I'm building a Django-based review website where public users create all of the content on the site. Users create reviews for given items and they also create the items themselves that will be reviewed (providing a description and brief summary of the item, along with a few tags).
我正在构建一个基于Django的评论网站,公共用户在该网站上创建网站上的所有内容。用户为给定项目创建评论,他们还创建将被审查的项目(提供项目的描述和简要摘要,以及一些标签)。
My question is this: Should I be using Django's admin features for this website (as in, exposing admin controls to the public users)? Or should I just stick with normal forms? I'm not too familiar with the admin-aspect of Django, and so far I've just been using forms for the website, but I've seen a lot of people talking about Django's admin features, and I'm starting to wonder if I should be using them.
我的问题是:我应该在这个网站上使用Django的管理功能(如,向公众用户公开管理控制)?或者我应该坚持正常形式?我不太熟悉Django的管理方面,到目前为止我一直在使用网站的表单,但我看到很多人都在谈论Django的管理功能,我开始怀疑如果我应该使用它们
Thanks for any feedback!
感谢您的任何反馈!
3 个解决方案
#1
8
Maybe. If the admin functionality covers most of what you want to offer, there's no reason why you shouldn't use it as a starting point.
也许。如果管理功能涵盖了您想要提供的大部分功能,那么就没有理由不将它作为起点。
django.contrib.admin is an application like any other, and provides basically a CRUD interface to your models. Access can be controlled via groups/permissions, just like you would for an application you write yourself. You can give full access to a model with a one-liner, but obviously will have to configure properly when opening up to others.
django.contrib.admin是一个与其他应用程序一样的应用程序,它基本上为您的模型提供了一个CRUD接口。可以通过组/权限来控制访问,就像您自己编写的应用程序一样。您可以完全访问具有单行的模型,但显然必须在打开其他人时正确配置。
See also my question Django AdminSite/ModelAdmin for end users? and similar questions Exposing django admin to users. Harmful? and How to make Django admin site accessed by non-staff user?
另请参阅我的问题Django AdminSite / ModelAdmin给最终用户?和类似的问题向用户公开django管理员。有害?以及如何使非人员用户访问Django管理站点?
Regarding arguments about the "intended use" of the admin, please note Django's security update at the end of last year: http://www.djangoproject.com/weblog/2010/dec/22/security/ regarding querystring parameters in object lists. Such an update (quote: "an attacker with access to the admin [...]") is a clear indication that the admin's implementation of the permission system is being constantly scrutinized.
关于管理员“预期用途”的争论,请注意Django去年年底的安全更新:http://www.djangoproject.com/weblog/2010/dec/22/security/关于对象列表中的查询字符串参数。这样的更新(引用:“有权访问管理员的攻击者”)清楚地表明管理员对权限系统的实现正在不断进行审查。
#2
3
I wouldn't expose the admin interface to regular users. You can use the authentication and user-management side (for your purposes), but it's usually best practice to give users a separate way to manage their objects. You also don't run as much of a risk of granting the wrong privileges to users (or allowing them to grant their own).
我不会将管理界面暴露给普通用户。您可以使用身份验证和用户管理方面(出于您的目的),但通常最佳做法是为用户提供单独的方法来管理其对象。您也不会冒很大的风险,即向用户授予错误的权限(或允许他们授予自己的权限)。
Have a read though the docs (https://docs.djangoproject.com/en/dev/ref/contrib/admin/) if you want a better overview about what it can do.
如果您想要更好地了解它可以做什么,请阅读文档(https://docs.djangoproject.com/en/dev/ref/contrib/admin/)。
#3
3
No. The django admin is not intended for any end-user.
不可以.django管理员不适合任何最终用户。
The django admin feature is intended to assist the website developer, and that is all. Even usage by site administrators is contra-indicated, although in practice most small sites get away with it since they're only talking a few people who can call on the developer personally if they get into trouble.
django管理员功能旨在帮助网站开发人员,就是这样。甚至网站管理员的使用也是禁忌的,尽管在实践中大多数小型网站都会使用它,因为他们只会谈论一些可以在遇到麻烦时亲自打电话给开发人员的人。
For your purposes, the review items and the workflow in creating the items is a critical part of your application feature set. The admin will give you ideas, but it would be a mistake to attempt to build your application upon it.
出于您的目的,审核项目和创建项目的工作流程是应用程序功能集的关键部分。管理员会给你一些想法,但尝试在其上构建应用程序是错误的。
#1
8
Maybe. If the admin functionality covers most of what you want to offer, there's no reason why you shouldn't use it as a starting point.
也许。如果管理功能涵盖了您想要提供的大部分功能,那么就没有理由不将它作为起点。
django.contrib.admin is an application like any other, and provides basically a CRUD interface to your models. Access can be controlled via groups/permissions, just like you would for an application you write yourself. You can give full access to a model with a one-liner, but obviously will have to configure properly when opening up to others.
django.contrib.admin是一个与其他应用程序一样的应用程序,它基本上为您的模型提供了一个CRUD接口。可以通过组/权限来控制访问,就像您自己编写的应用程序一样。您可以完全访问具有单行的模型,但显然必须在打开其他人时正确配置。
See also my question Django AdminSite/ModelAdmin for end users? and similar questions Exposing django admin to users. Harmful? and How to make Django admin site accessed by non-staff user?
另请参阅我的问题Django AdminSite / ModelAdmin给最终用户?和类似的问题向用户公开django管理员。有害?以及如何使非人员用户访问Django管理站点?
Regarding arguments about the "intended use" of the admin, please note Django's security update at the end of last year: http://www.djangoproject.com/weblog/2010/dec/22/security/ regarding querystring parameters in object lists. Such an update (quote: "an attacker with access to the admin [...]") is a clear indication that the admin's implementation of the permission system is being constantly scrutinized.
关于管理员“预期用途”的争论,请注意Django去年年底的安全更新:http://www.djangoproject.com/weblog/2010/dec/22/security/关于对象列表中的查询字符串参数。这样的更新(引用:“有权访问管理员的攻击者”)清楚地表明管理员对权限系统的实现正在不断进行审查。
#2
3
I wouldn't expose the admin interface to regular users. You can use the authentication and user-management side (for your purposes), but it's usually best practice to give users a separate way to manage their objects. You also don't run as much of a risk of granting the wrong privileges to users (or allowing them to grant their own).
我不会将管理界面暴露给普通用户。您可以使用身份验证和用户管理方面(出于您的目的),但通常最佳做法是为用户提供单独的方法来管理其对象。您也不会冒很大的风险,即向用户授予错误的权限(或允许他们授予自己的权限)。
Have a read though the docs (https://docs.djangoproject.com/en/dev/ref/contrib/admin/) if you want a better overview about what it can do.
如果您想要更好地了解它可以做什么,请阅读文档(https://docs.djangoproject.com/en/dev/ref/contrib/admin/)。
#3
3
No. The django admin is not intended for any end-user.
不可以.django管理员不适合任何最终用户。
The django admin feature is intended to assist the website developer, and that is all. Even usage by site administrators is contra-indicated, although in practice most small sites get away with it since they're only talking a few people who can call on the developer personally if they get into trouble.
django管理员功能旨在帮助网站开发人员,就是这样。甚至网站管理员的使用也是禁忌的,尽管在实践中大多数小型网站都会使用它,因为他们只会谈论一些可以在遇到麻烦时亲自打电话给开发人员的人。
For your purposes, the review items and the workflow in creating the items is a critical part of your application feature set. The admin will give you ideas, but it would be a mistake to attempt to build your application upon it.
出于您的目的,审核项目和创建项目的工作流程是应用程序功能集的关键部分。管理员会给你一些想法,但尝试在其上构建应用程序是错误的。