Is it possible to create an end-user facing site using Django admin alone?

Question

I'm very new to Django, having never developed on it.

I'm trying to develop a site which has functionality exposed only to authenticated users (typical enterprise thing: for this discussion, let's say it's a private blogging platform).

The functionality I'm looking for is:

• Users can create a new blog.
• each user can belong to multiple groups: the user can only view/comment on blogposts created by member of groups (s)he belongs to.
• Each user can modify/delete only the posts (s)he creates.

As I see it, this is essentially a CRUD application with access control, and the admin app seems to have a lot of this functionality builtin. Is it feasible to develop this complete application using the admin application alone (not as a prototype, as a release-quality solution), or should I look beyond (Generic views? ModelForms?)

I'm trying to estimate how long this will take (learning + implementation), so your feedback could give me a good idea, in addition to teaching me the ways of this new Django-world :)

Edit: specifically, one of my worries is per-object/per-row permissions. The django wiki says the Permissions system doesn't support that, so can I still use the admin app?

Answer 1

Revised. Up until you want per-object permission, the answer is yes.

As soon as you want permission on a Blog, where a blog is just a row, you're going to have to do some coding.

You can totally reuse the admin interface elements. You have all the source, which you can read.

Much of what you want is done with "wrappers" around the admin functions.

1. You write a "wrapper" view function checks object permissions.

2. Your wrapper view function calls the admin view function.

After that, you'll want to fix the style sheets in the admin pages to be your preferred look and feel.

Answer 2

As for row-level permissions in the admin, in the SVN version of Django you can override the has_add_permission, has_change_permission, and has_delete_permission methods on the ModelAdmin object to implement the custom permissions logic yourself in a way that will apply across the entire admin. I'm pretty sure this feature is going to be in the 1.2 release this year. It doesn't seem to be in the documentation yet, but if you can find the default methods in the django/contrib/admin/options.py file of the Django source, exact instructions are in the docstrings.

I wouldn't recommend doing the entire app in the admin, though. It would work fine for the parts of the app where people are writing their posts and creating their blogs, but the admin wouldn't be suited for just displaying the data, unless you write lots of custom code. Writing views that can display objects and submit comments in Django isn't very hard - most of the work is in the templates.

Answer 3

As a point of sense you really shouldn't be basing a potentially large scale project on Django-Admin. It's kind of silly, and so many people are fascinated with Django-Admin that they literally have a chapter in their books about when and when not to use it for evil.

It seems to me that for all the hacking you will have to do to get the admin to look like a reasonably presentable site in terms of personalization, you might as well take the weekend off, actually LEARN the tools you are trying to bastardize, and make a real site. What you are describing wouldn't be heroic by any means in terms of logic.

This scenario reminds me of the old Garfield cartoon where the guy buys the cat an incredibly expensive and awesome looking bed, and the cat chooses to sleep in the box that the bed came in.