I am researching Django Oscar for the ecommerce part of our business. One of the required features is that we need to host multiple shops on one Oscar instance, i.e. every shop owner should manage his own products, his own partners etc. And should not have access to other owner's content.
Google says it had this feature as of version 0.6: https://django-oscar.readthedocs.io/en/releases-0.6/howto/multi_dealer_setup.html
But the current version (1.5 as of today) does not mention this feature. How to do multitenancy in later Oscar versions?
Oscar is great! I'm using the "multiple dealers" as described in here
https://django-oscar.readthedocs.io/en/releases-0.6/howto/multi_dealer_setup.html
Until now I don't know another solution for multi-vendor.
Cheers,
EDIT
The multiple dealers support is now possible in Oscar 0.6 without any
code changes, and called "permission-based dashboard". It's documented
here:
http://django-oscar.readthedocs.org/en/latest/ref/apps/dashboard.html
"Staff users (users with is_staff==True) get access to all views in the dashboard. To better support Oscar’s use for marketplace scenarios, the permission-based dashboard has been introduced. If a non-staff user has the partner.dashboard_access permission set, they are given access to a subset of views, and their access to products and orders is limited."
I know this post is old, however there is shuup if you are looking for a multi-vendor python based shop. It does basically everything Oscar does with a really responsive and productive admin.
https://www.shuup.com/
Related
I'm having a bit of trouble with Django again.
I have a simple e-commerce website project that I'm working on for my graduation. It sells books. I've got basic functionalities down, such as adding categories and products, client sign-ups and logins, a session-based shopping cart, a checkout page fully connected to a payment API, and an orders model to keep track of data.
My professor has asked me now to to add relevant reports in the Admin panel, talked to me a while about what would be relevant to see and all. So, I've got in mind what I'm hoping to make.
I want to have two containers in the main dashboard page, which would display some quick analytics (like, how many books the store has sold in the past seven days, how much money from sales the site has made in the past month), as well as links in the sidebar: I want each relevant app within my project to have their own reports section in the Admin panel, maybe led to from a link underneath their models. I've separated the storefront, accounts, orders, shopping cart, and checkout, for instance, in different apps
The problem is I can't really figure out how to actually... do that...
I've fiddled with the layout and templates on the admin; I've figured out how to add custom links to the admin page, and change its design elements, for instance. But I'm not sure how to link the data I want to the dashboard. It feels like the answer is right in front of me and I can't reach it...
I guess my question is, how can I add my reports to the Django admin page per app, and how can I add these containers that I want in the dashboard?
I've guessed that I have to start out by building a view for each report. So I am currently reading the Django docs on the Admin page again, as well as looking at questions similar to mine.
But any information y'all can share that could ease up this process and save me some time would be very much appreciated. Thanks so much!
PS: If it helps, I am overriding the admin templates by having all the .html pages copied on my project's templates folder - it's how I got it to display the store's header in the admin dashboard.
I am building a website where you can keep your private portfolio, logs, etc using Django.
All courses, documentation, I came accross so far give all users the possibility to view all entries made by all users (e.g. blog, posts etc.). However I want to restrict any user from viewing & READING other users' data.
How can this be best achieved? Is there an extension available? I know that django doesn't have row-level permissions, but there are extensions for that available such as Django-rules.
In my case however I want restrict a user from viewing other users' data. In other words, a user can only see his/her porfolio and is also not in any way able to CHANGE, UPDATE, DELETE any entries which is not its own.
I found that django-guardian does the job.
For a website that is using django zinnia blog, I need the possibility to, beyond authors using the admin to create articles, to have a limited way for non-admin users to create blog entries, in their own specific area, with limited functionality (e.g. preset category, all entries start as draft etc..)
Now I was wondering if I could just create an own small ui for it and create Entries programatically in a django view (not in admin)... (with authors in those cases being non-admin users) ...
Is there any reason why this would be a very bad idea, or is this something that would really break things in Zinnia ?
Thanks in advance
Cheers
Thomas
I've done one part of this a few months ago. The client found the admin interface too complicated and wanted something simpler. I created view/templates that allowed users to add/edit blog entries - There were no major issues.
That said, this was still for admin users - there may be permission issues or hidden assumptions in zinnia that users are admins. I doubt there would be much trouble overcoming them - it's a nicely written app with decent interfaces.
I can show you some code if you're interested.
I'm building a Django-based review website where public users create all of the content on the site. Users create reviews for given items and they also create the items themselves that will be reviewed (providing a description and brief summary of the item, along with a few tags).
My question is this: Should I be using Django's admin features for this website (as in, exposing admin controls to the public users)? Or should I just stick with normal forms? I'm not too familiar with the admin-aspect of Django, and so far I've just been using forms for the website, but I've seen a lot of people talking about Django's admin features, and I'm starting to wonder if I should be using them.
Thanks for any feedback!
Maybe. If the admin functionality covers most of what you want to offer, there's no reason why you shouldn't use it as a starting point.
django.contrib.admin is an application like any other, and provides basically a CRUD interface to your models. Access can be controlled via groups/permissions, just like you would for an application you write yourself. You can give full access to a model with a one-liner, but obviously will have to configure properly when opening up to others.
See also my question
Django AdminSite/ModelAdmin for end users?
and similar questions Exposing django admin to users. Harmful? and How to make Django admin site accessed by non-staff user?
Regarding arguments about the "intended use" of the admin, please note Django's security update at the end of last year: http://www.djangoproject.com/weblog/2010/dec/22/security/ regarding querystring parameters in object lists. Such an update (quote: "an attacker with access to the admin [...]") is a clear indication that the admin's implementation of the permission system is being constantly scrutinized.
No. The django admin is not intended for any end-user.
The django admin feature is intended to assist the website developer, and that is all. Even usage by site administrators is contra-indicated, although in practice most small sites get away with it since they're only talking a few people who can call on the developer personally if they get into trouble.
For your purposes, the review items and the workflow in creating the items is a critical part of your application feature set. The admin will give you ideas, but it would be a mistake to attempt to build your application upon it.
I wouldn't expose the admin interface to regular users. You can use the authentication and user-management side (for your purposes), but it's usually best practice to give users a separate way to manage their objects. You also don't run as much of a risk of granting the wrong privileges to users (or allowing them to grant their own).
Have a read though the docs if you want a better overview about what it can do.
I'm working on creating a simple website for an exhibition. It's intended to use django with django CMS as much as possible - so Django admin site will be used.
Now I want to limit user's access to objects they can view/modify/delete.
There's going to be an Admin user, who can do all that admin can in django. But there are going to be Exhibitor types of users, who should be able to only see/modify their own objects (like - Page and Offer, they both would have an ID of the Exhibitor who's their owner).
Can this be done on the model level in django? Best would be to have some method that would take a logged-in-user instance and return the list of objects that this user can see.
There used to be a Row level permissions branch but it appears to have died off before gaining any traction or hope of being included into the trunk, so unfortunately that is out. That link does, however, give you a bit of a hint as to how they claim the admin app currently supports it via the ModelAdmin class.