How to handle per object permission in Django nowadays? - django

I was about to use django-guardian until I came across the following in the official documentation:
https://docs.djangoproject.com/en/stable/topics/auth/customizing/#handling-authorization-in-custom-backends
Permissions can be set not only per type of object, but also per specific object instance. By using the has_add_permission(), has_change_permission() and has_delete_permission() methods provided by the ModelAdmin class, it is possible to customize permissions for different object instances of the same type.
Does that mean django-guardian is no longer needed with newer versions of Django?
Please clarify.

Indeed, while reading the docs, I got excited that Django would cater for "per object permissions checking" out of the box, especially in the admin, and that it would be a matter of time to understand how I could activate it.
However, this does not seem to always be the case.
Django undoubtedly strives to provide the grounds (API) for such an implementation, but this implementation sometimes needs good coding skills and Django understanding.
It is the developer who will get these tools together by creating the app that suits its needs. This could be either easy or ... not so easy!
This contradicting information forms the base for my web crawling which focuses on finding a solution to the "per-object permissions" issue, somehow ... effectively for my project's needs or scale and of course my own coding skills and Django understanding up to now.
Django-guardian seems to be the most robust, full-fledged, full-blown application for this purpose, and it also has a 3 years old open issue regarding its admin integration.
There are also other more lightweight django applications that address specific needs which are production-stable, as well.
While trying to make ends meet in this somehow tricky quest, I am leaning towards using django-rules for its simple and focused on my needs functioning.

Related

What are the differences between django-tastypie and djangorestframework? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
Why would you use one over the other, for exposing an API for your Django app?
http://pypi.python.org/pypi/djangorestframework/
http://pypi.python.org/pypi/django-tastypie
As the author of django-rest-framework, I've got an obvious bias ;) but my hopefully-fairly-objective opinion on this is something like:
TastyPie
As Torsten noted, you're not going to go far wrong with something written by the same peeps as the awesome django-haystack. From what I've seen on their mailing list Daniel Lindsey et al are super-helpful, and Tastypie is stable, comprehensive and well documented
Excels in giving you a sensible set of default behaviour and making building an API with that style incredibly easy.
Django REST framework
Gives you HTML browse-able self-describing APIs. (EG, see the tutorial API.) Being able to navigate and interact with the API directly in the browser is a big usability win.
Tries to stay close to Django idioms throughout - built on top of Django's class based views, etc... (Whereas TastyPie came along before Django's CBVs existed, so uses it's own class-based views implementation)
I'd like to think that the underlying architecture is pretty nicely built, decoupled etc...
In any case, both are good. I would probably characterise Tastypie as giving you a sensible set of defaults out of the box, and REST framework as being very nicely decoupled and flexible. If you're planning on investing a lot of time in the API, I'd def recommend browsing through the docs & codebase of each and trying to get a feel for which suits you more.
Obviously, there's also the 'Why TastyPie?' section in it's README, and the 'REST framework 3'.
See also Daniel Greenfeld's blog post on Choosing an API framework for Django, from May 2012 (Worth noting that this was still a few months before the big REST framework 2.0 release).
Also a couple of threads on Reddit with folks asking this same question, from Dec 2013 and July 2013.
Both are good choices.
For filters, tastypie is more powerful out-of-the-box. If you have a view that exposes a model, you can do Django-style inequality filters:
http://www.example.com/api/person?age__gt=30
or OR queries:
http://www.example.com/api/mymodel?language__in=en&language__in=fr
these are possible with djangorestframework, but you have to write custom filters for each model.
For tracebacks, I've been more impressed with django-rest-framework. Tastypie tries to email settings.ADMINS on exceptions when DEBUG = False. When DEBUG = True, the default error message is serialised JSON, which is harder to read.
EDIT Outdated answer, tastypie is not really maintained anymore. Use Django REST framework if you have to choose a framework to do REST.
For an overview about the actual differences between both of them you should read their documentation. They are both more or less complete and quite mature.
I personally tend to tastypie though. It seems to be easier to set it up. It's done from the same people which created django-haystack which is awesome and according to django-packages it is used more than Django REST framework.
It's worth noting that since this was first asked DRF has gone from strength to strength.
It's the more active of the two on github (both in terms of commits, stars, forks and contributors)
DRF has OAuth 2 support and the browsable API.
Honestly for me that last feature is the killer. Being able to point all my front-end devs at the browsable API when they aren't sure how something works and say 'Go play; find out' is fantastic.
Not least because it means they get to understand it on their own terms and know that the API really, definitely, absolutely does what the 'documentation' says it does. In the world of integrating with APIs, that fact alone makes DRF the framework to beat.
Well, Tastypie and DRF both are excellent choices. You simply can’t go wrong with either of them. (I haven’t worked on Piston ever; and its kind of not trending anymore now a days so won’t / can’t comment on it. Taken for Granted.).
In my humble opinion: Choice should be made on yours (and your tech team’s) skills, knowledge and capabilities. Rather than on what TastyPie and DRF offers, unless off-course you are building something really big like Quora, Facebook or Google.
Personally, I ended up starting working first on TastyPie at a time when I didn’t even know django properly. It all made sense at that time, only knowing REST and HTTP very well but with almost no or little knowledge about django. Because my only intention was to build RESTful APIs in no time which were to be consumed in mobile devices. So if you are just like ‘I happen to be at that time called django-new-bie’, Don’t think more go for TastyPie.
But if you have many years of experience working with Django, knows it inside out and very comfortable using advanced concepts (like Class Based Views, Forms, Model Validator, QuerySet, Manager and Model Instances and how all they interact with one another), **go for DRF. **DFR is bases on django’s class based views.
DRF is idiomatic django. Its like you are writing model forms, validators etc. (Well, idiomatic django is no where near to idiomatic python. If you are python expert but have no experience with Django then you might be having hard time initially fit into idiomatic django philosophy and for that matter DRF as well).
DRF comes with lots of inbuilt magic methods just like django. If you love the django magical methods and philosophy **DRF **is just for you.
Now, just to answer the exact question:
Tastypie:
Advantages:
Easy to get started with and provide basic functionalities OOB (out of the box)
Most of the time you won’t be dealing with Advanced Django concepts like CBVs, Forms etc
More readable code and less of magic!
If your models are NON-ORM, go for it.
Disadvantages:
Doesn’t strictly follow idiomatic Django (mind well python and django’s philosophies are quite different)
Probably bit tough to customize APIs once you go big
No O-Auth
DRF:
Follow idiomatic django. (If you know django inside out, and very comfortable with CBV, Forms etc without any doubt go for it)
Provides out of the box REST functionality using ModelViewSets. At the same time, provides greater control for customization using CustomSerializer, APIView, GenericViews etc.
Better authentication. Easier to write custom permission classes. Work very well and importantly very easy to make it work with 3rd party libraries and OAuth. DJANGO-REST-AUTH is worth mentioning LIBRARY for Auth/SocialAuthentication/Registration. (https://github.com/Tivix/django-rest-auth)
Disadvantages:
If you don’t know Django very well, don’t go for this.
Magic! Some time very hard to understand magic. Because its been written on top of django’s CBV which are in turn quite complex in nature. (https://code.djangoproject.com/ticket/6735)
Has steep learning curve.
Personally what would I use in my next project?
Now, I am no more a fan of MAGIC and Out-of-box functionalities. Because all they come at a *great cost. * Assuming I have all choices and control over project time and budget, I would start with something light weight like RESTLess (https://github.com/toastdriven/restless) (created by the creator of TastyPie and django-haystack (http://haystacksearch.org/)). And for the same matter probably/definately choose the lightweight web framework like Flask.
But why? - More readable, simple and manageable idiomatic python (aka pythonic) code. Though more code but eventually provide great flexibility and customization.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren't special enough to break the rules.
What if you have only no choice but Django and one of TastyPie and DRF?
Now, knowing the Django reasonably well, I will go with **DRF. **
Why? - idiomatic djagno! (I don’t love it though). Better OAuth and 3rd party integration (django-rest-auth is my favorite).
Then why you chose the DRF/TastyPie at first place?
Mostly I have worked with startups and small firms, which are tight on budget and time; and need to deliver something quick and usable. Django serve this purpose very well. (I am not at all saying that django is not scalable. There are websites like Quora, Disquss, Youtube etc run on it. But all it require time and more then average skills)
I hope, it will help you to take better decision.
Other references -
1. The State of Tastypie (http://toastdriven.com/blog/2014/may/23/state-tastypie/)
2. What are the differences between django-tastypie and djangorestframework? (What are the differences between django-tastypie and djangorestframework?)
Having used both, one thing that I liked (preferred) about Django Rest Framwork is that is is very consistent with Django.
Writing model serializers is very similar to writing model forms. The built in Generic Views are very similar to Django's generic views for HTML.
Django-tastypie is no longer maintained by it's original creator and he created a new light weight framework of his own.
At present you should use django-rest-framework with django if you are willing to expose your API.
Large corporations are using it. django-rest-framework is a core member of django team and he get funding to maintain django-rest-framework.
django-rest-framework also have huge number of ever growing 3rd arty packages too which will help you build your API's more easily with less hassles.
Some part of drf will also be merged in django proper.
drf provide more better patterns and tools then django-tastypie.
In short it's well designed, well maintained, funded, provide huge 3rd party apps, trusted by large organisations, easier and less boilerplate etc over tastypie.

CMS+blog+e-commerce: django or web2py [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
At the moment we are running few smaller PHP sites (small company, private, non-profit org, friends...) and would like to migrate them to Python in order to be able to tweak them more easily and/or extend their functionality due to being familiar with Python although without real experience using some of the Python frameworks.
In order not to write everything from the scratch, we'd need decent CMS, blog and some e-commerce module.
We did some research, installed and tried few apps in Django world and so far have arrived to the two possibilities:
Django-CMS as CMS, Zinnia as blog engine and Django shop as e-commerce or
Mezzanine which integrates CMS+blog and Cartridge as shopping cart application.
Both combinations are nice, although not perfect...At the moment there is problem integrating released versions of django-cms & zinnia due to their usage of non-compatible versions of django-mptt or e.g. Mezzanine is missing some features like linkback support in blog etc.
While playing with the above two sets of apps, we heard about Web2py and must say that we like lot of things there...
We are aware it's younger project with smaller community, less apps etc., but wonder if there is some set of web2py applications which can compare with the two above-mentioned Django sets so that we can choose to start with Web2py, learn it and in that process replace PHP sites with it?
So, we would like to have some capable CMS+blog with the following features:
tag cloud, categories
spam protection
RSS feeds
multiple authors
threaded comments (optional)
linkback (pingback/trackback) support
(easily) theme-able
markdown/reST markup for writing content/posting
multi-lingual support
As far as e-commerce is concerned, besides easy integration with CMS+blog apps we do not need anything spectacular - our 'company' is selling 'services', so no need for thousands of products (only 10s of them), no complicated shipping options so something like:
multi-lingual support
basic infrastructure for payment methods (e.g.) PayPal and we would need to write a custom module for form-based API
simple shopping cart able to handle simple product descriptions
tax calculations and
(optional) PDF support
would be everything what we would need.
Considering the features we would like to have, our (non)experience working with any framework, which one - Django or Web2py - you consider is more suitable in terms of ease of learning, ease of use, application support etc. ?
I've sent two posts to web2py list and (maybe) because my query was not specific-enough (or some other reason) I did not receive any reply there and I saw there are some apps like KPAX CMS which looks old/non-maintained. Otoh, there is Powerpack which incorporates Instant Press but I'm not sure about availability of e-commerce component. Finally, I've found out about plugin_wiki which seems to be new/young app, but, considering we found* out about possibilities in Django-world, we would like to learn about the situation on the Web2py scene in order to be able to evaluate both options better.
p.s. it would be nice if Appliances list would be organized a bit better so that it's easy to find out what is maintained, where is project page etc.
I've had a lot of success with Django-CMS. It's very, very easy to write custom content-type plugins, extend menu nodes with custom nav elements, such as a list of product categories, etc. It's dead-simple to hook custom application code to any page in the navigation hierarchy.
As you mentioned in your question, Zinnia also plugs into Django-CMS for a nice blogging solution that is also extensible. Adding a cart app, whether it's from the DIVIO team or not should be an easy task.
Django, DjangoCMS and Python in general, have very low learning curves in my opinion. In 14 years of development, Django is the only web framework that hasn't gotten in my way, and Python is an absolute pleasure to work with on a daily basis.
I think you'll find that the Django ecosystem is much more holistic than any of the other Python frameworks, it's also very, very well documented and there are literally hundreds of 3rd party apps. Plus, Django admin can potentially save you many weeks of dev time, and you can override, skin and extend it to do just about anything.
My $0.02 :)
-- EDIT --+
Yeah, right after I posted I realized I was heavy on comparison of frameworks but light on suggested solutions to your problem (i.e. existing appliances). I think that Django probably has more matured addins/apps. That being said, crafting your own blog in web2py (a simple blog) is probably only a little harder than configuring one for another framework.
There is the wordpressclone appliance: http://web2py.com/appliances/default/show/36
(you can extract existing wordpress data and get it in here, i'm pretty sure there's a WP export and an import function on this appliance)
There is an e-store (haven't used it): http://web2py.com/appliances/default/show/24
There is KPax CMS, as you said, but i think this one might be out of date, unless it was updated recently. The integration between these should be possible, you can share sessions across apps and I think if you have the same auth_user db, it should work.
I would try installing these and see if they are close to meeting your needs -- especially KPax since I'm not sure the state it's in.
-- END EDIT --
Both Django and Web2py are very good frameworks in my opinion. I think you would be happy with either. That being said, having not used frameworks I would say to with web2py, unless you NEED certain modules that only exist in the django world. Web2py probably has a little more gradual learning curve. Also, it can do RSS out of the box, there's a screencast somewhere showing how to create a blog app in about 5 minutes (including comments), and the community is (usually) very responsive. I don't think there is anything that web2py can do that django can't (except DB migrations -- but i think you can make django do them with some 3rd party code), or vice versa.
Django favors a "explicit is better than implicit" development methodology, which requires to you import various modules and doesn't have all the "magic" of web2py. Using django, you will be more aware of exactly what is going on under the hood. The django templating language is easy to learn and provides a lot of functionality for common markup tasks. Their is a LOT of documentation, a larger user-base and tons of 3rd party modules/plugins/whatever.
Web2py favors a "everything should have a default" approach, and enables to to focus on the big picture without getting bogged down by the minutia of web development. I'm not saying this is in contrast to django, but rather that web2py is very strong on this point. It allows you to rapidly develop applications, and takes the headache out of things like updating a table schema (i.e. it does database migrations). I also prefer web2py's templating language to django's, as it allows pure python and does not require one to learn a separate templating language at all.
I think both frameworks have decent internationalization/localization features. I'm not sure if Django's is still under development or not? Web2py's is easy to use, but I think you might have to provide a lot of the translations yourself.
As for the lack of replies on the web2py list, maybe it's because this topic is becoming more and more frequent? I'm not sure. You could ask people on the web2py freenode channel.
Also, definitely check out this link:
Django vs web2py for a beginner developer
The first response is from the lead developer of web2py, but I think he makes a fairly balanced comparison.
Also, the previous thread includes a link to here (the good and bad of web2py):
http://www.mengu.net/post/django-vs-web2py
web2py is a great framework, but currently light on reusable CMS, blog, and particularly e-commerce applications. It sounds like you have already stumbled upon the main options -- plugin_wiki, Powerpack, and Instant Press.
I don't think there is a mature and currently maintained e-commerce application, but you may be able to make use of web2py-estore. There are also some options for accepting credit card payments (see also).
plugin_wiki includes comment functionality, and there is also plugin_comments. For PDFs, pyfpdf comes with web2py, and there is also web2py_appreport. web2py also includes RSS support.
EDIT: Also, another web2py CMS under development, to be released soon: SimplrCMS

what framework should one use django middleware with orbit?

The Django orbit integration methods I've seen in quick google searches don't seem to carry Django abstractions, like "request.user" with them. "request.user" is particularly important, since I am not going to (potentially incorrectly) re-implement session handling (this sounds like it could cause bad security bugs).
Alternatively, should I use a different server? I'd prefer to use stable, mature, popular software, that will be maintained and improved. Orbit and Django seem to be qualified.
If you're looking to "integrate Django and Orbited", you might have a look here: http://github.com/clemesha/hotdot which is a very complete (but not yet polished) example of what I think you are looking for.
In particular, the example includes Authentication using Django models from the Orbited process (more specifically, Twisted Cred + Django models), as well as filtering and modifying of in-transit Orbited messages. In the example you'll find that you basically get the "request.user" object because the "request.user" object can be accessed by the cookie that Django sets + database calls using django.contrib.sessions.models.Session model object.

Looking for a resource which provides django templates [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I'm pretty handy with django and python but I'm terrible at the "visual" aspect of the web-design. Even after quite a bit of google-ing I haven't been able to find any sort of resource that has download-able templates complete with css, images, etc. that could be used to set up a basic website easily.
I'm looking for examples beyond the 5-line examples that you find in most tutorials ... I'm looking for something with the general nav-bar across the top, various content-blocks to over-ride through subclassing, footers, etc.
I've worked with others on django projects but always on the "coding side". I want to do my own project. I've set up all of the views, models, "business logic", I just cant get off the ground with the design section.
Any help would be appreciated.
Edit: Just to be a little more clear. I'm looking for designs (open licensed) ... akin to Wordpress themes. If you have a resource of just themes I can probably mung them into a django template but if you know of something that already provides them as templates I'd prefer that.
I've had some luck in the past with sites like OpenDesigns and FreeCSSTemplates -- they offer (mostly) CC-licensed HTML templates; you'll have to add the Django template stuff yourself. As James pointed out though, most of them will get you up and running, but you almost always want to take things a step further.
My advice: build up a small library of re-usable templates (using stuff from the above sites), get real comfortable editing HTML and CSS (because you will edit HTML and CSS), then find some kickass designers (preferably local) and get real friendly with them. Perhaps you can trade favors; you do some coding work for them, for free, and in return they do some design work for you. I've found that even if you have to pay, a good designer is well worth the money (seriously, who wants to spend their time testing sites in IE6?).
Good luck with your search though -- I, for one, would love to see your findings.
It seems like this is an area that is completely lacking. I've been looking for a django project, perhaps a meta-django project is a good way to go ;).
Maybe if designers could upload a set of templates against a simple and well defined set of models. They could upload a "main.html", "object_list.html", "object_detail.html", a css file and a few images. This would be something akin to the CSS Zen Garden project.
I've setup a github repository here: http://github.com/JudoWill/DjangoTemplateRepository. Feel free to log into the project and modify the wiki with requests.
The idea being to give newbies a starting point and a few examples for making their django website.
I suspect this has got nothing to do with django templates, your question sounds more of a design and markup. There are couple of css framework like Blueprint, 960, YAML.
I don't think you're going to be able to find what you're looking for unfortunately - I have the same problem.
Wordpress templates can assume a fairly well-known data model - every Wordpress installation uses the same predictable table names, every (say) blog page has a well-defined set of data that will be passed to the template - and even the plugins have only a limited number of plugin points to add extra data.
By contrast, your Django app could contain anything. I could provide you a pretty template, but unless the data I use in the template exactly matches your data model, it's not going to be useful. I could make the template very very generic - eg, just have it display the variable called 'form' if it's present, iterate over 'messages' if any are present at the top of the page, display a 'footer' at the bottom etc - but it will take you about 20 seconds before you want to customise the display of that form, and then you're back editing your own templates.
I think that the closest thing you're going to find are UI libraries like jQuery or YUI which can handle a lot of the work of making your UI look snazzy.
I'd like to be proven wrong though, it would save me going through the same trial as you're going through now.
Update: On re-reading this, it occurred to me that you're looking for a CMS, which Django is not. Two seconds of work with Google revealed django CMS. I haven't tried it, but maybe that's closer to what you're looking for? The django wiki has a comparison table of various django-based CMS solutions

Need help choosing a framework for bilingual site

First, some background information... I'm coming up on a medium-scale website for a non-profit that will require both English and Korean translations. Feature-set includes: CMS for normal content, a blog, some form submission/handling (including CSV/PDF exports), a job posting board, a directory of related businesses and non-profits (that accepts visitor submissions), and a basic (probably blog-driven) newsroom.
I have a fairly strong development background, and I've done some sites using Drupal, built some basic custom CMSes using frameworks like CodeIgniter, and I've recently started getting into Django. These are the primary options that I am exploring, and I would consider using different tools for different portions of the project, but what I'm mainly interested in, is if anyone has any experience to share with regards to localization/internationalization. I haven't yet put together a site that supports multiple languages, so before I get in trouble by underestimating the task, or making poor assumptions, I'd like to get some input to help guide my decision-making process.
Do you have any recommendations for frameworks (Drupal, Django, CodeIgniter) that handle localization/internationalization/translation well for a CMS? I know they all support it, but I'm looking for real-world experience here (or suggestions for modules/plugins given explanations).
Sorry for the longwinded question, but I wanted to be clear as possible. Thanks in advance!
There is a distinction between "site" translation and content translation. Django handles the site translation great, out of the box. The content translation, however, requires making some decisions (there's no one right way at this point). This probably makes sense, because of the very nature of Django as a lower level framework (when compared to something like Drupal, which is intended to serve as a complete CMS).
There are applications for Django which are meant to add this functionality (in the form of translations configured at the model level):
Django-multilingual
Transmeta
Also, I found this question that is related.
The bottom line though, is that this is still being explored in the Django world, and neither approach has been decided upon for the framework. Also, although I haven't used it, Drupal has module support for this in the form of the i18n module.
I will update with more conclusions as I come to them. If you have anything to add about content translation in Django or in Drupal, feel free to add your own answer as well.
You probably already know that the native i18n support in django is quite good. As for translation, you might try the django-rosetta app which allows you to grant translation rights to a subset of users, who are then able to translate through an admin-like interface.
Zend_Translate is pretty comprehensive. And if you decide to use PHP, I suggest you take a look at it. It provides multiple interfaces (e.g. an Array, CSV, Gettext, etc.) to manage your translations, which makes it IMHO unmatched when it comes to PHP.
I'm not sure how well it plays with Drupal, since Drupal is hardly a framework but more a CMS -- or maybe a CMS framework. I'm pretty sure that Drupal either has a thing build in or that there is a plugin for it.
With CodeIgniter you would start from scratch and Zend_Translate plays well with it.
I liked Drupal over Joomla. You should also look into DotNetNuke, out of the box it has lot of things that will meet your needs.
Checkout django-blocks. Has multi-language Menu, Flatpages and even has a simple Shopping Cart!!