[Fixed]-Should I use Django's Admin feature?

10👍

Maybe. If the admin functionality covers most of what you want to offer, there’s no reason why you shouldn’t use it as a starting point.

django.contrib.admin is an application like any other, and provides basically a CRUD interface to your models. Access can be controlled via groups/permissions, just like you would for an application you write yourself. You can give full access to a model with a one-liner, but obviously will have to configure properly when opening up to others.

See also my question
Django AdminSite/ModelAdmin for end users?
and similar questions Exposing django admin to users. Harmful? and How to make Django admin site accessed by non-staff user?

Regarding arguments about the “intended use” of the admin, please note Django’s security update at the end of last year: http://www.djangoproject.com/weblog/2010/dec/22/security/ regarding querystring parameters in object lists. Such an update (quote: “an attacker with access to the admin […]”) is a clear indication that the admin’s implementation of the permission system is being constantly scrutinized.

7👍

No. The django admin is not intended for any end-user.

The django admin feature is intended to assist the website developer, and that is all. Even usage by site administrators is contra-indicated, although in practice most small sites get away with it since they’re only talking a few people who can call on the developer personally if they get into trouble.

For your purposes, the review items and the workflow in creating the items is a critical part of your application feature set. The admin will give you ideas, but it would be a mistake to attempt to build your application upon it.

5👍

I wouldn’t expose the admin interface to regular users. You can use the authentication and user-management side (for your purposes), but it’s usually best practice to give users a separate way to manage their objects. You also don’t run as much of a risk of granting the wrong privileges to users (or allowing them to grant their own).

Have a read though the docs if you want a better overview about what it can do.

Leave a comment