pihentagy wrote:
Hi all!I come to here from a little symfony background (a framework, which try to borrow good things from django), and would like to have an overview how django stacks up. I would like to ask, if the admin module can be used on a production server by registered users.
The admin module can be used by registered users, yes.
The admin interface was designed for admins. As long as you keep the access limited to trusted users, very few problems (security wise)What problems can occur? (I assume every object references a user)
Currently the admin interface doesn't handle row-level permissions. A user can be granted to edit articles, but not restricted to only their own. I *believe* this is a feature that will be added in newforms-admin.- editing/deleting objects not belonging to user
These problems are solved by writing your own views for your models. Its really quite easy to do. We have an in-house ticket system done in django, and I've tinkered with "person x in group y can edit these tickets", "group z can edit tickets that are assigned to a certain category", etc... We simply disabled access to the admin interface for the less-privileged users, yet they can still edit certain objects at the row-level with our custom views.How these problems are solved in django?
It almost sounds like you are asking if the admin interface can just be your whole site. That's a bad idea.
Good Luck! Jeff Anderson
signature.asc
Description: OpenPGP digital signature
