Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am not an expert in Django and learning it by doing. I am making an application and it has two kind of users-
User who offers services
User who uses services
So my query is how to manage these two types of users? One possible approach i am thinking of is make two separate profile models for both these users and have different login pages for these users. And still I want to have upper layer of Django admin which can manage both these users. So my problem is-Is there any particular way to implement this kind of scenario or i can go with my approach? These users will have different privileges like offer-er of service can add his service while simple user can only use that service by logging in himself. So i want to have a secure separation between these users.
I would suggest using django's built in Groups and custom Permissions. Also another interesting tidbit I would consider is implementing two versions of the django admin.
How to have 2 different admin sites in a Django project?
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
Improve this question
First time im building api's for SPA. And now i wonder how to do some of them right.
For example, we all have delivery club app and main page of a restaurant has banners, some info about, categories, products. Product detail pop up has info about product, measure units, modifiers, additivies and some more options.
So i understand how to build api's for admins dashboard but how to do it for clients app?
They should be all seperated and front-end will get them all together or my serializers should be nested? Can someone tell?
For every view you want, you return the appropriate data and of course load your front-end with the data gotten.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I am trying to use the pre-built embed code in COVID-19 tracking US sample to create a customised report, but can't publish on the web. Need some advise/help please.
Since January 2020 Publish to web by default is disabled. You need to get a permission from the admin of your tenant to be able to use it.
In Tenant settings they can change the option Choose how embed code work:
From there, your admin can allow you to generate new embed codes. If you don't have admin rights, you can't do anything else except asking for permission.
See: Heads up: The Publish to web default is changing and it affects who can create public embed codes
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I'm about to release my django app to the world, but I'm worried about the admin tab. What are some best practices for keeping the admin secure?
I saw thiswebsite . It mentioned changing the admin url among other things. Are there any other best practices?
There are a few good methods, try this one from this blog - Limit Admin Access Based on IP - tech.marksblogg.com
Something less sophisticated like a fake Django admin login screen page django-admin-honeypot.
and of course - It is always better for security to deploy your site behind HTTPS. Deploy your site behind HTTPS, it's easy to implement and it's free Certbot, just choose software and system and you're ready to go.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I want to build a Django app that allows users to sign up using their Facebook account (but isn't necessary). However, I don't feel like dealing with the social auth stuff from the get go because I'd rather focus on the meat of my app. So, can I make an app without social authentication and just "plug it in" at the end or is it something I should set up from the beginning?
It is fine to plug it in later. However, one decision you must make at the start and stick to is the user model you're going to use.
Whether users register/login to your site with a social account or not, a local account will need to be created. Social accounts are linked to that local account.
If you are happy for the local account to use the default user model and have users log in to your site with a username and password, then go right ahead.
If you'd like the local account to use an email instead of a username then you've a bit of work to do.
The Django docs explain your options and provide a working example at the bottom .
Assuming you're going to use django-allauth, this tutorial will get you started and this demo will give you most of the templates you need.
The demo gives an example of customizing the user model to use email instead of a username but it is not quite complete.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am writing a web service in JAVA which will expose a product's API.
What i cannot figure out for my Low level design is, how to authenticate and authorize within my web service.
For example :- Who can or cannot invoke methods on my web service.
I want to build something like, one user can add an account however shouldn't be allowed to add user while some other user can do vice versa.
Can anyone give me a direction for best practices, i can figure out the details.
Here is a leightweight howto:
You could implement a usertable and provide a login mechanism. Every time a user logs in you could store the userid in a session. If an arbitrary request is received you check whether a session exists. If not you force the user to login otherwise you read the userid from the session. Then you can determine which functions the user is allowed to access.
Also this link about similar question on stackoverflow might help:
Servlet user authentication