository to the wsig/openshift subfolder of my local openshift repository? Because I intend to continue to develop on the bitbucket/local repository
You are probably looking for submodules. From the docs:
Submodules allow foreign repositories to be embedded within a
dedicated subdirectory of the source tree, always pointed at a
particular commit.
So you would do and would have the bitbucket repository as a seperate repository embedded in a subfolder of the openshift repository by running
git submodule add path_to_bitbucket folder/in/openshift
in the openshift repository.
You will have to run an occaisonal git submodule update to keep openshift up to date but you probably already expected extra work of that sort.
I had the exact same problem too! Is highly annoying but I took another road:
Why don't you create a Python 2.7 project from scratch? Current Django structure is honestly annoying. The way I did was:
Create an openshift project which was in that annoying structure.
Copy, preserve (in my local FS, not in Openshift) a copy of settings.py and wsgi.py.
Discard that project, and start a bare Python 2.7 project.
Check it out to my local FS, create a Django project in my local fs.
Replace the contents of wsgi and settings accordingly (adapting any possible misplaced paths - it's easier than it looks).
Commit/push (this new structure).
You will do differently in point 4: you will checkout that remote branch (bitbucket) as well, merge it on the openshift branch, change accordingly those files in point 5, and push the openshift branch.
There you have a brand-new project, matching your structure (perhaps you want to configure both remote branches in your environment: openshift and bitbucket).
That's the way I did and honestly I have nothing to regret.
Offtopic, but perhaps would be useful since you're using Django: This is specially important if you want to -also- use (gunicorn|uwsgi)+nginx (with a custom cart. which does not provide apache but nginx, and python), and so cannot use the default Django cart.

Django on production server (No module named urls)

I'm setting Django on production server and have this strange error(on picture below)
As you can see pythonpath seems to be ok(first row is my project folder), I definitely have module urls.py inside my project/project folder, I have init file there and my ROOT_URLCONF = 'project.urls'(I also tried without project name, but it didn't help either).
So, that is strange why it can't find it :(
I have to say that I tried to create a new project on server and then it seems to be ok, but with this project that is copied from local server it is behaving like this.
Printscreen of error:
The only problem I can think of is the process of package creation. What process have you followed to deploy your Django application?
If you have compiled the Django application on your local machine or CI server and then deployed the compiled package then you will run into Import module issues because pyc files will contain hard coded paths of your local machine or CI servers. To fix it before compiling the python files you should create the same hierarchy on your local/CI server and then compile and deploy.
Hope this helps.
[Edit]
I agree hardcoded paths in pyc files is PITA and we have been doing this in our production environment once we discovered it.
However I do not agree with you to re generate pyc files on the server because as your application will grow and you move towards a large application it will become very slow.
You don't have to keep your development environment directory to follow production directory structure. Instead you can have any directory path on development machine and create a separate bash script which will create a package for you by creating a directory structure that you follow on production. Bash script will have the logic of
Creating a directory structure similar to production
Checking out the code from source control
Compile the code using python -m compileall .
Create a tarball
You can untar this tarball on production server and your application should run fine.
For more information about package creation in python and best practices, check out this video
It doesn't look like your project is in your path, actually. The traceback is only showing Django packages.

What are the 'correct' permission setting for django site running on apache2 server

I am very new to apache and django, so execuse me if this question is simple. I am trying to deploy an existing site to an apache server. For the time being, the site is still in development so I am only deploying it as a virtualhost on my local machine.
I am using Django's WSGI module in the deployment. In my site's config file, I have the following aliases:
Alias /media/ /home/tester/Desktop/siteRootDir/media
Alias /content/ /home/tester/Desktop/siteRootDir/content
WSGIScriptAlias /c /home/tester/Desktop/siteRootDir/deploy/site.wsgi
When I run apache and go to localhost/c I was getting the (13)PermissionDenied error in the apache log. To get around that error, I (admitedly stupidly) ran
chmod -R 777 /home/tester/Desktop/siteRootDir
I know that is not the way to deal with the issue, but I just wanted the site to work so I can continue its development.
So my question is, what are the correct permission settings to the siteRootDir directory and its sub-directories such that the site will run and I do not expose unnecessary files in the directory.
Also, I realize that this is not an ideal set up and I will likely run into problems when I deploy the site in production. Can anyone please suggest a better organizational approach to this?
Thanks!
The tightest permissions possible would be 0600 for files and 0700 for dir's and as a owner the user owning the apache processes. This user differs per OS and flavor (e.g. for OSX it's www, for Debian/Ubuntu it's www-data).
This would probably too tight for a development server. At least would you like to be able to modify all your files through your IDE of text editor, so either you should add ACLs for yourself (i.e. the user that edits the Django files, templates and static files).
Also, in a production server you want the apache user to be able to write to directories that hold web uploaded content. That would be somewhere in your static files section (or on a different dedicated static files server).

Pydev + Django workflow. Local(test) + remote synchronization. Using git with django

I'm new to django and my very first project is my blog. I wonder how django developers who use pydev normally synchronize with remote hosting server, updating their sites?
I also would like to know, how do you combine usage of git with a django project? Should I just make a repository for the entire project?
At my company we've got an entire git repository for each project, including the Django sources that are put in the PYTHONPATH for each project, making Django versions project dependant. The folder structure is something like:
/.git
/projectname/app1
/projectname/app2
/projectname/manage.py
/django-lib/django/...
As django-lib is not a Python module, we include both / and /django-lib in the PYTHONPATH. If your project is becoming large, you might want to consider using git submodules on your apps.
We've also setup several servers to support the developers. There's a testing server running a central testing database and a setup including Apache with WSGI to make testing on a real server possible, which sometimes is a bit different then the local manage.py the developers use before committing their changes.
The testing server is updated with the master branch of our git repository. We've made several scripts to allow all developers to do this without letting them login to the server via SSH, but that is just during pre-release. After release, that server will become our staging server, and we'll remove all scripts from it to make it just like our production server.
Every developer has setup their local project to make sure that it communicates with the central testing database, containing several test data. I myself push my changes from the commandline, but you could also use EGit for this.
When we've got a release, we put it in a separate branch, called 'release' (obviously) and the production server will pull only from that branch. This is done via SSH, but I don't really know how your server setup looks like, so I guess that that last step is entirely up to you.
I hope that this has helped you a bit. I won't say that this is the best workflow possible, but it works for us and you should figure out what works for you.
Most experienced Django developers use pip(or distribute) and virtualenv deal with all the python packages you might need for your Django projects (including Django itself).
Personally, all I keep in my projects git repository is a bunch of segregated requirements lists generated by pip :
. ~/Dev/environs/$PROJECT_NAME/bin/activate
pip freeze > ./docs/requirements/main.list
I'm fairly sure most django developers would be familiar with Fabric, which I use for :
streamlining local interaction with git and,
pushing to our central repository,
pulling from our production or test server
touching the wsgi on the relevant server
and pretty much any other kind of task you might find yourself using ssh terminal session for.
For those cases where I need to make changes to someone elses django application in order to make it work or suit our purposes, I :
fork it on github,
clone from my forked repo
make the changes
push it up to my own repo
and provide merge requests to the original repo owner
This way, i have a repo where i can use pip requirement lists to keep pulling from until the original application owner gets their own repo updated.