DEV Community: Diego Uribe Gamez

Django REST framework +OAuth

Diego Uribe Gamez — Wed, 17 Nov 2021 12:40:10 +0000

In this article we are going to configure Django, this excellent framework for web development, in addition to this we are going to integrate a module called Django rest framework which is a toolkit that will allow us to create REST views in a simple way, and we will also protect the application using OAuth, this is an open protocol to manage security and is especially useful for applications that want to access our system externally.

Let's do it

In this example we are going to follow the following route:

Setting up the development environment
Data model
Create a request list
Configuring OAuth
Protect views
Automate OAuth
Final notes

Repository url:
https://github.com/diegoug/Django-REST-framework-OAuth

Setting up the development environment

In Windows and in Visual Studio Code (vscosde) the cygwin terminal was configured, which has a behavior similar to unix systems, and additionally, the make and bash-completion programs were installed, this will be useful as a standard to be able to run our project on linux and mac which are unix systems.

We are going to add our configuration of the directory .ssh in the root of (C:), which is where our terminal will look for the ssh keys through our command (cd C:), this takes us to the path "/cygdrive/c/" which is access to disk C from cygwin, this configuration will help us to keep the django service running, also to be able to access from terminal and to be able to activate Django's debugging mode in vscode

Having docker and compose installed, we are going to position in the directory of the project that we cloned, we create the docker network, we compile the project and we are going to run the containers with the following Makefile commands

´´´
$ make create-network
$ make build-development
$ make start-development
´´´

After starting a clean environment in Docker, the project named django_rest_framework_MS was created inside

We configure the database that we are going to use, for our case it will be PostgreSQL that has excellent functionalities that adapt well to the functionalities of the django ORM, migrate, create a super user in the terminal and with this we have access to the admin of django

Data model

After creating a project, we are going to create an application for our library and then we are going to create two models, one for books and the other for authors.

Create a request list

Once our models are created, we create a simple view that is capable of delivering a list of books and the authors of each book, in a web view as well as in a rest view.

urls.py

views.py

We add some sample data and test the functionalities of the view using postman and the web browser

Postman

Chrome

Configuring OAuth

We are going to install Django OAuth Toolkit, on the official page of the library there is a section that details the installation of this library, in addition to the configuration to work with the Django Rest framework, you can find it HERE! in this link

After installing it, we are going to perform the following configuration to obtain the OAuth credentials of the super user that we have created previously from the django admin

We copy the credentials and use them to get our token from Postman

Protect views

We must protect the view from two sides, from the web side by username and password and then from the api side using OAuth

Web view
We globally configure Django rest framework in the settings so that the views use username and password

We test that it does not allow access

We add the urls of Login and Logout

We configure the redirect urls of the settings

We test the correct access

It works :D

API view
As we want the same view to handle both the web part and the api, we are not going to leave the two types of permissions declared at the same time in the settings (user / password and OAuth) the default configuration will be with username and password, and for the api urls we are going to overwrite the permissions with the OAuth configuration.

We tested that it does not allow access by postman to the api view

We add to the books view a configuration of authentication_classes and permission_classes when the view is instantiated on the url of the api

We test the correct access

It works :D

Automate OAuth

To finish, we are going to create a web endpoint that once the user has accessed the web application and navigates to a specific url in the web application, it gives him the Oauth credentials, we do this so as not to manually create configurations for each user that try to access through postman, if not rather that they enter the web application and look for their credentials.

urls.py

views.py

Chrome

It works :D

Final notes

It is important to note that this is only an example, and the advanced security configuration will depend on the administrator, an example is SSL encryption and the correct configuration of the settings that guarantee this security

We can also apply a microservices type configuration, to place a transversal and transparent authentication layer to all Django type micro services, but this is the subject of another article, now if you are interested in getting this part faster please leave a comment and share.

See you next time.

L2/Junior developer at Platzi

Diego Uribe Gamez — Tue, 10 Dec 2019 05:02:47 +0000

Related article:
L3/Middle developer at Alkanza

This is a company that is dedicated to helping people create and develop innovative ideas in the world of technology, and as a consequence for these people they improve their quality of life; It is also a team of people who guide a community.

This company also helped me grow from L2/Junior to L3/Medium developer, and many people participated in my personal development, each of them giving me personal and professional lessons, directly or indirectly, I could say that this was once the best growth school in which I participated.

Professional lessons

Platzi is the best example of the search for quality in the professional aspect to give students the best experience, they can even reach the professional point where they experiment with developments and technologies that they do not yet offer in their courses to validate the new technologies that they are good for the future, that makes the platzi courses one of the best sources of information and they are also a signal to know where the technology is going.

And the lessons that can be learned from this are:

We must see where the technology is going, whether we use it or not, this will give us the perspective of how these technologies can help us or also teach us to see what people we want to join.
We must investigate and adopt the standards that represent quality and scalability, this will help us to give our best in the things we do, and these will represent us in front of others.
We must lose the fear of creating and experiencing new things.
Finally, these lessons and others represent Platzi's motto "Never stop learning"

Personal lessons

Not only do you live on technology, it is also important to grow personally, because you can always learn something new and nobody is perfect, and here having lived with a group of people who do their best to develop their professional aspect I also managed to learn personal lessons, which I understood at the time or later.

You can always grow, that is why we must strive to think that it is necessary to be the best of ourselves, be people who can help others grow, realize our defects and work on it, all this so that we all grow together, and it doesn't matter if others don't realize, we should help them understand.

To lose is to win, always that we strive to grow and although we fall if we learn a lesson, but we will only benefit when we manage to reflect on it, and to achieve this we must meditate in our words, the message behind people, which is behind his expressions and his language, here the most important thing could be to shut up and listen, and then be able to give a good answer.

What does it hold for the future?

We who are in this community can see that if we work together and strive to learn we can improve the future, but not everything is rosy since we are in a struggle, the world is increasingly complex, each time we are more, many people use what they learn from technology for bad things, there are more conflicts, many people do not know how to learn new things, many people do not know Platzi, the situation will become increasingly difficult.

Platzi helps us withstand this crisis, giving us tools, holding us so that when the greatest difficulties pass we can get ahead, and we can take advantage to take the lead, so nothing has been lost and in fact this is the best time to "never stop to learn".

L3/Middle developer at Alkanza

Diego Uribe Gamez — Thu, 05 Dec 2019 11:52:12 +0000

Related article:
L4/Senior developer at Mesfix

Alkanza

It was a fintech that specialized in managing and developing high-level investment services, with a team of professional financials and developers to make high-impact technologies.

In my experience, the best thing about the company is its financial responsibility, which can reach an unpredictable detail, this because for the company the client must feel backed by the experience and the good management of their finances.

On the technological side, when I was working in the company, one thing that I learned is to see how although from the beginning things could have worked badly, many things cannot be remade, but rather we have to move on and we have to implement improvements on the proposed things, so that you can walk towards the future.

One of the things that came to my attention was to understand the legacy code, the current functionalities due to the complexity of the same and above all I was able to propose new ideas due to the aforementioned.

Index:

Overengineering
The spaghetti code
Sub processes out of control
Conclusion

Overengineering

From the lessons that I let myself be in the technological team was to understand how a technology can be misunderstood, due to the circumstances of the engineers, this can cause a technology to be implemented in a very complex way, reaching its purpose but taking a very long road, and in practice you could see spaghetti code, sub processes out of control, functionalities of the language without purpose or with an inappropriate purpose and duplication of code, all this leading to generate delays in the new functionalities.

And how to repair this?

As I told you, if you get to see engineering level failures but everything is working because the client is being served, the most logical thing is to say that nothing is failing, then what you should do is enter new functionalities with the corrections and go correcting the other features periodically.

Return to Index

The spaghetti code

After a certain point it has no solution, this happens when a practice such as fucional programming is improperly implemented, and it can happen that a function depends on many other functions, or that a parameter is passed through a parent function but being used for a granddaughter function :D then the best thing that could be done is to create new functionalities with the new practices.

The correct way to implement the fucional program is for a parent function to call a daughter function, that if a daughter function needs a parameter but the parent function has the information to obtain that data then call a function that brings that parameter and then there is if you pass it to the daughter function, making the main cycle pass in the father function.

In fucional program, in a parent function the following actions should happen, 1. validate input parameters and respond to the client if there is any problem to correct them, so that the children do not deal with errors or changes in the data, 2. obtain external parameters, can be database objects to perform the requested action, this step could be optional, 3. execute the action with all the data already present, 4. answer the request, this can be positive or negative, depending on the result of the Data operation, this is my vision of functional programming.

Return to Index

Sub processes out of control

Django can perform sub processes using celery, here the important thing is that a sub process is that, just one, that fulfills its function and is doing a well-done task, but it could happen that by having the ability to create sub processes we make a sub process creates another sub processes only by evaluating a condition, here the solution is simpler, it can be corrected simply by unifying the sub processes or making the new functionalities well done.

Language functionalities without purpose or with an inappropriate purpose and duplication of code, that can be solved with training and a better understanding of the language, in addition to a study of good practices and standards by the development team, when it is achieved we can see how the team better develop its code, being careful not to over-engineer and giving it Higher quality to the final product.

Return to Index

Conclusion

At Alkanza, when facing these difficulties, we were able to begin the development process aimed at creating solutions that were not only impactful but also efficient, unfortunately this company stopped working.

Mauricio Gutierrez left the biggest lesson because his financial responsibility inspired me to think about the importance of managing my finances well and having a lot of attention to the detail of the finances of others, since it is for all an important aspect of our lives and deserves the greatest attention.

Return to Index

L4/Senior developer at Mesfix

Diego Uribe Gamez — Fri, 22 Nov 2019 15:17:57 +0000

Related article:
L5/Senior developer, what's next?

Mesfix

This is a company that contacts buyers with companies, these companies sell their invoices receivable to payers, sell their invoice for a quick payment losing a small percentage, the company that sells can reinvest and expedite its operation, and the buyer of the invoice use your money and earn a percentage at the time the payer pays the bill, in Colombia this is an excellent idea since companies can take between 15 and 20 days to pay for the products they already received; Mesfix is currently expanding its product range.

In my experience in this company the best of the development team is its culture; Manuel his CTO makes each of its members feel as part of his Family.

One of the things that impressed me most about the Mesfix team and its technology was the very intuitive and organic way in which they implemented the micro services methodology, in a simple way they managed to form the idea that a backend for frontend consults an orchestrator that may or may not be related to a micro service, this orchestrator would be responsible for unifying the information without performing logical business operations and the micro services would be responsible for operating the logical queries requested by the orchestrator and operating the information either by storing or reorganizing it, just great.

When I arrived, they had already gone through a process where much of the monolithic architecture was separated by passing it to a microservice architecture, and my task was to help the team implement good development practices that were not available at the time.

Index:

- [GitFlow](#gitFlow)
- [Docker](#docker)
- [Unittest](#unittest)
- [API RestFull](#api-restfull)
- [Documentation](#documentation)
- [jenkins and continuous automation](#jenkins-and-continuous-automation)
- [Micro data service and django admin](#micro-data-service-and-django-admin)

GitFlow

The first thing was to organize the process of developing functionalities in the repository, we went on to implement the GitFlow methodology, with the nomenitlatures, feature / name-functionality that would be the name of the branch to create a new functionality, hotfix / fix that would be the name of the branch to fix errors in production and the master branch would be blocked from merge to pass the code integrations using only pull requets, I know that it is not all the GitFlow standard but for a team that had not worked using branches and pull request It would be an excellent start.

Return to Index

Docker

From machine installation to installation in Docker; When I arrived at Mesfix, all the developers installed the platform on their local machine, some with Linux, others with Mac, this was quite complicated since there were varied problems when installing or performing maintenance of not knowing why in some machines it worked and in others, in addition to the same problems happening in production, it was then that the docker environment was developed for development mode, and then for production mode.

From this experience, what I remember the most and the most joy was that when we had finished the development mode so that the team could work faster, at that time the company supplied a Mac to each developer and we could try it on these, here the result It was a success and we went to work more calmly and without relying directly on our machines to start the developing platform.

Return to Index

Unittest

Unitary endpoints tests were implemented using ava.js, so that developers could use it, we match the test file architecture to the services architecture, and add a command to a Makefile so that they could run the tests in three different ways , a) run all the tests, b) run all the tests of a service, and c) run all the tests of a functionality.
This is the organization of the test files:

root-test-files
  service_1
    functionality_1.js
    functionality_2.js 
  service_2
    functionality_1.js
    functionality_2.js

the command:

make start-testing
make start-testing service_1
make start-testing service_2 functionality_2

Return to Index

API RestFull

An important part of the software development that we wanted to improve was to adhere to the industry standards and stop developing instinctively, so the standard we gave priority was to the RestFull API, the general idea was to optimize the loading time and improve the search performance, for which we choose the most delayed endpoints, we study them and rethink them adhering to the standard, and this development initially optimized the performance of the commercial area and subsequently of the clients giving a great boost to the company.

Return to Index

Documentation

We must always look at the documentation when we do not want a system to be dependent on those who develop them, this part is always the most complicated, because there are many standards, because the documentation is not maintained, because the development is very Fast and there is no time to do it, there are many things that can happen in the process, and a problem we wanted to attack was the fact of not knowing where to leave the documentation, for this we noticed that most of our resources were rest and we were doing Resfull new versions, we decided to add the documentation to the same endpoints using a parameter to be consulted, where the first thing we evaluated was the precence of the parameter and if it happened the endpoint documentation was delivered to the client, now the documentation was in a markdown file, which the endpoint read and transformed into HTML to deliver to the client that made the request, in addition to these Markdown files could also be seen through the github interface giving it an extra point, in case a developer needs the documentation, he does not need to invoke the endpoint and instead we give him the link to the documentation.

Return to Index

jenkins and continuous automation

On this part I was not very much in front of the development but I did have the opportunity to guide a co-worker that I was learning, and this might not be a good antecedent for the result, but the guide was the key part to realize this functionality, in general several key points were worked on which could be the starting point for the future scalability of the project:

pipeline: a deployment flow that might be able to identify potential problems before, during and after deployment
environments: possible deployments with different goals in different areas of development, with fidback included.

Return to Index

Micro data service and django admin

The storage, centralization through databases, and administration by the area of operations is an essential part of the study of the clients, and an MVP was carried out with the goal of not having direct interaction with the design area to give it a growth fast independent of other areas, we have decided to use the Django admin since it technically had these characteristics, since when programming the django admin it reacts visually to the programming lines, and it got to be programmed in a very advanced level of python, and the project has growth potential, but from this experience I specifically have another post to which you can go What is the Django admin for?

Return to Index

Thank you and see you soon

Debugging nodejs easy, simple, without complications.

Diego Uribe Gamez — Mon, 11 Nov 2019 14:12:20 +0000

The professional way to debugg an application that is running in Nodejs on the server side is as follows:

First, we add the flag inspect in the command that runs our server js.

$ node --inpect file.js

second, in our Chrome or Chromium browser we open the url chrome://inspect/#devices and configure a new device:
Third, we configure the device in localhost and port 9229, which is the default port:

And voila, this way we can discuss our service locally:

If we need to adjust the port, or add it to an inspector of a client such as Visual Studio Code, or stop the inspector in the first line to be able to debut before the start we can see the official documentation and these could be the results:

$ node --inpect=0.0.0.0:9229 file.js
$ node --inspect-brk file.js

Node.js official Debugging Guide

Beyond the professional aspect

There are two problems that we face when working in this way, the first is that if we want to make a change we must stop and restart our server, the second is that if the application dies we must restart our server again.

To solve this problem we will use two programs:

Forever: your job will be to maintain and restart our nodejs server in case our application dies.
Nodemon: it will be in charge of monitoring our application files in case we make any changes to it.

we install forever and nodemon

$ npm install -g nodemon@1.19.4
$ npm install -g forever@1.0.0

our server will run as follows

$ forever -c 'nodemon --watch /opt/app --inspect=0.0.0.0:9229' file.js

With this we can develop faster and we will not waste time when working our service.

I hope you liked the content, if you have any questions or want to write about a related topic, please leave your comment, until next time.

L5/Senior developer, what's next?

Diego Uribe Gamez — Thu, 24 Oct 2019 20:30:44 +0000

Index

- Introduction


Economic awareness
The personality

Point Zero

Introduction

After growing up in my career through levels 1 to 5 (Junior, medium, senior), it was time to jump to a highest category, and there is a question, how to level up? At this point, when is already known that you are at a certain level, you should know how to go up to the next level, and it is important to review the lessons learned first (from my perspective) to be able to understand what is the next step and prepare for what is coming.

Return to Index

Economic awareness

To level up you need to be aware of how you are leading your lifestyle and how to improve it, personally, it wasn't difficult to realize that I was wrong. The problem was to fix the things or situations that was already done wrong and the biggest mistake was on the financial area, where I got into debts as soon as I got my first job. Even though I wouldn't say that I did not enjoy it but also I couldn't say that I invested that money correctly because it was for immediate pleasures.

Return to Index

In order to overcome these economic problems, the first step is to realize when this mistake is constantly being made, and when we have an inconvenience to realize about our own problems, it is important to be open minded on what others say about ourselves and to be willing to hear what their opinions. In my personal case, the first person to bring up this topic was John Freddy Vega from Platzi, who says firmly that getting out of debts and having control of the economy can help us to move forward, then I started watching YouTube channels that talk about finances and good financial habits, such as Paths of Success esp between others.

The next step is to start changing financial habits and focus on paying debts without borrowing more money during the process. Hence, the reflection learned is that getting a debt can happen in a quick moment, some of those decisions can take less than 30 minutes, but paying off debts can take years.

Luke 14:28: For example, who of you wanting to build a tower does not first sit down and calculate the expense to see if he has enough to complete it?

The personality

The second aspect that must be taken into account is how to improve our own personality, because it can always improve and it is also true that we all have defects, so it is important to constantly work this personal aspect by not thinking about pleasing other people, but realize that our personality can give a positive contribution to everyone around us.

To get into details, we must take into account how we can educate ourselves in this area, as well as we can educate ourselves in the technological area in institutions like Platzi or free platforms like YouTube for financial matters. Then, to improve my personality, I realized that I need to work on my spirituality and my moral principles.

The best education I found to work my personality is Biblical education, and not a moral education based on zealotry but rather an education based on principles and laws that are not difficult to accomplish in order to benefit the ones around me and myself. Also, taking into consideration that I am not judging anyone or imposing my beliefs, but without forgetting that I can educate on this path and share these benefits. In JW.org I managed learning lessons like the ones listed below:

Pr 22:3 The shrewd one sees the danger and conceals himself, But the inexperienced keep right on going and suffer the consequences.
1 Cor 23 All things are lawful, but not all things are advantageous. All things are lawful, but not all things build up.
Pr 17:9 Whoever forgives a transgression seeks love, But the one who keeps harping on a matter separates close friends.
Ga 5:22,23 On the other hand, the fruitage of the spirit is love, joy, peace, patience, kindness, goodness, faith, mildness, self-control. Against such things there is no law.

Meditating on these tips and many others has changed my personality for good since this education has educated me to understand that it is not only about having knowledge in technology or financial processes but in knowing how to apply this knowledge to take good decisions.

Return to Index

Point Zero

The last step is to return to a zero state, which is the moment where we can start again without the world pressures such as economic responsibilities or daily labors. It is about doing something that makes you happy and to simplify life. For me, this moment has arrived, the one to keep on strengthening the lessons learned and look forward for a true happiness that consists in complaying my purpose towards God and loving others and the rest of things will be given on the way.

Mt 6:33 “Keep on, then, seeking first the Kingdom and his righteousness, and all these other things will be added to you.

Return to Index

Thank you all who have accompanied me on what I have been on my way, and I hope to continue growing among all of you.

Backend application + Socket.io

Diego Uribe Gamez — Fri, 18 Oct 2019 17:50:37 +0000

One of my abilities is to use socket.io along with a backend application (In this case, it is Django) to send real time events to the web browser.

The key is to use socket.io as a bridge of events without over-optimizing the infrastructure, by not handling the business logic on this bridge.

To perform this, It is necessary to follow the following steps:

The user log in to the web application, when the backend dispatches the HTML access.
The web application have to request access to the socket server.
The socket server have to verify the authenticity of the user that is longing in with the backend.

Let’s do it.

The user log in to the web application, when the backend dispatches the HTML access.

Ok, At first the backend sends the django user to redis in a temporarily form, and secures it with a key.

Then, it dispatches the HTML along with the cookie that contains the key hat we used to secure the user in redis, giving as a result our template, as follows:

class IndexTemplateView(TemplateView):
    template_name = 'base.html'

    def get_context_data(self, **kwargs):
        context = super(IndexTemplateView, self).get_context_data(**kwargs)

        self.set_access_token()

        data = {
            'title': 'Connect nodejs with your app'
        }

        context.update(data)
        return context

    def set_access_token(self):
        self.token = get_random_string(32)
        key = 'session:%s' % str(self.token)
        data = {
            'user': 'diegoug'
        }
        value = json.dumps(data)
        redis.setex(key, 86400, value)

    def render_to_response(self, context, **response_kwargs):
        response = super(IndexTemplateView, self).render_to_response(context, **response_kwargs)
        response.set_cookie(key='nodejskey', value=self.token, max_age=86400, domain=os.environ.get('DJANGO_SERVER_NAME', ''), secure=None)
        return response

The web application have to request access to the socket server.

This step is the simplest, here the HTML javascript accesses the socket server and when it accesses correctly, it displays the user name on the screen. Here the HTML code:

<script src="{{request.socketio}}/socket.io/socket.io.js"></script>
<script type="text/javascript">
  window.nodeServer = '{{request.socketio}}';
</script>
<script>
  const socket = io(window.nodeServer);
  socket.on('join', data => {
    let string = 'message: '+ data + '<br>';
    document.getElementById('data').innerHTML += string;
  });
</script>
<h1>{{ title }}</h1>
<div id="data"></div>

The socket server have to verify the authenticity of the user that is longing in with the backend.

At this point the socket server have to take the key from the cookie and take out the data of redis, if this data exists, it allows the socket to access to the connection event, sending an event to a channel that notify the user.

// dependencies
const Io = require('socket.io');
const redis = require('redis');
const cookie = require('cookie');
const serialize = require('node-serialize');
const clientRedis = redis.createClient(process.env.REDIS_PORT, process.env.REDIS_HOST);
clientRedis.select(1);
// module
function Socket () {
    this.io = Io.listen(process.env.SOCKETIO_PORT);
}
// run socket
Socket.prototype.run = function () {
    // set auth
    this.io.use((socket, next) => {
       this.auth(socket, next);
    });
    // when a client connects
    this.io.sockets.on('connection', socket => {
        // event join
        socket.emit('join', socket.handshake.user);
    });
};
// authentication
Socket.prototype.auth = function (socket, next) {
    // get cookie token
    const userCookie = cookie.parse(socket.request.headers.cookie);
    // redis validation
    clientRedis.get('session:' + userCookie.nodejskey, (err, session) => {
        // error or not session
        if (err || !session) {
            return next(new Error('Not authorized.'));
        }
        // config session
        session = serialize.unserialize(session);
        socket.handshake.user = session.user;
        next();
    });
};

let socket = new Socket();
socket.run();

The result:

From here and on, it is a matter of managing rooms, direct messages and keep using redis to send events between the backend and the socket server using channels.

An important step that needs to be done, is to verify the domain from where the user try to log in the socket, to avoid impersonation of the real user identity.

What is the Django admin for?

Diego Uribe Gamez — Fri, 18 Oct 2019 17:50:20 +0000

In Django one of the least explored parts in documentation and by users is the Django Admin, this one with great capabilities and certain characteristics, but to be a 100% viable option these must be worked at the level of user experience, and this Is the reason for its unpopularity, of there is the question, what is the admin Dajngo for? its viable?

In essence, the admin of Django is a web interface to manage database models, in this interface you can create, view, modify and delete data from the database, as well as special operations that are also related to the data.

When we don't need an admin?

We do not need it when from the web client we can manage all or most of the essential data of our application.

What can admin do for you?

If we think about it by observing the previous paragraph, we could conclude that there could be data that the client does not necessarily have to administer or that need to be managed, where an administrator on a different platform could manage it, this is the simplest use that could be given to this tool.

This makes the Django admin perfect for an MVP, where the client does not necessarily manage all the data, or because initially all the administration interfaces cannot be created, and the data needs to be managed by the different areas of the company such as the operators, the product team, marketing, etc, and there is where the admin comes into action, since with some lines of code you can reach good administration interfaces for the data.

But if it is so good for this because it is not used or contemplated on a regular basis to work as administration interfaces, both on the side of customers and operators? Basically because this administrator is very attached to the data side, and its incorrect administration or programming could lead to security breaches, system failures, or an intuitive interface, that is why it is not recommended to enable it for end customers of no way.

Already knowing all this, and assuming that we are willing to take responsibility, can we use it? The answer is yes, and it is important that if we want to use it we must take into account the following aspects:

The models and their information architecture.

It is very important to plan very well how the data will be structured even before throwing a line of code, this will affect the future development, the administration interface since this is reactive to the data, and above all it will affect the data. customers who consume our data.

Warning: an important functionality is the nested forms, these can show in a single view a lot of information towards a parent, their relationship is from children to the father, the problem with these views is that if there is a lot of nested information the template engine becomes a bottleneck since this is very slow to show a lot of data, and the performance will be much more impacted when there are children related to children and these with parents.

User permission management.

In this part, django admin is very good at creating a database record to manage groups and users, giving permissions to models at the level of reading, writing and modification, and according to what permission the user has, the interface adapts to Provide the options available to that particular user.

It is also important that if we want a user model with additional information other than what it already brings natively, what we need is to create a new model that inherits the native and add those fields, then tell the admin to use this model to manage the users.
Programmable Administrator

By default the django admin does not show the information just by creating the models, even the administrator access url is not programmed by default, the administrator interface must be all programmed using the options addressed to the admin that the Django team gives us in its documentation, and the interface will react to the programmed options, from the presentation of the texts, the search or indexing of information, the amount of information and how it is shown to the administrator must be programmed.

Customize the options that the Django team gives us.

This is where things get a bit complicated, because to be able to modify the way in which the native options that are given to us to program the administrator what we have to do is intervene the django admin's functionalities, when I mean intervene it means modifying or replace the functionalities to deliver the same data structure and that the administrator does not break because later functionalities expect a unique data structure, unless we also intervene that other functionality, to do this there are documentation and several examples of troubleshooting on the Internet , you also need to have more or less advanced knowledge of Python.

Make the django admin do more or change the way he does things.

Here everything is much more complicated, and it is important to have advanced knowledge of Python as of the framework, since this is to make the admin do things for which it is not yet done, an example can be a confirmation window, a possible way If this is done, it would be necessary to extend the urls of the Django admin by associating it with a view with a form, this view must receive the request and show a confirmation view, at the time of confirming the action this view must post its own form url with the data necessary to continue the action, this in detail does not have the admin by default and to build it requires to have good programming knowledge.