I suggest you to create a custom admin site for your external user where you expose only the models that interact with the external user and create a middleware for forbidden access to the other admin site.
2015-09-23 14:49 GMT-06:00 Bill Freeman <[email protected]>: > How technical are your users? > What are your security constraints? > How much work can you do to make it "pretty"? (Believe me, someone will > ask.) > Are there fields that you want to administer internally but don't want to > expose to the users? > Will your users object if you decide to move to a newer Django version and > the interface changes/ > > You can make it work, but in many instances it will save you less effort > than you though (might even be harder). > > A few custom views are pretty easy to roll out. > > On Wed, Sep 23, 2015 at 4:00 PM, Joshua Pokotilow <[email protected]> > wrote: > >> Hello! I just had a fairly lengthy conversation with my colleagues about >> whether or not Django admin is well-suited to external users outside our >> company. I took the position that for certain use-cases, exposing Django >> admin to third parties makes a lot of sense, given that the admin >> application has all kinds of features baked in that are well-suited to >> certain admin tasks (ACL, customizable templates, dynamically built CRUD >> forms, etc.). Unfortunately, I met with a lot of resistance on account of >> fears over ease of customizability, security, and technology lock-in. >> Furthermore, there was some concern that exposing Django admin to >> third-parties might send us off the beaten path, and that doing so could be >> an antipattern. >> >> I would appreciate knowing how other developers feel on this subject, and >> would love to hear about how some larger companies that use Django >> (Instagram, Disqus) think things through. >> >> Thanks. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/django-users. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/59231ea7-4bd1-41c2-97ef-f294a380bcb4%40googlegroups.com >> <https://groups.google.com/d/msgid/django-users/59231ea7-4bd1-41c2-97ef-f294a380bcb4%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CAB%2BAj0tme%3DvZdzKBf5ygJRqtACozy2ugi5qyKjG5WHDWENkUWA%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CAB%2BAj0tme%3DvZdzKBf5ygJRqtACozy2ugi5qyKjG5WHDWENkUWA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- "La utopía sirve para caminar" Fernando Birri -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAG%2B5VyPdmtjHsy2igmFSESEBPFQSU5NAshGe3dY%3D3vrORR%3DuVw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
