Am 21.02.23 um 14:57 schrieb Jason Johns:
I'd be a -1 on dynamic modification with installed apps. that's the
developer's responsibility to add in, and should be implicit by design.
No, that's not IMHO. In my use case (and e.g. Pretix' too, which is a
great Django use case IMHO) I need a base django application and
dynamically installed plugins, which may change over time. With GDAPS
this is possible just by installing the plugins using pip, and running
migrate/collectstatic and a custom mgmt command.
This can be done by an admin, and not necessarily by a developer.
The list of apps needs to come somewhere via configuration, and django
defines that configuration to be done explicitly.
Yes, and that's what I want to extend. It's possible with some work, and
I'd like to collect how it's done *best*.
I be;ieve some of the major security holes via Wordpress come with
being able to add in plugins and projects dynamically. You might be
discounting this, but it does open up a fairly large attack vector
Yes, but my question is another one. GDAPS isn't about adding apps
dynamically to Django. it's about zero-configuration-adding apps to a
Django application. In Wordpress speech: Not like Wordpress plugins, but
plugins for a specialized app created USING Wordpress.
I'd not like to exactly discuss this here on django-developers, as it's
more a usage thingy, and I don't like to spam this list with django
usage questions...
My original question was HOW would I implement this in a "good-practice"
way, by not violating Django's conventions, and showing a way it could
be done clean.
You always can use a tool in bad ways. There are even discussions about
why Django adds a SECRET_KEY in code by default, which should not be done.
But I think that it is really valuable to expand an application with
plugins that can be installed via pip. It does not need to mean users
can freely install plugins like in wordpress. It means that devs/vendors
can plug together an appliance of GDAPS (=Django app) plugins for *one*
application by just installing plugins via pip. They all can be coded by
the same author.
This is not possible ATM in Django, as it would need to touch
settings.py and add the app in INSTALLED_APPS manually, add some plugin
specific settings etc. Which gets bulky when using 20+ plugins, and
maintaining 300 different appliances (for 300 customers) with different
(and dynamically changing) plugins.
So again, does anything stand against loading plugins' INSTALLED_APPS
from a plugin's root module? Is there a better approach?
Thanks, Christian
On Tuesday, February 21, 2023 at 1:54:01 AM UTC-5 Christian González
wrote:
Am 20.02.23 um 14:23 schrieb Jacob Rief:
> Isn't it a bit dangerous to auto-add a package from PyPI to a
running
> Django installation? That module then gains full database access
and
> could do all kind of nasty stuff.
> Maybe I am a bit naive here, but 3rd party packages sometimes get
> installed incautiously.
Hi Jacob,
no, I don't think so. It is generally "dangerous" to run code you
don't
know what it does ;-)
In my case it is even more dangerous to run code I wrote myself,
hehe.
But really, if you install ANY package via pip, you have to trust
that
package. So it doesn't matter if you install a Django GDAPS
auto-plugin
package or django-money. you would have to add it manually to your
settings.py/ <http://settings.py/> INSTALLED_APPS anyway to use it.
GDAPS is intended to enable plugins for a main application - e.g.
there
is medux, and medux.plugins.laboratory - both from the same vendor.
There is no trust problem when installing your own packages.
Christian
--
Dr. Christian González
https://nerdocs.at
--
You received this message because you are subscribed to the Google
Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/6c3ea57a-c66d-40cf-809b-899d3b0d2b98n%40googlegroups.com
<https://groups.google.com/d/msgid/django-developers/6c3ea57a-c66d-40cf-809b-899d3b0d2b98n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
Dr. Christian González
https://nerdocs.at
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/081771a2-85b7-a747-b17c-5efb551554cd%40nerdocs.at.
