Uses:
- Django 1.8.1
- Python 3.4
Make the project:
$ django-admin startproject elevennote
Create some initial tables:
$ python manage.py migrate
Run the server:
$ python manage.py runserver
And connect at http://localhost:8000/ to verify that everything is working.
Create a superuser:
$ python manage.py createsuperuser
...
$ python manage.py runserver
Connect to the admin at http://localhost:8000/admin
Make your app:
$ python manage.py startapp note
Modify models.py and admin.py to contain your first model.
Apply changes to DB:
$ ./manage.py makemigrations note
$ ./manage.py migrate
You can now view this in the admin.
Modify the note/admin.py file and see how the admin can be customized.
Modify note/urls.py, note/views.py, and elevennote/settings.py to
and create templates in the note/templates/note/... directory to create
your first views.
Add URLs and templates for the authentication system. Make the existing
views use the @login_required decorator.
(Also, add in a redirect for the root URL)
Copy in templates and add in urls for creating new users.
Add an owner field to the model. You'll need to run migrations. You can use
a default value of 0 for the migration.
$ ./manage.py makemigrations note
$ ./manage.py migrate
Then, restrict the view on the index page so that a user can only see their own notes.
Class-based views can significantly reduce code. Switch our two function-based views to class-based views before we begin adding more views.
If your classes have shared code you can put them into a "mixin". This will allow you to easily share code among multiple classes.
We will start by sharing the login_required requirement among both our classes, and
re-use this mixin in future classes we create.
Currently notes can only be created in the admin. Add a new CBV (class-based view) that allows note creation.
This also includes a new concept, forms.
If more than 5 forms are created then all the forms will not be displayed. Add pagination, and also make sure to sort the forms that we display by the date they are published (in reverse order).
Add in a more advanced editor. A WYSIWYG (What You See Is What You Get) editor will allow the text to be formatted.
Steps:
$ pip install django-wysiwyg==0.7.0
Diff between chapter 11 and 12 to see settings and template changes necessary.
Currently anyone who is logged in can read any note (by modifying the URL).
Override the get() method to issue a 403 Forbidden if a user is trying to
read a note they don't own.
Add the ability to edit existing notes, as well as a link from the index page to the edit page.
Begin improving the UI by displaying the full note on the index page. Remove the edit button. Instead, clicking on the name takes you to edit the note. (The details page isn't really needed any more)
Separate the form page into two columns. The list of notes and a form to create/edit a note.
We will do away with the index and detail views as they are no longer used.
Build a JSON endpoint to return the list of notes for a user.
Note: this code is not merged back to master because we will replace
this API with Tastypie in the next chapter.
The version of Tastypie that pip will find by default is not new enough for Django 1.8, so install the latest version from Github:
pip install -e git+https://github.com/django-tastypie/django-tastypie#egg=TastyPie
Tastypie offers an easy way to build an API: https://django-tastypie.readthedocs.org/en/latest/
http://localhost:8000/api/v1/note/schema/?format=json http://localhost:8000/api/v1/note/?format=json
Note: in order to make the API more interesting we have loosened the restriction here that prevents seeing other users posts. (For that matter, our API is wide open. Anyone can access the data, even people who are not authenticated)
We can add in filtering of the API with just a few lines of code.
We'll also add in users at the same time, and then this type of
filtering will work (swap [USERNAME] with scot or whatever):
http://localhost:8000/api/v1/note/?format=json&owner__username=[USERNAME]
You can also now see users info at:
http://localhost:8000/api/v1/user/schema/?format=json http://localhost:8000/api/v1/user/?format=json
Note how we restricted some user fields. We don't want to make the users emails (and other fields) publicly accessible.
Revisit the issue of locking down the API so that a user can only see their own notes.
This users Django authentication and a custom authorization model.
http://localhost:8000/api/v1/note/?format=json&owner__username=[NOT YOU!]