Saturday, April 30, 2016

How in Django, made count objects in through model by condition, for using in the admin as sortable field?

I need will create two sortable fields in Django admin by values in Though-Model.
    
-----------------
My models.py
----------------
    
    
    from django.core.urlresolvers import reverse
    from django.utils.translation import ugettext_lazy as _
    from django.db import models
    from django.conf import settings
    
    from autoslug import AutoSlugField
    
    from mylabour.models import TimeStampedModel
    from mylabour.utils import CHOICES_LEXERS
    
    
    class Snippet(TimeStampedModel):
        """
    
        """
    
        title = models.CharField(_('Title'), max_length=200)
        slug_title = AutoSlugField(populate_from='title', unique_with='author', always_update=True, sep='__')
        description = models.TextField(_('Decription'))
        code = models.TextField(_('Code'))
        # tags
        lexer = models.CharField(_('Lexer of code'), max_length=50, choices=CHOICES_LEXERS)
        author = models.ForeignKey(
            settings.AUTH_USER_MODEL,
            verbose_name=_('Author'),
            related_name='snippets',
            on_delete=models.DO_NOTHING,
        )
        voted_users = models.ManyToManyField(
            settings.AUTH_USER_MODEL,
            verbose_name=_('Voted users'),
            related_name='voted_users',
            through='VoteUserInSnippet',
            through_fields=('snippet', 'user'),
        )
    
        class Meta:
            db_table = 'snippet'
            verbose_name = _("Snippet")
            verbose_name_plural = _("Snippets")
            get_latest_by = 'date_created'
            ordering = ['date_created']
    
        def __str__(self):
            return '{0.title}'.format(self)
    
        def get_absolute_url(self):
            return reverse('app_snippets:snippet', kwargs={'slug_title': self.slug_title})
    
    
    class VoteUserInSnippet(models.Model):
    
        user = models.ForeignKey(
            settings.AUTH_USER_MODEL,
            on_delete=models.CASCADE,
            verbose_name='User',
            limit_choices_to={'is_active': True},
        )
        snippet = models.ForeignKey('Snippet', on_delete=models.CASCADE, verbose_name='Snippet')
        is_useful = models.BooleanField(_('Is useful'))
        date_voting = models.DateTimeField(_('Date voting'), auto_now_add=True)
    
        def __str__(self):
            return _('User "{0.user}" found this snippet as {0.is_useful}').format(self)
    
    
    class SnippetComment(TimeStampedModel):
    
        text_comment = models.TextField(_('Text comment'))
        snippet = models.ForeignKey('Snippet', related_name='comments', verbose_name=_('Snippet'), on_delete=models.CASCADE)
        author = models.ForeignKey(
            settings.AUTH_USER_MODEL,
            related_name='comments_snippet',
            verbose_name=_('Author'),
            on_delete=models.DO_NOTHING,
        )
    
        class Meta:
            db_table = 'snippet_comment'
            verbose_name = "Comment of snippet"
            verbose_name_plural = "Comments of snippet"
            get_latest_by = 'date_created'
            ordering = ['snippet', 'date_created']
    
        def __str__(self):
            return _('Comment from "{0.author}" on snippet "{0.snippet}"').format(self)
    
-----------
My admin.py
-----------
    
    
    from django.db.models import Count
    from django.utils.translation import ugettext_lazy as _
    from django.contrib import admin
    
    from .models import *
    
    
    class SnippetCommentInline(admin.StackedInline):
        '''
        Stacked Inline View for SnippetComment
        '''
    
        model = SnippetComment
        min_num = 0
        max_num = None
        extra = 1
        fk_name = 'snippet'
    
    
    class VoteUserInSnippetInline(admin.TabularInline):
        '''
        Stacked Inline View for VoteUserInSnippet
        '''
    
        model = VoteUserInSnippet
        min_num = 0
        max_num = None
        extra = 1
    
    
    class SnippetAdmin(admin.ModelAdmin):
        '''
        Admin View for Snippet
        '''
    
        list_display = (
            'title',
            'author',
            'lexer',
            'get_count_good_reply',
            'get_count_bad_reply',
            'get_count_replies',
            'is_new',
            'date_modified',
            'date_created',
        )
        list_filter = (
            ('author', admin.RelatedOnlyFieldListFilter),
            'lexer',
            'date_modified',
            'date_created',
        )
        inlines = [
            SnippetCommentInline,
            VoteUserInSnippetInline,
        ]
        search_fields = ('title',)
    
        def get_queryset(self, request):
            qs = super(SnippetAdmin, self).get_queryset(request)
            qs = qs.annotate(
                count_comments=Count('comments', distinct=True),
                count_voted_users=Count('voted_users', distinct=True),
            )
            return qs
    
        def get_count_comments(self, obj):
            return obj.count_comments
        get_count_comments.admin_order_field = 'count_comments'
        get_count_comments.short_order = _('Count comments')
    
        def get_count_good_replies(self, obj):
            return VoteUserInSnippet.objects.filter(snippet=obj,     is_useful=True).count()
        # get_count_good_replies.admin_order_field = ''
        get_count_good_replies.short_order = _('Count good replies')
    
        def get_count_bad_replies(self, obj):
            return VoteUserInSnippet.objects.filter(snippet=obj, is_useful=False).count()
        # get_count_bad_replies.admin_order_field = ''
        get_count_bad_replies.short_order = _('Count bad replies')
    
        def get_count_replies(self, obj):
            return obj.count_voted_users
        get_count_replies.admin_order_field = 'count_voted_users'
        get_count_replies.short_order = _('Count replies')
    
    
    class VoteUserInSnippetAdmin(admin.ModelAdmin):
        '''
        Admin View for VoteUserInSnippet
        '''
        list_display = ('snippet', 'user', 'is_useful', 'date_voting')
        list_filter = (
            ('user', admin.RelatedOnlyFieldListFilter),
            ('snippet', admin.RelatedOnlyFieldListFilter),
            'is_useful',
            'date_voting',
        )
    
    
    class SnippetCommentAdmin(admin.ModelAdmin):
        '''
            Admin View for SnippetComment
        '''
        list_display = ('snippet', 'author', 'is_new', 'date_modified', 'date_created')
        list_filter = (
            ('author', admin.RelatedOnlyFieldListFilter),
            ('snippet', admin.RelatedOnlyFieldListFilter),
            'date_modified',
            'date_created',
        )



Methods get_count_bad_replies() and get_count_bad_replies() right worked but is not sortable. 
May be who known have resolve this problem.

Thanks.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/140f0b6b-2985-4a32-abc9-762edc199931%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Re: Add id to url after login user

I have now code like below and I have message. I try split success_url with id number and compare it with urls.py


AttributeError at /users/login/

'int' object has no attribute 'get'


views.py
class LoginView(FormView):
    template_name = 'login_form.html'
    model = MysiteUser
    form_class = AuthenticationForm

def form_valid(self, form):
    x = form.get_user_id()
    return x
def get_success_url(self):
    x = self.x
    success_url = '/users/profile/{}'.format(x)
    return success_url



W dniu piątek, 29 kwietnia 2016 09:36:30 UTC+2 użytkownik Dariusz Mysior napisał:
I use FormView do login user, but I don't know how I should add his ID number to success url that when he will log in adres will be users/profile/id

urls.py

from users.views import RegisterView, LoginView, ProfileView

urlpatterns = [

        url(r'^register/$', RegisterView.as_view(), name='register-view'),
        url(r'^login/$', LoginView.as_view(), name='login-view'),
        url(r'^profile/(?P<pk>\d+)/$', ProfileView.as_view(), name='profile-view'),


views.py
class LoginView(FormView):
    template_name = 'login_form.html'
    model = MysiteUser
    form_class = AuthenticationForm
    success_url = '/users/profile/'   

urls.py

from django.conf.urls import   url
from users.views import RegisterView, LoginView, ProfileView

urlpatterns = [

        url(r'^register/$', RegisterView.as_view(), name='register-view'),
        url(r'^login/$', LoginView.as_view(), name='login-view'),
        url(r'^profile/(?P<id>[0-9]+)/$', ProfileView.as_view(), name='profile-view'),

]

 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/361d6987-cf65-476b-a6c1-673a6e37f80a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Re: What is completed listing all formaters (fakers, providers) in FactoryBoy?


I will ask a question easier.

experimentally I found such worked providers of factoryboy:

factory.Faker('name', locale='en') - generate random name
factory.Faker('first_name', locale='en') - generate random first_name
factory.Faker('last_name', locale='en') - generate random last_name
factory.Faker('url', locale='en') - generate random URL
factory.Faker('slug', locale='en') - generate random slug
factory.Faker('date', locale='en') - generate random date
factory.Faker('time', locale='en') - generate random time
factory.Faker('text', locale='en') - generate random text

But not working factory.Faker('datetime', locale='en') and factory.Faker('color', locale='en')

In factoryboy'і docs silent about integrated formaters, and it was the reason to ask a question.


суббота, 30 апреля 2016 г., 11:40:12 UTC+3 пользователь Gergely Polonkai написал:
Looking at FactoryBoy's documentation, it doesn't seem you can use these; for example, slug is never mentioned in the documentation. What exactly do you want to achieve? Are you sure it's FactoryBoy you are looking for?


2016-04-30 10:11 GMT+02:00 Seti Volkylany <setivo...@gmail.com>:

I mean the factory.Faker('name', locale='en'), and 

I found slug, name, first_name, last_name, time, date, url, but I am don`t found all list in Web and factoryboy`s documentation.

May anyone known?

Thanks.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/787d683b-cb31-432e-ac34-a480d5d4fda2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/cf0a5eab-e93d-43c2-92e4-f6361cd964e9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Re: Add id to url after login user

On Fri, Apr 29, 2016 at 12:06:02PM -0700, Dariusz Mysior wrote:
> Sory I thought that You are from Poland like I :)
>
> Hmm I try Your code but there is comment
>
> name 'request' is not defined

It's hard to tell what's wrong without seeing the full traceback that
you get with that error; could you paste it here?

Cheers,

Michal

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20160430095546.GI435%40koniiiik.org.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Re: What is completed listing all formaters (fakers, providers) in FactoryBoy?

Looking at FactoryBoy's documentation, it doesn't seem you can use these; for example, slug is never mentioned in the documentation. What exactly do you want to achieve? Are you sure it's FactoryBoy you are looking for?


2016-04-30 10:11 GMT+02:00 Seti Volkylany <setivolkylany@gmail.com>:

I mean the factory.Faker('name', locale='en'), and 

I found slug, name, first_name, last_name, time, date, url, but I am don`t found all list in Web and factoryboy`s documentation.

May anyone known?

Thanks.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/787d683b-cb31-432e-ac34-a480d5d4fda2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACczBULd30C0o8ywkSFJeaPwL_XCVGPz_4aBab_-xFq1h2PtGQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

What is completed listing all formaters (fakers, providers) in FactoryBoy?


I mean the factory.Faker('name', locale='en'), and 

I found slug, name, first_name, last_name, time, date, url, but I am don`t found all list in Web and factoryboy`s documentation.

May anyone known?

Thanks.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/787d683b-cb31-432e-ac34-a480d5d4fda2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Friday, April 29, 2016

Re: New to Django (stuck at the end of the tutorial)

Just a related/unrelated sidenote.. I'm also new to Django and I found an amazing tutorial series on youtube... Just wanted to share it with you: 

https://youtu.be/FNQxxpM1yOs?list=PLQVvvaa0QuDeA05ZouE4OzDYLHY-XH-Nd

It's a 12 part series and it really helped me get the ball rolling



On Tuesday, April 26, 2016 at 12:33:09 AM UTC-7, Cronos Cto wrote:


Hello Django Lovers.

So I started on Django as project of mine. Seems like a great first framework to start on. At the moment I am stuck at this:


This was after what I encountered at the end of the Django oficial post app tutorial.

I tried several ways to solve it. The problem seems to lay in the url.py file, but I can not seem to solve it.


Thank you to anyone that can help me solve it.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4706b1f9-0acb-48d0-b264-a54c252430dd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Re: New to Django (stuck at the end of the tutorial)

I just did another try with a different version of Django which is same version of Django used in the book I am reading.
It turns out where the project(mysite) saved has no effect on it.  I think it's how Django suppose to behave.
Perhaps you are not working with the same version of Django as the tutorial??

The sense of achievement is great once the view function starts to working and progress are being made.
I hope you could figure out your problem soon.
Cheers~

Mie Rex於 2016年4月27日星期三 UTC-7下午7時02分56秒寫道:
I had a smiliar problem with another Django tutorial.

I was running Django with Anaconda environment and I took the advice from "Two Scoop Django" to have all projects stored in one directory and all the environment in another.  Therefore the project "mysite" was initialized and put in a folder, which was parallel to the environment folder.
I fixed all the problem by initializing the project inside the environment used for Django.

Took me 3 days to figure out what was the problem.
Hope you could figure out how to fix that soon.
Cheers

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f0794dab-736d-43a3-8b93-2ac69178e7bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Display image instead of text in related-widget-wrapper of FK picker in admin interface.

How would one go about changing this:



into something where instead of 1, 2 there are pictures that correspond to those objects. The class itself is very simple:


Note that I use the picture already in the table view of this item (ie. admin/someapp/item/).

Can I somehow make the widget above also display the same image?

Thanks!

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9032f08e-801a-464b-9bcf-b26ac42f6be1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:

Re: Is it good idea to transition from MS Access to a webapp? And if so, is Django a good tool to do it?

Patrik,

Yes, for a Linux server at AWS, you typically launch it via the AWS
Console (web page) and get an SSH key.  Then ssh to the server
using the SSH key, and work from the command line. 

If you prefer to always use a GUI, not a CLI, you can use X Windows
or a Web-based Linux admin GUI.  But I've never done that.  I
always use the Unix CLI.
 
The OS is already installed, along with any other software that
is included in the Amazon AMI.  If you start by launching an
instance of the "Amazon Linux AMI", you get a vanilla Linux
OS, with not much else installed.  If you want things pre-installed,
launch your server as an instance of an AMI that has what you
need.  There are thousands of combinations, so you can probably
find any combo that you need.  I always start with the "Amazon
Linux AMI" and install the rest myself.

Yeah, as you guessed, the Django account to connect to the DB
should not need rights to create/modify tables, except when you
are doing a Django "manage" command like "syncdb" or "migrate".
At normal runtime, it should only need the rights to SELECT,
INSERT, UPDATE, and DELETE data in existing tables.

--Fred
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
On 4/29/16 7:09 PM, Patrik Mjartan wrote:
I had a brief look and AWS looks really good indeed. Thank you very much for thorough explanation as well on how to go about it.

A rather newbie question - when I make an account on AWS, I assume I have to ssh there from my local computer to do 'anything', that is, there is no 'shared desktop' or any such thing, is there, that is, everything has to be done through command line, right?
Similarly, what about installing the OS itself? Is it some pre-installed linux version where I ssh into and do my thing, or how does it work?

Also a thing that I was not sure about - does the django's account that connects to the DB has to have rights to create/delete tables (+ certain update/insert/delete restrictions)? I assume all the tables are setup when the app is under development and once it's 'up in the public' there isn't going to be excessive changes to the back-end. Of course there could be once in a while, but that could be, again, using 'root' type of account for the DB itself, once it's done the django would again use non-root DB account.

On Friday, April 29, 2016 at 9:17:08 PM UTC+1, Fred Stluka wrote:
Patrik,

I host the servers of all my clients at AWS (Amazon Web Services).

I'd suggest you start by running the DB server (MySQL, PostgreSQL
or whatever) on the same Linux server as the Web server (Apache,
nginx or whatever).  Have the Web server handle all the static files
(HTML., JS, CSS, image) and forward the Django requests via WSGI
or uWSGI to the Django server on the same Linux server.  You can
do it all with one AWS EC2 micro instance, which is free for the
first year, and only $0.02/hour ($15/month) after that.

As your needs grow, you can scale vertically by converting your
micro instance to a small, medium, large, XL, XXL, etc.  And/or
you can scale horizontally, by moving the DB server to it's own
EC2 Linux server or to the AWS RDS service.  And by using AWS
ELB, Autoscale, ElasticBeanstalk, etc., to manage farms of web
servers and DB servers, allocating and terminating servers as
needed to handle the load.  It's a one-line change in the Django
settings file to point Django to the IP address of an RDBMS on a
different server.

Or turn the entire ops business over to AWS and just use their
AWS Lambda service to serve the HTTP requests.  I haven't yet
done that with Django, so you'd have to look into how well it
works.

For security reasons, configure Django to use a non-root user
at the DB server, ideally one with as few privileges as possible. 
And make sure that the DB server is running as a non-root Linux
user.  It everything accesses everything as root, you have a big
security risk.  If someone DID succeed in hacking your Django
app, and became able to get it to execute arbitrary SQL calls,
they could make an SQL call that causes the DB server to make a
system call (as root), that could run arbitrary code on your Linux
server.  So, lock it down at each level, just in case.

For more info about AWS, see:
- http://bristle.com/Tips/CloudComputing.htm
- http://bristle.com/Talks/CloudComputing/current/

For direct printer access from a web app, see:
- http://google.com/search?q=direct+printer+access+from+a+web+app
Lots of hits, so I'm thinking it must be possible.

--Fred
Fred Stluka -- mailt...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
On 4/29/16 2:40 PM, Patrik Mjartan wrote:
Sorry, I miss-clicked post button and so I will reply twice now.

Another important (rather obvious to you I guess) question would be - what is the usual structure of the servers?

What I mean is - I assume we don't want to have the actual DB on the same server as where we host the website.

Is it usually such that Web server is hosted by some hosting company (so they can make sure it's up 24/7) while DB server is on the premises of the company (ie. the one for which I work for) such that data can be retrieved faster? Although I guess that doesn't make too much sense either, as the data has to be retrieved by web-server first in order to be presented to the user...

Overall I'm quite sure that the company I work for would prefer paying some hosting companies to host everything so they don't have to spend money on (potentially) expensive hardware. Is this the standard approach?

I'm a total newbie in this area so would appreciate some help ^_^.


On Friday, April 29, 2016 at 7:33:58 PM UTC+1, Patrik Mjartan wrote:
Thank you very much for the reply!

I went through the tutorial a few days ago and loved it.

One, very important, question that I forgot to ask - one of the biggest advantages on having an actual desktop front-end app is having a direct access to media, such as printers. Hence a simple button click in the app would result in some document getting printed by default printer (or w/e printer is selected by code, not necessarily user). Is it possible to capture such functionality by web-app at all? Printing PDF documents is not a huge problem (users can just download the PDF invoice and print it manually), problem is for example receipts (in case of future expansion to include on-site sales).

If it is not possible to do it directly, I guess it's always possible to make a small stand-alone app that communicates with the server and listens on when it should print certain documents.

On Friday, April 29, 2016 at 7:05:52 PM UTC+1, Fred Stluka wrote:
Patrik,

Yes, Django can be used for that. 

The "ORM" features and the "templates" and "views" of Django
make it very easy to do a "CRUD" app for a users to create/
retrieve/update/delete data in any RDBMS. 

There are some built-in security features like logins, protection
against "CSRF" attacks, etc. 

Django "formsets" make it easy to show multiple rows with a
details panel for the row currently selected.

With a web app, you won't have to re-distribute the front
end.  Just push a new version to the server.

Django's templates and views both support "inheritance",
which should solve your problem of managing multiple
related forms.  And, there are many Open Source custom
widgets for Django and for JavaScript that will give you all
the sub-grouping and tree-views that you need.

Django scales very well to large amounts of data, large
numbers of screens, and large numbers of users.  There
are many performance tuning options, including "caching"
of templates, and of fully-constructed pages, and of DB
data.  Also, lots of other "middleware" for security,
performance, logging, and other "aspects" of the software.

Yes, you can run a Django server locally, behind a "firewall",
or can expose it to the world, securing various parts as
needed.

To make it as secure as possible, I'd put in on a Linux server
that is protected by tools like Logwatch, Fail2ban, and
Tripwire.  See:
- http://bristle.com/Tips/Unix.htm#unix_security
And be sure to redirect all page requests from HTTP to
HTTPS.

I do all of this and more, including processing financial
transactions and supporting "multitenancy", restricting
access by thousands of different users, each to his own data,
plus "attribute based access control" for cases where data is
shared, at the Web site I'm currently working on:
- http://HelpHOPELive.org

Sorry for all the terms and acronyms, but if you're considering
writing such an app, you'll need to be aware of them and they're
all pretty easy to Google.  Feel free to reply with more questions. 

Also, you'll quickly get a feel for Django's power if you go
through the on-line tutorial at:
- https://docs.djangoproject.com/en/dev/intro/

Enjoy!
--Fred
Fred Stluka -- mailt...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
On 4/29/16 12:57 PM, Patrik Mjartan wrote:
Hi,

I work for a very small company that I developed an application for, all using MS Access (it has back-end MS Access db - although this is planned to change to some more robust RDBMS, and a front-end app built in MS Access). Currently this app is used to calculate the exact wages of some employees (sorry, English is not my native language so I don't know how that type of wage is called here, but basically we look at how many products they produced and calculate it based on that. It's not a hourly wage). However, this summer I would like to expand it to do some order management too (ie. each order has specific products that need to be produced... each of those can be produced by our employees and so it's directly linked to the wages).

However, it is very hard to manage everything using MS Access. Basically each time I make any change to FE or BE, I have to re-distribute the FE to all of the front-users. This is not a HUGE problem, the big problem, however, is within the MS Access itself, that is, it's very hard to manage all the forms as they are listed as simple names (ie. you cannot sub-group them efficiently to make a tree-view). Overall I cannot see myself working with MS Access in 5 years time as I can already see the scalability problems after a few months of working with it.

What I thought of, however, is making a website that is only for local use, but is it possible to have the same functionality as a regular front-end app? Is this good idea to begin with? I had a brief look at Django (I'm VERY new to web-dev, but I'm a fast learner I like to think) and I really like it so far. But is it possible to have the same level of functionality MS Access offers? That is, for example a sub-form on a form that gives more details about the current record selected in the main form? Ie. main form consists of overview of 10 recent orders and the lower portion of the main form is a subform that displays some detailed info about a selected order.

How does it stand from security-perspective if the app is changed from local to public? Obviously even on local I'd imagine I'd put a login requirement there, similar to how the admin page has it, but how safe is it regardless if put to public? Are there pre-determined measures that if taken, it will be 100% secure? As you'd imagine I wouldn't be very happy if someone deleted all of our inventory records because they could bypass the logging system.

Is there any good literature I can read up on doing some similar exercises/examples? For instance: orders/inventory management web app?

Thanks a lot in advance!
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fdee3fe0-6f3e-4d5b-862c-3a875b04035b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/af709945-ddab-4e9b-97bb-ffc6d36f34dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/727bc5dd-0df8-4b78-951f-8f1b999b9e5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Posted by at No comments:

Re: Is it good idea to transition from MS Access to a webapp? And if so, is Django a good tool to do it?

I had a brief look and AWS looks really good indeed. Thank you very much for thorough explanation as well on how to go about it.

A rather newbie question - when I make an account on AWS, I assume I have to ssh there from my local computer to do 'anything', that is, there is no 'shared desktop' or any such thing, is there, that is, everything has to be done through command line, right?
Similarly, what about installing the OS itself? Is it some pre-installed linux version where I ssh into and do my thing, or how does it work?

Also a thing that I was not sure about - does the django's account that connects to the DB has to have rights to create/delete tables (+ certain update/insert/delete restrictions)? I assume all the tables are setup when the app is under development and once it's 'up in the public' there isn't going to be excessive changes to the back-end. Of course there could be once in a while, but that could be, again, using 'root' type of account for the DB itself, once it's done the django would again use non-root DB account.

On Friday, April 29, 2016 at 9:17:08 PM UTC+1, Fred Stluka wrote:
Patrik,

I host the servers of all my clients at AWS (Amazon Web Services).

I'd suggest you start by running the DB server (MySQL, PostgreSQL
or whatever) on the same Linux server as the Web server (Apache,
nginx or whatever).  Have the Web server handle all the static files
(HTML., JS, CSS, image) and forward the Django requests via WSGI
or uWSGI to the Django server on the same Linux server.  You can
do it all with one AWS EC2 micro instance, which is free for the
first year, and only $0.02/hour ($15/month) after that.

As your needs grow, you can scale vertically by converting your
micro instance to a small, medium, large, XL, XXL, etc.  And/or
you can scale horizontally, by moving the DB server to it's own
EC2 Linux server or to the AWS RDS service.  And by using AWS
ELB, Autoscale, ElasticBeanstalk, etc., to manage farms of web
servers and DB servers, allocating and terminating servers as
needed to handle the load.  It's a one-line change in the Django
settings file to point Django to the IP address of an RDBMS on a
different server.

Or turn the entire ops business over to AWS and just use their
AWS Lambda service to serve the HTTP requests.  I haven't yet
done that with Django, so you'd have to look into how well it
works.

For security reasons, configure Django to use a non-root user
at the DB server, ideally one with as few privileges as possible. 
And make sure that the DB server is running as a non-root Linux
user.  It everything accesses everything as root, you have a big
security risk.  If someone DID succeed in hacking your Django
app, and became able to get it to execute arbitrary SQL calls,
they could make an SQL call that causes the DB server to make a
system call (as root), that could run arbitrary code on your Linux
server.  So, lock it down at each level, just in case.

For more info about AWS, see:
- http://bristle.com/Tips/CloudComputing.htm
- http://bristle.com/Talks/CloudComputing/current/

For direct printer access from a web app, see:
- http://google.com/search?q=direct+printer+access+from+a+web+app
Lots of hits, so I'm thinking it must be possible.

--Fred
Fred Stluka -- mailt...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
On 4/29/16 2:40 PM, Patrik Mjartan wrote:
Sorry, I miss-clicked post button and so I will reply twice now.

Another important (rather obvious to you I guess) question would be - what is the usual structure of the servers?

What I mean is - I assume we don't want to have the actual DB on the same server as where we host the website.

Is it usually such that Web server is hosted by some hosting company (so they can make sure it's up 24/7) while DB server is on the premises of the company (ie. the one for which I work for) such that data can be retrieved faster? Although I guess that doesn't make too much sense either, as the data has to be retrieved by web-server first in order to be presented to the user...

Overall I'm quite sure that the company I work for would prefer paying some hosting companies to host everything so they don't have to spend money on (potentially) expensive hardware. Is this the standard approach?

I'm a total newbie in this area so would appreciate some help ^_^.


On Friday, April 29, 2016 at 7:33:58 PM UTC+1, Patrik Mjartan wrote:
Thank you very much for the reply!

I went through the tutorial a few days ago and loved it.

One, very important, question that I forgot to ask - one of the biggest advantages on having an actual desktop front-end app is having a direct access to media, such as printers. Hence a simple button click in the app would result in some document getting printed by default printer (or w/e printer is selected by code, not necessarily user). Is it possible to capture such functionality by web-app at all? Printing PDF documents is not a huge problem (users can just download the PDF invoice and print it manually), problem is for example receipts (in case of future expansion to include on-site sales).

If it is not possible to do it directly, I guess it's always possible to make a small stand-alone app that communicates with the server and listens on when it should print certain documents.

On Friday, April 29, 2016 at 7:05:52 PM UTC+1, Fred Stluka wrote:
Patrik,

Yes, Django can be used for that. 

The "ORM" features and the "templates" and "views" of Django
make it very easy to do a "CRUD" app for a users to create/
retrieve/update/delete data in any RDBMS. 

There are some built-in security features like logins, protection
against "CSRF" attacks, etc. 

Django "formsets" make it easy to show multiple rows with a
details panel for the row currently selected.

With a web app, you won't have to re-distribute the front
end.  Just push a new version to the server.

Django's templates and views both support "inheritance",
which should solve your problem of managing multiple
related forms.  And, there are many Open Source custom
widgets for Django and for JavaScript that will give you all
the sub-grouping and tree-views that you need.

Django scales very well to large amounts of data, large
numbers of screens, and large numbers of users.  There
are many performance tuning options, including "caching"
of templates, and of fully-constructed pages, and of DB
data.  Also, lots of other "middleware" for security,
performance, logging, and other "aspects" of the software.

Yes, you can run a Django server locally, behind a "firewall",
or can expose it to the world, securing various parts as
needed.

To make it as secure as possible, I'd put in on a Linux server
that is protected by tools like Logwatch, Fail2ban, and
Tripwire.  See:
- http://bristle.com/Tips/Unix.htm#unix_security
And be sure to redirect all page requests from HTTP to
HTTPS.

I do all of this and more, including processing financial
transactions and supporting "multitenancy", restricting
access by thousands of different users, each to his own data,
plus "attribute based access control" for cases where data is
shared, at the Web site I'm currently working on:
- http://HelpHOPELive.org

Sorry for all the terms and acronyms, but if you're considering
writing such an app, you'll need to be aware of them and they're
all pretty easy to Google.  Feel free to reply with more questions. 

Also, you'll quickly get a feel for Django's power if you go
through the on-line tutorial at:
- https://docs.djangoproject.com/en/dev/intro/

Enjoy!
--Fred
Fred Stluka -- mailt...@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
On 4/29/16 12:57 PM, Patrik Mjartan wrote:
Hi,

I work for a very small company that I developed an application for, all using MS Access (it has back-end MS Access db - although this is planned to change to some more robust RDBMS, and a front-end app built in MS Access). Currently this app is used to calculate the exact wages of some employees (sorry, English is not my native language so I don't know how that type of wage is called here, but basically we look at how many products they produced and calculate it based on that. It's not a hourly wage). However, this summer I would like to expand it to do some order management too (ie. each order has specific products that need to be produced... each of those can be produced by our employees and so it's directly linked to the wages).

However, it is very hard to manage everything using MS Access. Basically each time I make any change to FE or BE, I have to re-distribute the FE to all of the front-users. This is not a HUGE problem, the big problem, however, is within the MS Access itself, that is, it's very hard to manage all the forms as they are listed as simple names (ie. you cannot sub-group them efficiently to make a tree-view). Overall I cannot see myself working with MS Access in 5 years time as I can already see the scalability problems after a few months of working with it.

What I thought of, however, is making a website that is only for local use, but is it possible to have the same functionality as a regular front-end app? Is this good idea to begin with? I had a brief look at Django (I'm VERY new to web-dev, but I'm a fast learner I like to think) and I really like it so far. But is it possible to have the same level of functionality MS Access offers? That is, for example a sub-form on a form that gives more details about the current record selected in the main form? Ie. main form consists of overview of 10 recent orders and the lower portion of the main form is a subform that displays some detailed info about a selected order.

How does it stand from security-perspective if the app is changed from local to public? Obviously even on local I'd imagine I'd put a login requirement there, similar to how the admin page has it, but how safe is it regardless if put to public? Are there pre-determined measures that if taken, it will be 100% secure? As you'd imagine I wouldn't be very happy if someone deleted all of our inventory records because they could bypass the logging system.

Is there any good literature I can read up on doing some similar exercises/examples? For instance: orders/inventory management web app?

Thanks a lot in advance!
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fdee3fe0-6f3e-4d5b-862c-3a875b04035b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/af709945-ddab-4e9b-97bb-ffc6d36f34dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/727bc5dd-0df8-4b78-951f-8f1b999b9e5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at No comments:
Subscribe to: Posts (Atom)