I've disabled authentication for Django admin panel as described here.
I would like to go further and completely skip django.contrib.auth migrations like users or groups tables.
I've tried to remove django.contrib.auth from INSTALLED_APP and then I got error like below:
RuntimeError: Model class django.contrib.auth.models.Permission doesn't declare an explicit app_label and isn't in an application in INSTALLED_APPS.
Is there any way to use Django admin panel without migrating django.contrib.auth migrations?
Short answer : No
Long answer : From a security standpoint there is absolutely no reason to ever do that, you will make your database open to everyone, with personal information.
Fortunately Django is smart enough to not let anyone do that and the requirements for the administration requires the auth middleware and the django.contrib.auth dependencies.
Again, you should not do that, you could tweak the Django framework and that could work, but you will need to write a lot of boilerplate and most package won't work.
If you want to update your authentication backend Django make it pretty easy to do so : https://docs.djangoproject.com/en/4.1/topics/auth/customizing/
But be aware that would still need at least one auth backend for the admin to work.
django admin (django.contrib.admin) is tightly coupled with django.contrib.auth.
I didn't find a way to use use admin panel without auth app.
Nevertheless,
I've found a solution, which met my expectations.
I've set has_permission attribute of admin.site to True, as described here.
Next, I've unregistered Group and User models from admin panel as described here.
It's not clean solution, since django.contrib.auth migrations are still run, but normal user will not notice.
Related
I am a total noob with Django, I come from the PHP world and I am used to doing things differently.
I'm building an app and I want to change the way the backend looks, I want to use Bootstrap 4 and add a lot of custom stuff e.g. permission based admin views, and I was wondering what is the best practice, or how do more experienced django devs go about it?
Do they override all the django.contrib.admin templates, or do they build custom templates and login/register next to it, and use the django.contrib.admin only for the superuser?
What is the django way?
Django admin is intended for administration purposes. For all intents and purposes it is a direct interface to your database. While I have seen some people building customer facing interfaces using admin, this is most definitely not the way to make a general Django web application.
You should define views for your models. You can use built-in APIs to login and authenticate users. You should most likely restrict access to admin to internal users only.
As for templates, the modern way of doing things is to dynamically fetch data using an API and do all the UI logic in Javascript. Django can be used very well to provide an API to a frontend. Look into Django REST Framework. The basic idea is to write serializers for your models and have view functions serve the serialized data to the front end.
You could go the old school way and render your pages using templates of course. In that case your views would render templates using data provided by your models.
Yes. The admin pages is actually for administering the webpage. For user login and registration you create the templates. However, if you want your backend to look different then you can tweak the template for the admin page, admin login page as well. And you can also have permission based admin views. It's okay to over ride the defaults as long as you know what you're doing. Hope that helped.
I am in process to setting up a new django project and I want to use the provided apps django-registration and django-profile. I installed both of them with easy-install and managed to get the django-registration working fine. My next step would be to connect the django-profile app to the working branch. The django-registration offers a service, that redirects to a URL, which is defined in the settings.py-variable LOGIN_REDIRECT_URL. My guess was, that I can simply paste a url of the django-profile app to connect both. (e.g. '/profiles/').
My settings.py-variable AUTH_PROFILE_MODULE is set on 'registration.User', (trying to use the django-registration model!).
But I get a
SiteProfileNotAvailable at /profiles/
No exception supplied
error.
I tried to follow these steps:
https://bitbucket.org/ubernostrum/django-registration/src/tip/docs/index.rst
https://bitbucket.org/ubernostrum/django-profiles/src/tip/docs/overview.txt
But i am not sure, if I done everything properly, namely this paragraph from overview.txt
For default use, create a profile model for your site and specify the
AUTH_PROFILE_MODULE setting appropriately. Then add profiles
to your INSTALLED_APPS setting, create the appropriate templates
and set up the URLs. For convenience in linking to profiles, your
profile model should define a get_absolute_url() method which
routes to the view profiles.views.profile_detail, passing the
username.
So my questions are:
Is that a well known error?
Is it the right way to set 'registration.User' as AUTH_PROFILE_MODULE?
What is ment by "should define a get_absolute_url() method which
routes to the view profiles.views.profile_detail, passing the
username." in the overview.txt?
django-registration is hard to use thanks to the type of documentation and lack of templates. Many Django developers now use django-social-auth instead:
https://github.com/omab/django-social-auth
http://django-social-auth.readthedocs.org/en/latest/index.html
You can see how Kenneth Love integrated it into the Django Packages code base here:
https://github.com/opencomparison/opencomparison/blob/master/apps/profiles/views.py#L83
https://github.com/opencomparison/opencomparison/blob/master/settings.py#L277
Have anyone used these 2 django apps together? I want to know how well these 2 gel together along with Django's User Authentication system.
When I mean Django's User Authentication System, I mean I should be able to use decorators like #login_required or grant permission to specific views (or functions in views.py) based on who the user is.
There shouldn`t be any problems there. Django-Socialauth adda new auth backends, and it should works fine with permissions and decorators. And Django resistration just register a user on site, so unless you remove standard auth backend, it will work fine too.
I am new to django and have gotten a bit stuck on trying to make the admin site work as I'd like it to. I am wondering if for making the admin functionality I want it is better to make a custom admin app with a template inheriting from admin/base_site.html, using the frontend login with a redirect when is_staff is true.
The initial details that make me think this:
I have a chain of foreignkeys and would like to display nested inlines on the parent admin page. I have tried using easymode, but it's got its own issues and requirements that may cause headaches later i can do without.
I would like to add a function allowing the admin to add an instance of a model, which triggers the creation of instances its related models and redirects etc. This requires adding some callables at least, which I havent figured out yet how to really do with any success in the admin model, and at the moment seems easier to just quickly do this in the views.py of my own app rather than trying to toy with the admin views.
In general, creating a custom admin app (using a is_staff=true redirect on the FrontEnd login) seems more flexible in the long run, and will result in a more designed and intuitive admin interface for the client - so I suppose my question is, what are the semi-pros doing? (if you know how to hack the admin views and templates to your heart's content you are not a semi-pro :) )
Thanks for any advice you can offer, Im still getting my feet wet and this kind of advice could save me alot of time and headache.
Slow down. Relax. Follow the Django philosophy.
You have an "app". It presents data. Focus on presentation.
You have a default, built-in admin for your "app". It updates data and it's already there.
If the admin app doesn't meet your needs update Forms and update Models to get close. But don't strain yourself messing with admin. Get as close as you can. But relax about it.
[Also, "more intuitive admin" is sometimes not an accurate description of what you're trying to do. It could be, but I've seen some "more intuitive" that actually wasn't.]
a more designed and intuitive admin interface for the client.
Is this part of the app? Does the app do more than simply present data?
If the app is transactional -- add, change, delete -- crud rules -- that kind of thing, then that's your app. If you want a fancy UI, that's not admin any more. There's no redirect. That's your app.
It's just coding. Stop messing with admin and start writing your app.
Hint: Use generic views as much as possible.
Other than that, you're talking about your app, not hacking the admin stuff that already works.
if you know how to hack the admin views and templates to your heart's content you are not a semi-pro
Wrong. All the source is there. You can read it, also. That's what the pros do. We read the source. And we don't hack the admin app.
If you have complex transactions, you have a first-class, for-real, actual application. Not default admin, but a part of your app that has forms.
If you have forms, then, well, you have forms. This does not require hacking the admin app, it's just coding more of your app.
Go through the links mentioned in this post as well. This may be helpful for you.
Is Django admin difficult to customize?
I am working with a django project, I haven't started. The developed working on the project left. During the knowledge transfer, it was told to me that all the events are logged to the database. I don't find the database interface useful to search for logs and sometimes they don't even log(I might be wrong). I want to know, if there is an easy tutorial that explains how to enable logging in Django with minimal configuration changes.
Thank you
Bala
If you are talking about the Django admin log (the one that shows on the right side of the main page of the admin interface), you could just enable an admin model for the log itself.
Open the admin.py for one of your django apps and add this:
from django.contrib.admin.models import LogEntry
class LogEntryAdmin(admin.ModelAdmin):
list_display = ('content_type', 'user', 'action_time')
admin.site.register(LogEntry, LogEntryAdmin)
It will give you a barebones interface for looking at the log.
Remember that log is only logging whatever happens through the admin interface itself.