I am currently learning programming and do not have much experience yet. I am making a webapp to manage employees (this is a personal project that I am only doing to learn from and is not going to be used by anyone) and I wanted to have a single admin user. I was wondering where I should store the username/password for that user. Even though this is just a personal project, I would learn more from trying to do it correctly, so that it could theoretically be used by someone.
Currently I am just storing the username and password-hash in the code itself, which I imagine is very bad practice.
So there are several options that you can do. If you are just getting started, for simplicity's sake, I would recommend you checkout Flask-User.
For state persistence, I would suggest you work with SQLite through Flask-SQLAlchemy. Don't bother with trying to spool up a whole database server for this.
Related
I am currently developing my first more complex Web Application and want to ask for directions from more experienced Developers.
First I want to explain the most important requirements.
I want to develop a Web App (no mobile apps or desktop apps) and want to use as much django as possible. Because I am comfortable with the ecosystem right now and don't have that much time to learn something new that is too complex. I am inexperienced in the Javascript World, but I am able to do a little bit of jQuery.
The idea is to have one database and many different Frontends that are branded differently and have different users and administrators. So my current approach is to develop a Backend with Django and use Django Rest Framework to give the specific data to the Frontends via REST. Because I have not that much time to learn a Frontend-Framework I wanted to use another Django instance to use as a Frontend, as I really like the Django Template language. This would mean one Django instance one Frontend, where there would be mainly TemplateViews. The Frontends will be served on different subdomains, while the backend exposes the API Endpoints on the top level domain.
It is not necessary to have a Single Page App. A Normal Website with mainly the normal request/response-cycle is fine.
Do you think this is a possible approach to do things? I am currently thinking about how to use the data in the frontend sites in the best way. As I am familiar with the Django template language I thought about writing a middleware that asks about the user details in every request cycle from the backend. The thought is to use a request.user as normally as possible while getting the data from the backend.
Or is ist better to ask these details via jQuery and Ajax Calls and don't use the django template language very much?
Maybe there is also a way to make different Frontends for the same database without using REST?
Or what would you think about using a database with each frontend, which changes everytime I make a change in the main database in the backend? Although I don't really like this approach due to the possibility of differences in data if I make a mistake.
Hopefully this is not to confusing for you. If there are questions I will answer them happily. Maybe I am also totally on the wrong track. Please don't hesitate to point that out, too.
I thank you very much in advance for your guiding and wish you a nice day.
as per my experience and knowledge, you are almost going towards correct direction.
my recommendation is for making backend rest api Django and django rest framework is the best option however for consuming those api you can look for the angular or react both works very well in terms of consuming API.
Thank you for your input om tripathi.
I think it really does make sense to use the modern js frameworks for consuming a REST API.
I looked a little further into my problem and found multitenancy to fit my requirements perfectly. There are also great plugins and good reads for that use case. Just for others some informations I stumbled upon:
https://djangopackages.org/grids/g/multi-tenancy/
https://www.vinta.com.br/blog/2017/multitenancy-juggling-customer-data-django/
Especially the second link gave me information about different design approaches. For myself I chose to go the way with one database for every Client and then using the site framework from django to seperate data. For the Subdomain resolving I use django-hosts.
Thank you again and have a nice day.
There is a Django-powered site. There is a need to create a stand-alone service (written in another language & platform) which should be able to perform all the CRUD operations on the SQL database that's used by the Django site.
Obviously, new tables won't be available to the Django site as models, but what I'm interested in is what happens with records that were inserted/deleted/updated from the outside.
It seems absolutely legit for me. However, as I have a limited experience of web & Django development, it would be better to know this for sure.
Is it considered a normal practice?
Is it possible to break any "Django-side things" this way? Like, migrations or whatever else it could be?
Are there any things I should be aware of?
Is it considered a normal practice?
To me seems a bad practice. Really bad practice. Django owns that data and makes sense that only the owning application can access that data.
Is it possible to break any "Django-side things" this way? Like, migrations or whatever else it could be?
If you don't change the table structures, and don't mess with Django admin tables, you won't break the django side of things
I would suggest making the Django application a service. Whichever application needs data managed by Django can request it, and Django is responsible for handling that data. Take a look at http://www.django-rest-framework.org/ and if you don't know about REST or SOA take a look at those.
I have a site that - other than the signup process - will be only used by logged in users. It's my first Django site, and I'm wondering whether I can use the Django user model (slightly extended) to work with all my users, or should it only be used for administrative users such as myself?
Apologies if this is a stupid question. Additionally, and either way, what's the best way to manage user registrations? It'd be awesome if this were built into Django, but it's not, and I read django-registration is relatively abandoned. Any recommendations welcome.
You can use the Django User model for all your users (of course, it all depends on your actual scenario, but it sounds like it could work in your case). You can also extend it (e.g. add more fields): https://docs.djangoproject.com/en/dev/topics/auth/customizing/#extending-the-existing-user-model
Is it the best way to manage users? Again, it depends on the scenario, but it would still work for a significant portion of Django projects.
I read django-registration is relatively abandoned
I haven't used it in a while, but I'd guess it would work with the current Django version. In any case, it's a fairly simple and robust application, so you might be able to tweak it to make it work (you might even decide to commit the changes back to the repo, in the open source spirit).
I was just talking to an advanced developer friend of mine about this. He said using djangos users is frowned upon and to build it out separately. I don't know much more on this but it's something I will be doing in the future.
I have a Django web front-end that consumes data from a REST API backend.
Even the users are made and created on the backend.
My Problem :
How to use 3rd party apps within this system, that heavily depend on django models/ORM ?
Is there something that can provide some bridge between the REST API resources and the ORM?
How can this problem be dealt with ?
Update
DRY principal seems to be failing in this situation.
Probably things have changed since this question has been originally posted. Now there are a couple of interesting related questions on StackOverflow about this topic.
To code yourself a solution as explained in this answer, you can create an external service layer (aka services.py) and write there the logic to access the external resources. Your views will consume this layer, and make the proper actions. There are other questions that provide help on how to pass information from the original request received by the django-view to the external service like this or this
There is also a django app that takes this situation into account as explained in this answer. django-roa uses the Resource Oriented Architecture paradigm to solve this.
I'm facing a similar obstacle with a new ecommerce project.
The project is a front end to a full-fledged store management software (CMS+ERP+CRM). It needs to use the master product database, but have its own entries for product reviews, ratings and so on.
The initial thought was to make a cached copy of the master database. The website will benefit from fast loading times for the cached items, but the implementation is not trivial.
After some considerations, the selected approach was updating the website's DB from the management program. This way the website's copy will always be correct, and most of the implementation doesn't need to worry about REST services (it'll still be used for user registration, shipment tracking etc.)
In your case, where you can't have the service update your own database remotely, you need to come up with a mechanism that allows you to refer to REST recourses like regular models, and that caches them in the background.
Important note: research for a way to make sure the cache is always correct (non-dirty)...
I'm not sure I completely understand your question or requirements. The way I am reading it, you have a primary back-end which is basically a black-box, and you want to use some 3rd-party apps in your project which use the Django ORM.
I am unclear as to why there would be a need for being able to have a two-way synchronization between the two data-stores. The users of your project would be returned data from your primary back-end, and from the project's ORM.
Since you are concerned about saving the "ORM" data in your primary back-end, maybe you would consider creating a Transaction Middleware that would fire any time ORM data gets updated, which could serialize the structure being saved and transmit it to your REST API. This REST API, I assume, is able to accept arbitrary data structures?
You'll probably at least want to use some form of middleware, and maybe a utility module/class to help form the "bridge".
Is anyone aware of a Django app for designing and storing flowcharts in a database? After searching for variations of "Django flowcharts", I've only found flowcharts of Django's internal design, not anything about authoring or storing flowcharts in a Django webapp.
As asked in a similar question, I've found several impressive Javascript and JQuery based libraries for browser-based flowchart design, but nothing for persisting these server-side.
I wrote an app that stores and controls state machines in Django 1.2:
https://bitbucket.org/canassa/zinaflow
It uses a per-object permission model for controlling the transitions and GenericForeignKeys for attaching the state machine to any model in your application. With the per-object permissions you can assign a Django user for each transition.
Depending on what you need to do, this app might be a overkill for you. But reading the source code can give you some ideias on how to implement an app yourself.
Why couldn't you do it yourself? The behavior and presentation is already implemented in the several truly impressive JavaScript libraries you've referenced, now all that's left to be done is to store the models in the database for your favorite pick you'd like to persist through Django.
There is a library that implements Modified Preorder Tree Traversal on the model level that I'm sure would be of great use to you to store the logical relations between the flowchart elements and other presentation data, such as the coordinates, shape, it's transformations and other visual properties can be easily stored alongside.
I'm sure that if you'd give it some thought you could quickly execute it; hell it's even probable that there are many people who need the same thing, which would make it even more useful if you weren't developing it just for yourself. This seems like a good candidate for an OS Django app.
I am not aware of an existing app that does this, but if you want to start developing your own a good place to start would be exploring the code for GraphModels, a command from the excellent django-command-extensions project. It is a django manage.py extension that creates database diagrams from models using graphviz.