Jeff Anderson wrote: > pihentagy wrote: > > Hi all! > > > > I come to here from a little symfony background (a framework, which > > try to borrow good things from django), and would like to have an > > overview how django stacks up. > > > > I would like to ask, if the admin module can be used on a production > > server by registered users. > > > The admin module can be used by registered users, yes. > > What problems can occur? > > (I assume every object references a user) > > > The admin interface was designed for admins. As long as you keep the > access limited to trusted users, very few problems (security wise) A "registered user" is not neccesarily trusted...
> > - editing/deleting objects not belonging to user > > > Currently the admin interface doesn't handle row-level permissions. A > user can be granted to edit articles, but not restricted to only their > own. I *believe* this is a feature that will be added in newforms-admin. > > > How these problems are solved in django? > > > These problems are solved by writing your own views for your models. Its > really quite easy to do. We have an in-house ticket system done in > django, and I've tinkered with "person x in group y can edit these > tickets", "group z can edit tickets that are assigned to a certain > category", etc... We simply disabled access to the admin interface for > the less-privileged users, yet they can still edit certain objects at > the row-level with our custom views. > > It almost sounds like you are asking if the admin interface can just be > your whole site. That's a bad idea. Why is that a bad idea? If I mainly need CRUD operations it is natural to solve it with admin interface. Cannot these "security issues" if any eliminated, and use the admin interface for a whole site? (if it needs just CRUD). thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
