Closed tijmenbaarda closed 6 months ago
Wonderful! Very clear and clean, instills trust that everything will work as intended (at least in me).
Please take a look at the URL scheme I propose in the backend: the URLs of all Django apps are imported with an empty string (''), but the apps add all API views as
api/<app-name>/<view-name>
and all UI views (if there are any) as<app-name>/<view-name>
). I did that to make sure that the API endpoints of all apps start withapi/
, but maybe there are better approaches.The change is a bit disruptive, but I think the new way is more consistent and also more in spirit with Django's own routing conventions.
@lukavdplas do you have an opinion on this particular question?
I think this sounds sensible!
Thanks for the thorough review!
In addition to the login and logout pages, add pages for changing and resetting passwords. Also add a authentication menu to the frontend, for logout, change password and an admin link for staff users. The frontend still assumes that users are authenticated -- the backend enforces this because it sends unauthenticated users to login.
All authentication pages are handled directly by Django using the built-in views. We might want to move this functionality to the frontend as soon as we need access without login, but for now that is not a requirement.
Please take a look at the URL scheme I propose in the backend: the URLs of all Django apps are imported with an empty string (''), but the apps add all API views as
api/<app-name>/<view-name>
and all UI views (if there are any) as<app-name>/<view-name>
). I did that to make sure that the API endpoints of all apps start withapi/
, but maybe there are better approaches.Closes #150 (log out), #153 (show user info), #152 (link to admin), #149 (change password/forgot password).