- 1 - The Project
- 2 - The Context
- 3 - The Database
- 4 - API Documentation
- 5 - Entity-Relationship Diagram (ERD)
- 6 - Permissions
- 7 . Project download
- 8 . Django admin site front-end interface
- Use the Django framework.
- Use the Django REST framework for the API
- Using server-side rendering in Django.
- Using JSON Web Tokens (JWT) to secure the API
- Construct an entity-relationship diagram (ERD)
- Using PostgreSQL as a database
- Use Jazzmin
- Epic Events meets the needs of start-ups wanting to organize “epic parties”.
- Epic Events is a consulting and event management company.
- The vendor who is responsible for the CRM has been hacked.
- A CRM (Customer Relationship Management) is a system used by companies to manage their interactions with current and potential customers.
- Consequence : develop a secure CRM system internal to the company.
- creating a user interface with permissions.
- creation of an API with permissions.
-
PostgreSQL is a free, open-source relational database management system (RDBMS).
-
PostgreSQL is used to store and manage data.
-
PostgreSQL is a relational and secure database.
-
Create a database in Postgresql, and replace in settitngs.py the configuration with your database.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': '<name-bdd>',
'USER': '<name_of_the_admin_user_of_your_db>',
'PASSWORD': '<password_of_your_admin_user>',
'HOST': 'localhost',
'PORT': '5432',
}
}
Detailed API documentation is available at:
You will find in this documentation all the detailed API endpoints
- It graphically represents the structure of a database
- An ERD makes it easier to understand the data
- CRM users are divided into three categories: Management, Sales, Support.
- user has access to the data, depending on the group (Management, Support, Sales)
- user has access to HTTP requests, depending on the group (Management, Support, Sales)
- Using JSON Web Tokens (JWT) to secure the API
- Sales group = [GET] events (attribution) + [POST] events
- Support group = [GET] [PUT] events (attribution)
- Management group = [GET] [PUT] [DELETE] all events + [POST] events
- Management group = [GET] [PUT] [DELETE] all users + [POST] users
- Sales group = [GET] [PUT] clients (attribution) + [POST] clients
- Support group = [GET] clients (attribution)
- Management group = [GET] [PUT] [DELETE] all clients + [POST] clients
Tested on Windows 10, Python 3.10.6. / Django 4.2. / djangorestframework 3.14.0
$ git clone https://github.com/alexandre-75/Develop_a_secure_back-end_architecture_using_Django_ORM.git
python<version> -m venv nom_env_virtuel
Activate the environment `mon_env_virtuel\Scripts\activate` (Windows)
pip<version> install -r requirements.txt
-
From the project root folder, go with the terminal to the source folder :
cd source/ -
migrations for database initialization:
python manage.py makemigrationsThen:
python manage.py migrate
-
Run the server by executing the command :
python manage.py runserver -
Open your favorite browser and navigate to the local development server at :
http://127.0.0.1:8000/
- create your own content and for this, you need to create a superuser with :
python manage.py createsuperuser
- Jazzmin is a Python package that provides a custom admin interface for Django
- It replaces the default Django admin interface
- It is available as an open source package
- Jazzmin official documentation
.gif?raw=true)