Implementing multiple administration levels in Django - django

I have decided to move a project from PHP to Python and despite hours of searching, I cannot find a way to implement the following design. I have attempted extending the user class and doing customised Admin Sites but not really got anywhere useful.
I have at the root level, myself. I manage 'clients', who themselves manage 'customers'.
The customers control a kind of detailed survey, in which users and invitees take part.
An example of the rough design:
ME (Super User)
Clients
Customers
Survey Collections
Users
Invitees
Surveys
Invitees (invitee is a child of both survey and user)
Questions
Etc
I am unsure of the best implementation style. I like the django admin interface, but I would need clients to only be able to modify THEIR customers, surveysets etc, customers to only manage their own surveysets and so on.
Is there a way to implement this in Django, perhaps by doing customised user types via inheritance and assigning them custom Admin Sites?
I understand it may be easier to just make my own apps to manage the various 'admin' interfaces, in which case is there an easy way to manage separate authentication of these user types and their various admin-style management systems?

The closest I got to this was based on How to have 2 different admin sites in a Django project? and is related to another question I asked: seperate 'admin' interfaces for different user types in django
I ended up creating two seperate instances of django admin and each one had it's own validation which was applied to filters on models and CRUD actions shared between them.

Related

Should I split my Django and DRF project into separate projects?

I am currently at the planning stage of an app that will consist of standard
Django part for supervisors that can perform all CRUD operations on employee users mostly add, delete and view statistics - viewed in browser (no frontend framework just using Djangos server side rendering), two step email authentication on each login, session based auth
DRF part for employees - API connected to mobile app, authentication based on device ID. (no username, or password)
DRF part for clients to contact the supervisors if employees do something wrong - Token or JWT based authentication using passcode delivered by mail.
I am not used to splitting Django projects into multiple sub-projects (or using same database for different projects) but it feels like every part of the project should be a standalone app due to different authentication type and the fact of simultaniousily using DRF with standard Django
Can anyone who had similar problem or has some experience, advise what should I do considering different authentications and overall different user types in this project? What would be pros and cons of going into solo or multiple projects? Thanks in advance!
You're asking for opinions, so don't be surprised if the question gets closed, but I'll answer with facts:
A split over different projects using the same database has the following issue: shared migrations. They all use built-in users, so require some standard apps to be enabled that have migrations and they won't run on the 2nd and 3rd project.
You're going to need a custom user model to support the device id authentication method: You need information that is not on the standard user model to be available at authentication time - the number 1 reason to create a custom user model. Ties into migrations and also a synchronization hell code-wise.
Django's Authentication Backends system allows for different authentication methods to exist at the same time, so there is no need to split anything. If you're worried about security, you can always use different hostnames and the Sites framework to add an extra layer of protection, but they would still use the same code.
DRF started as an addition to Django's view-based approach, not a replacement to make part of a project's code available as an API. While current usage is more "DRF or templates" this is a result of people increasingly becoming binary ("this" or "that") and wanting to be in the cool club, but has nothing to do with technical reasons. They can and always will be able to co-exist as they solve different problems. In fact, DRF's generic views make use of Django's CBV's and the built-in browsable API makes use of templates. Also, the admin is template/view based and it's convenient to develop the app or manage data with the built-in admin.

How to show admin specific information on my Django website?

I'm currently building a Hospital Management system with Django but encountered an issue. In this website, admins will register for their respective hospitals and manage their doctors, patients etc. But, I don't want one hospital's admin to see the informations of ther hospitals' doctors or patients. So how can I make sure that the admin only sees the data of his own hospital and not others'. What changes can I make in my models to do so?
If you are asking about using Django Admin module, I think that you sooner or later will find out that you need to do this outside of Django Admin, which is powerful, but it has it's own limitations. It is a handy tool that is more than adequate for your own admin stuff, but it is not intended (I believe) to be used by many admins for their regular stuff.
That said you will have to decide how to handle separation in your app. It is not easy task and you will need to take extra precaution to separate things between them. One of the solutions is to have separate databases for separate hospitals, other solution is to have all in same database and separate data programatically. It is really up to you to decide.

Disallow linking objects based on a rule

I have two models: Domain and Record. Many records link to a domain. The domains and records have their owners. I want to disallow users to create records in domains that they don't own. However they should be able to edit records if someone else (a superuser e.g.) created them and set owner to that specific user (even if they don't own a domain). This should work both for admin site and for API (rest_framework)
My question is - what is the simplest way to achieve this goal? Is there some django plugin that handles permissions for linking? Can I use model validators here (if so - how to distinguish if a new object is created)?
The problem here is that the Django Rest Framework and Django itself (via admin) are interacting only at the level of the models. In order to achieve your goal I would implement the following design:
Make the models aware of their owners and users. For that I would use django-audit-log.
Overwrite the default model Manager and build your logic in the create method, where I will query the user's attributes and throw appropriate exceptions.
Such a design shifts some of the business logic from the controller to the data model - there are some debates out there about the benefits and pitfalls of such an approach. But with the underlined constraints (Django admin and API) is the only common place where you could put it.
Is this what you are aiming for ?

Is Django's admin panel intended to just be temporary scaffolding?

I've been successfully using Django's admin panel for internal users for a while but I recently hit a brick wall while trying to customize it and I'm curious if I'm spending too much time on it. So, my question is:
Is Django's admin panel intended to just be temporary scaffolding, that is, to be used only during the initial development of the application and to be replaced by custom code similar to Rails' scaffolding?
Obviously by using the admin panel I get a lot of functionality for free and as new features are added I get those for free too. What do other people do?
I wouldn't say the admin is meant to be temporary scaffolding but it might not be the best choice for many cases. I've worked with a very large and well known media company that used the admin as the basis for the entire workflow interface for its producers and editors. Unfortunately, your decision making process about when or when not to use the admin will benefit largely from your overall knowledge about the internals of Django; you'll probably get stuck a few times before you gain the experience to know when not to get stuck. :p
The "customizability" of the admin can be somewhat subjective. I've seen teams bend it to their will but it also requires a pretty good working knowledge of the lower level-details of Models, Forms (and naturally things like ModelForms and FormSets), and templates. I think a lot of the conventional wisdom and best practices hasn't yet surfaced into organized documentation. Be prepared to do a lot of digging around in the source code. The good news is that you'll probably come away with a much deeper understanding of how to take advantage of some of the first-class entities in the framework. The bad news is your boss probably won't be happy that it took you most of a day to change single input on a form.
Recent enhancements have made it easier to place your own views under the admin URL space so you might consider an approach of writing your own views to suit your needs and sprinkling in links in appropriate places within the standard admin pages. I generally advise people who are newer to Django or who are just getting into admin customization to strongly consider just rolling your own administrative views. After all, Django already makes it ridiculously easy to create CRUD style apps and you won't have to feel like you're fighting against a rigid system whenever you want to change presentation or behaviors.
Django Admin is for things where there's no value in doing anything more than the default add/change/delete processing it offers.
Databases are full of lookup and administrative tables. The zip-code to state mapping, for example, that no end-user should see. The log of background batch job executions.
Your app will probably have some tables which are these sort of more-or-less "administrative" -- someone maintains them, but not the large community of users.
Your app will probably have some tables which are for end-users to add/change/delete. You might want to provide extensive customized pages for this activity.
Django grew up in the news business. Writers and editors prepare data (using the admin interface). Customers read the data through customized web pages.
We have administrative staff that use the admin pages. We have customized pages for our customers. We use both.
We provide default admin pages on almost everything to our internal admins. We provide default admin on selected tables to customer-side admins. And we provide carefully crafted application-specific pages for our customers.
I asked a similar question about 6 months ago when I was first starting out in Django.
Is it worth it using the built-in Django admin for a decent sized project?
For that particular application I opted not to use Django admin, and that was a very smart decision in hindsight. Since then, I've generally not used it, but sometimes there are situations when it's great. For me, it really depends on the users. If we are building a custom data-driven app for a client and are working off a feature set provided by them, I would never want to use the Django admin. In those cases, almost certainly they will have changes that could be a real pain to try to get working in the admin. And if it's an evolving project, these changes will become more and more of a hack and you'd probably end up having to start ripping out pieces into non-Django admin parts of the site, at which point there are now two interfaces for doing stuff.
However, if the clients are more of the mindset of accepting the way the app works, then the Django admin would be fine, assuming there's generally a 1:1 correspondence between your tables and the data they're dealing with.
As Brian Luft said, it's really easy to create interfaces for CRUD apps, so if you sense you'll need any customization in the future, it might be easiest just to write your own from the start. You can always keep the django admin around for your own needs as a super-user. That's usually what I do, so I can easily have table-level access to change fields that might not be shown in the normal user admin.
No, I wouldn't compare it to Rails' scaffolding. It's not clear from your question what kind of issues you are running into-- can you provide an example?
There's a lot of customization you can do to the admin by adding custom ModelAdmin classes: hide fields, show additional fields, allow for editing of related-items on the same page or limit/ filter the options that appear in a foreign key field. You can also make things easier for users to find by adding sorting, filters to the front page, search fields. Newer versions of Django also let you create your own custom commands that can be applied to multiple objects at once.
But if the problem isn't with the basic change list and edit form, you can completely customize those by creating model-specific templates and overriding the default admin templates.
No, you can for sure use it for administrating your site, but as Django says; only for trusted users. So if you create a cms, its great. Because (hopefully) the back end users will be trusted users!

Is it worth it using the built-in Django admin for a decent sized project?

I haven't been using Django too long, but I'm about to start a pretty hefty-sized project. I'm always nervous using fairly new frameworks (new to me) on large projects because I've been burned before. However, I'm pretty confident in Django...this will finally be the project that makes me leap from my home-grown PHP framework to a popular Python framework. (yay!)
Anyway, my question is whether or not the built-in Django admin is robust enough to use for a fully-fledged customer-facing interface (the clients will be using it themselves, not me). I see that it's pretty customizable, but I'm wondering if extensible enough to handle various non-standard cases. I don't have any concrete examples yet since I haven't started yet.
Has anyone used the Django admin for some pretty customized interfaces that non-programmer users use? Was it worth it? Would you rather have just created a home-grown admin interface specifically for the site?
Just to clarify, the users would be completely non-techy.
If I understand it correctly, you want to use the django admin for all users, to let them update the site.
If this is true, I think you may be using it in a different way from what was its main purpose, as you can get from the Django book (emphasis is mine):
For a certain class of Web sites, an
admin interface is an essential part
of the infrastructure. This is a
Web-based interface, limited to
trusted site administrators, that
enables the adding, editing and
deletion of site content.
If your users need to update content (like, let's say, adding a new article) then it may be OK.
But if you want to use it for any site interaction, then I think the user experience will not be as good.
I think a very nice example of how the admin can be used, and when it should not be used is in ReviewBoard: there, most of user actions are handled directly by the site, and only the configuration and management are then handled using the admin.
In the end, it is a matter of usability. If you think that it is OK for your application to have a different section to manage addition to the site, then Django's admin site may be a real time saver. In all other cases, maybe it is better to invest some time more.
My company has built a CMS on top of Django that handles numerous tasks (flat pages, blogs, members-only sections, importing and parsing data from external sites like youtube and flickr, mailing lists, albums songs and lyrics for artists, etc.) and so far we're still using the built-in admin. We have several very non-technical clients using it regularly.
You can go pretty far in customizing it with the admin.py files when you really get into it. The only things we've added are tinyMCE and Filebrowser to make those aspects easier for the end users.
I will say that we are working on a gallery module that is going to need a custom admin, though. Otherwise I've been pretty happy and impressed with how flexible and powerful Django's admin can be. And it's as user-friendly as you can think to make it.
It depends. The admin will let you customize quite a bit, with different groups of users having access to different tables, and if you give them access to different admin interfaces, you can even give them different sets of columns available on the tables. However, the admin isn't really set up to let you restrict users' row level access based on their authorization level. Once you've let them into a table, they can make changes to any object available to them.
You can customize widgets however you like by subclassing widget types (though the built-in filter_horizontal and raw_id_admin are indispensable and make this task simple for certain data types!)
So I guess it depends on what you mean by customers. If you mean the people who hired you to write the website (I think I'd call them clients rather than customers), then there's a good chance the admin will suit you just fine. If you mean the end users of a website, I would stick with hand-crafted django forms.
In general I view the Django admin as an interface to performing the tedious tasks of insert delete and editing. So, I'm not afraid of customizing it to a large extent (even if this means subclassing internal Django objects and passing them back to the admin interface at runtime), but be aware it will require you to read Django source (which fortunately isn't very hard to do).
So for me, the discriminator of using it or not is "insert, delete, update" of concepts that map very well to the database tables, not amount of user technical knowledge, amount I trust the users, or project size.