2009/5/26 Alex Gaynor <alex.gay...@gmail.com> > On Mon, May 25, 2009 at 7:51 PM, Sam Kuper > <sampabloku...@googlemail.com>wrote: > >> Suppose you were re-writing Facebook in Django. >> >> Would you handle the complex profile and privacy settings pages by: >> >> A) exposing the relevant admin pages to users, with careful auth to stop >> users from being able to access admin pages they shouldn't be able to. >> Obviously this would require much custom templating in order to achieve the >> desired visual appearance (instead of the default Django admin appearance), >> but it would have the advantage of not requiring new views and forms to be >> written. >> >> B) creating forms and views as needed for the profile and privacy >> settings, keeping the users out of the admin app entirely, and reserving the >> latter only for Facebook staff. >> [...] >> > > B). The admin is designed really for use with fully trusted administrators > only, the extra hooks that have been placed in for more find grained control > notwithstanding.
Thanks Alex. It sounds like your reason for choosing B is based on security concerns - specifically that authorisation within the admin may not be as strong as authorisation that prevents users from accessing the admin. Is that correct? If so, is this the case because the former involves only one layer of security (user must be authorised in order to access specific admin functionality) whereas the latter involves two layers (same as above AND user must be authorised to use the admin at all)? Thanks for your help, Sam PS. If anyone else also has opinions about this, I'd be glad to hear them! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
