My english is not perfect thus the title is confusing. I don't know how to really put what i want to say. Anyway, I have a django 1.11 application that is running well. Wrote admin.py for some apps and a bunch of admin forms overridden. But client said he wants a different way of doing things (instead of admin carrying out the task, everyone registered on the app can). I already have a dashboard for those users and he wants the admin forms to be in that dashboard as opposed to the /admin default dashboard.
I failed to find such a thing in the documentation, I think. But basically, I want some forms to be avalibale, as they are, in the client dashboard? Is that possible?
Related
I really like StreamFields, but I don't want the baggage of Wagtail's Publishing system.
For example, consider a Forum community site. Instead of using CK Editor or BBCode, Markdown etc form input. I want to give users the option of StreamField based input to construct posts or replies
Is this possible? If yes, what steps would I need to take or edits to Wagtail do I need to do?
I'm guessing using a permission system while keeping the user as a limited admin would be the thing to do, since removing the user from admin doesn't seem to be possible since Wagtail is heavily reliant on Django Admin.
I'm guessing using a permission system while keeping the user as a
limited admin would be the thing to do, since removing the user from
admin doesn't seem to be possible since Wagtail is heavily reliant on
Django Admin.
If you want to reuse StreamFields, you probably want to use the Wagtail admin interface; doing otherwise is likely to be quite a bit of work. So users will need to be able to log in and have the wagtail_admin permission so they can access the admin interface. If you tried to use Page models for your forum, you are going to end up crossways of the way Wagtail's page permissions cascade. You could probably write your own admin views for regular users to add certain kinds of content.
But honestly, unless you have quite a bit of experience with Wagtail in its normal content management mode, I wouldn't suggest you try using it for this use case.
Is there a way to deploy Django Admin and your main application separately, though both of them sharing the same Models / Business logic services.
I come from Grails background where you can create a plugin which can hold your Entities and common business logic and that plugin can be utilized by other application deployed and scaled separately though using the same Database. You don't have to repackage your plugin again for every change rather its just sibling folder to your other projects.
Can I achieve something similar with Django?
Assuming a typical setup, in order to be useful Django Admin needs access to project's apps and their models.
So a setup that you've described would require at least:
simple URLconf with just Django Admin
models and their Admin bindings for all apps that need Admin
settings with database credentials
Even if your models and Admin bindings are not dependent on other parts of the codebase,
extracting the above components to a separate project and then keeping everything
in sync sounds pretty hard.
Summarizing: I would say it's hard but possible if it's something that you really need,
but Django Admin hasn't been designed with such use case in mind.
Django admin is actually separate from the main application by placing it on its own url. Even if they know the admin url, users cannot log in to the site's admin unless they have already been assigned Staff status via the admin. You can set the admin prefix to anything you want, so if you want to "hide" the admin login page, just make it something long and random (good for security too), and basically no one but those you tell will even know where the admin site can be found.
Im really confused about what is all i need to consider for creating a django aplication with almost similar functionality to it's own admin.
The index page should deploy the list of models the user has access to modify or create...almost the same as when you put admin.site.register(MyModel) but with permission restriction. Im not sure how should i ckeck permissions, and show 1 ,2 or many "ModelAdmis" on my main page.
btw admin users are redirected to the admin index page, non-admins go to my page
Before you consider creating a django admin from scratch, you should read the answers to this question Django Admin app or roll my own?
I couldn't find any resource on how to create a django admin from scratch, but here's what you should do if this is your first time overriding a framework's functionality (in my humble opinion):
Understand and make sure you are comfortable with the django admin app
start from the docs https://docs.djangoproject.com/en/1.7/#the-admin
Head over to the django admin app source code so you can start reading the internals of the functionality you want to implement/override in your new admin app.
source code can be found here https://github.com/django/django/tree/master/django/contrib/admin
(this may involve reading other apps source code too)
After those two steps you should have an idea on how the admin app is implemented and it's dependencies, then you can start creating your custom admin app.
an example on how this may go can be found in this qestion:
How to override Django admin's views?
If you are building something new, try to separate the UI from the backend. You can build your UI using react, angular or whatever and interact with django using the API. To build the API you can use the Django Rest Framework.
Don't use the Django Admin as a public interface. Use that only for the admins!
If you start to use the Django Admin as interface for your public site, you'll fight with the package to tailor and secure the views to avoid destructive actions. What happen if you forget a readonly field? What if the user deleted something ON_CASCADE?
Building the UI you are totally free and you can customise easily everything without fighting the django admin package (it's awesome package but is not provided for public use)
I have a medium sized Drupal 6 site running (around 5 million page views per month and more than 30K registered users) and I need to integrate OSQA, a Django application, with it. I already have many users, roles and permissions in my Drupal database and I'd like to point the Django app to use the sign up and login pages I already have in Drupal to give my users a single point on entrance.
I want to keep the Django authentication part because I think OSQA would work better. I also have performance reasons in mind, the Drupal site already gets a lot of traffic and has a very busy database and I think that using a separate database for Django would help.
After some research I think I could make the Drupal sign up and login pages call Django in the background to sign up or login to the Django app. I plan to do this writing a couple of views in Django, one for sign up and another for login, and Drupal would post the username and password to those views. Of course I'd need to disable CSRF in Django for those views and probably also post some secret key that only my Drupal and Django applications know about to avoid external sites trying to use this "unprotected" Django views.
I know that my Django application may need some user data from Drupal at some points and I'm planning on using the Drupal services module for that.
Would this be a good approach? Any suggestions?
Thanks a lot!
Are there any plugins for OSQA to expose an authentication service that Drupal can talk to? (OpenID or similar).
Alternatively, check out Drupal's ldap_integration module for an example of a module that uses an external authentication service. Consider that you will need to create Drupal user accounts for each login.
Finally, why not just build the essential parts of OSQA's functionality with Drupal? Seems like the key functionality could be replicated quite easily using Taxonomy, Vote Up and Userpoints/User Badges... potentially easier to do than shared authentication, especially on a large site.
I once created a very simple [sql_authentication][1] module, which you can probably simply re-create for a more recent version of Drupal.
The idea is simple: provide Drupal with an alternative authentication callback.
In that callback-function, just check against the Django database, and return TRUE if you think the user is correct.
You could look at how openid.module (in core) extends the user-authentication for a simple example.
If you can post to the Django form, you may be able to use drupal_http_request to handle the call to Django. After using the ldap_integration module for a while, I worked on a custom authentication module that calls a Java-based REST authentication API using drupal_http_request. If you're interested in the code, let me know.
I'm in a bit of a dilemma at the moment regarding Django's admin backend. The default authentication system allows already logged-in users that have staff privileges to access the admin site, however it just lets them straight in.
This doesn't feel “right” to me, and I'm wondering if it would be difficult to at least require a re-authentication of that same session in order to get into the backend.
Preferably though, it'd be good if the frontend sessions could be separated from the backend ones (though still using the same user objects), this would allow a clean separation of both parts of the site. Would this perhaps require two separate authentication backends? Would something like this be difficult to achieve?
Here's an idea: run the admin app on a different domain to the frontend. The cookies won't be valid in the other domain, so the user will have to log in again. All you'd need would be a separate Apache vhost and a basic settings.py that just has contrib.admin in INSTALLED_APPS.
You could probably implement a middleware that asks for authentication when accessing the admin site from a referer not in the admin site. It could log the person out and make them log back in, but even that wouldn't be necessary. Just require another password entry, and redirect them if it fails. It might involve setting a session variable, is_admin_authenticated or something.