python - Where to best execute database operations using Django framework?

Question

Thanks in advance for any help. I am new to django specifically as well as web development in general. I have been trying to teach myself and develop a website using the Django framework and while everything is working so far, I am not sure if I am really doing things in the best possible way.

Typically, within my django app, I will have certain points where I want to modify the contents of my database model in some way. A typical use case is where I have button on my site that says "Add a post":

models.py:

from django.db import models

# data model import
from django.contrib.auth.models import User

# Create your models here.
class Post(models.Model):
    user = models.OneToOneField(User, on_delete=models.CASCADE)
    post = models.CharField(max_length=1024)

urls.py:

from django.urls import include, path
from . import views

urlpatterns = [
    path('', views.post, name='new_post'),
    path('post_exec', views.post_exec, name='post_exec'),
]

views.py:

from django.contrib import messages
from django.shortcuts import render, redirect

# import data models
from django.contrib.auth.models import User
from .models import Post

def post(request):
    # make sure the user has privileges
    user = User.objects.get(id = request.user.id)
    if not user.is_superuser:
        return redirect('home')
       
    return render(request, 'post.html')
    
    
def post_exec(request):
    
    # make sure the user has priveledges
    user = User.objects.get(id = request.user.id)
    if not user.is_superuser:
        return redirect('home')
    
    # create the post
    new_post = Post.objects.create()
    new_post.user = user
    new_post.post = request.POST['post']
    new_post.save()

    # this could redirect to a confirmation page or something too
    return redirect('home')

You can see what I am doing here is that everytime I need a change to the database due to user input, I am executing the code to do the requested database change in a django view and then redirecting to another page following completion of the database change. While this works, it feels kind of clunky (you end up needing pages that you never actually use), it seems pretty sketchy in terms of security (although I am checking for credentials on each page), and I imagine there is a better way to do this.

Can any experience Django developers offer some advice for how I should be best structuring my project for these specific types of common database operations?

question from:https://stackoverflow.com/questions/65907898/where-to-best-execute-database-operations-using-django-framework

Answer 1

The Django's views is a good place to organize the project's CRUD system so users can manage their data. You can use the class-based views to group the GET, POST etc requests. Also there are better ways of using the authorization system with the login_required() decorator, the LoginRequiredMixin class and other solutions that you can rich here