我应该使用Django的管理功能吗？ [英] Should I use Django's Admin feature?

问题描述

我正在建立一个基于Django的评论网站，公众用户创建网站上的所有内容。用户为给定的物品创建评论，并且还会自动创建将被审核的物品（提供物品的描述和简要摘要以及几个标签）。

I'm building a Django-based review website where public users create all of the content on the site. Users create reviews for given items and they also create the items themselves that will be reviewed (providing a description and brief summary of the item, along with a few tags).

我的问题是：我应该使用Django的这个网站的管理功能（如同向公众用户公开管理员控制）？还是应该坚持正常的形式？我对Django的管理方面并不熟悉，到目前为止，我刚刚使用了网站的表单，但是我看到很多人都在谈论Django的管理功能，我开始怀疑如果我应该使用它们。

My question is this: Should I be using Django's admin features for this website (as in, exposing admin controls to the public users)? Or should I just stick with normal forms? I'm not too familiar with the admin-aspect of Django, and so far I've just been using forms for the website, but I've seen a lot of people talking about Django's admin features, and I'm starting to wonder if I should be using them.

感谢任何反馈！

推荐答案

p>也许吧。如果管理员功能涵盖了您想要提供的大部分功能，则没有理由不应该将其用作起点。

Maybe. If the admin functionality covers most of what you want to offer, there's no reason why you shouldn't use it as a starting point.

django.contrib.admin是一个应用程序像任何其他，并且基本上为您的模型提供了一个CRUD界面。访问可以通过组/权限进行控制，就像您为自己编写的应用程序一样。您可以使用单行方式完全访问模型，但显然必须在开放给他人时正确配置。

django.contrib.admin is an application like any other, and provides basically a CRUD interface to your models. Access can be controlled via groups/permissions, just like you would for an application you write yourself. You can give full access to a model with a one-liner, but obviously will have to configure properly when opening up to others.

另请参阅我的问题
用于最终用户的Django AdminSite / ModelAdmin
和类似问题< a href =https://stackoverflow.com/questions/6077647/exposing-django-admin-to-users-harmful/6084927>将django管理员公开给用户。有害吗？和如何使Django管理员网站由非员工用户访问？

See also my question Django AdminSite/ModelAdmin for end users? and similar questions Exposing django admin to users. Harmful? and How to make Django admin site accessed by non-staff user?

关于管理员预期使用的争论，请注意Django的安全更新去年年底： http://www.djangoproject.com/weblog/ 2010 / dec / 22 / security / 关于对象列表中的查询字符串参数。这样的更新（引用：访问管理员[...]的攻击者）清楚地表明管理员对权限系统的实施正在不断审查。

Regarding arguments about the "intended use" of the admin, please note Django's security update at the end of last year: http://www.djangoproject.com/weblog/2010/dec/22/security/ regarding querystring parameters in object lists. Such an update (quote: "an attacker with access to the admin [...]") is a clear indication that the admin's implementation of the permission system is being constantly scrutinized.

这篇关于我应该使用Django的管理功能吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！