In Chapter 3, we learned how to integrate DRF serializers with Views and how client applications interact with Django Views. Our users would use the client application to perform CRUD operations using REST APIs. But in real-world applications, we would need to create a few additional interfaces to let admin users perform certain CRUD operations. Django provides an admin interface out of the box to cater to this use case.

In this chapter, we’ll learn how to work with Django Admin, which provides us with a lot of flexibility to configure the admin interface so that it supports different business use cases. We’ll learn how to explore those configurations, along with management commands to interact with the framework better (for example, to perform database migrations or start the development server). Django also provides an interface to extend these commands so that we can create custom management commands for custom use...

In this chapter, we’ll learn how to use the Django Admin panel. Django Admin works closely with Django models, so you’re expected to have a good understanding of Django models.

The code snippets that will be used in this chapter can be found in this book’s GitHub repository at https://github.com/PacktPublishing/Django-in-Production/tree/main/Chapter04.

For any application, we need some kind of admin UI to perform administrative tasks. Django Admin provides this powerful functionality out of the box. But before we can look at the interface, like any other admin interface, we need user login credentials to access Django Admin.

Creating a superuser in Django

Django provides us with the built-in createsuperuser management command to create new admin users. Once we run this command in our terminal, we shall see a guided wizard that will help us create a Django superuser:

python manage.py createsuperuser

By following the instructions and entering the data provided, we will get a Django superuser.

Django authentication and authorization

Django provides authentication and authorization support out of the box. When we are creating superuser in Django, we are going to use the default Django authentication system. We’ll discuss the details of Django authentication and authorization in Chapter 5...

In this section, we’ll learn how to customize Django Admin to improve the user experience and solve different basic yet tricky requirements that come up from time to time.

Adding custom fields

Adding custom fields in Django Admin is one of the most common requirements when creating an interface. By doing so, we can add fields/information in Django Admin that are not present in the Django models. For example, to create a word_count field in Django Admin, we can use the following code:

class BlogCustom2Admin(admin.ModelAdmin):
    list_display = ('title', 'word_count', 'id')
    def word_count(self, obj):
        return obj.content.split()
admin.site.register(models.Blog, BlogCustom2Admin)

In this example, we have added a custom field called word_count to list_display that is computed using other field values.

Using filter_horizontal...

While working with Django Admin in production, there are a few tips and tricks that you should follow to get the most out of Django. I have experienced a lot of challenges firsthand since developers bloat Django Admin with more and more administrative tasks. So let’s look at a few good practices and optimizations that can help us use Django Admin to its full potential.

Renaming admin URLs

By default, Django Admin is configured to be accessible in the /admin path. However, Django Admin has access to all the data of your website; this is why it is important to move the path from /admin to some unguessable path, such as /blog-cms.

Different packages let us improve security. For example, django-admin-honeypot (https://github.com/dmpayton/django-admin-honeypot) is a package that creates fake admin pages and tricks attackers into accessing a dummy admin interface.

Using two-factor authentication (2FA) for admin users

Django Admin...

Django management commands help us interact with the Django framework seamlessly. A lot of tedious tasks such as migration, getting build files, and more become streamlined if we use Django management commands. Django provides a lot of management commands out of the box and can be found in the documentation: https://docs.djangoproject.com/en/stable/ref/django-admin/.

In this section, we are going to learn how to create custom management commands in Django. In Django, each application can register its custom actions with manage.py. To create a new management command, we need to create a simple file structure inside the Django app. In the given Django app, we need to create the management/commands directory structure, as shown in Figure 4.10. Any file that’s created in the commands folder is registered as a Django management command, except if the name of the file begins with an underscore (_).

In the example shown in Figure 4.10, we have...

In this chapter, we learned how to use Django Admin in our project. Django Admin is both customizable and scalable if we use the appropriate configuration, so we explored best practices to utilize its functions to their full capacity. We also learned when we should avoid using Django Admin and the performance issues developers face. Then, we learned about another powerful feature of working with Django, which is creating custom management commands.

Something we briefly learned about is how to create superusers in Django, but we didn’t explore much about how authentication and authorization work. In the next chapter, we’ll explore how we can use the Django authentication system better and how to expand it so that it supports different types of authentications, such as social auth, token-based auth, and more.