lukavdplas
commented
6 months ago Wonderful! Very clear and clean, instills trust that everything will work as intended (at least in me).
Please take a look at the URL scheme I propose in the backend: the URLs of all Django apps are imported with an empty string (''), but the apps add all API views as
api/<app-name>/<view-name>and all UI views (if there are any) as<app-name>/<view-name>). I did that to make sure that the API endpoints of all apps start withapi/, but maybe there are better approaches.The change is a bit disruptive, but I think the new way is more consistent and also more in spirit with Django's own routing conventions.
@lukavdplas do you have an opinion on this particular question?
I think this sounds sensible!
tijmenbaarda
In addition to the login and logout pages, add pages for changing and resetting passwords. Also add a authentication menu to the frontend, for logout, change password and an admin link for staff users. The frontend still assumes that users are authenticated -- the backend enforces this because it sends unauthenticated users to login.
All authentication pages are handled directly by Django using the built-in views. We might want to move this functionality to the frontend as soon as we need access without login, but for now that is not a requirement.
Please take a look at the URL scheme I propose in the backend: the URLs of all Django apps are imported with an empty string (''), but the apps add all API views as
api/<app-name>/<view-name>and all UI views (if there are any) as<app-name>/<view-name>). I did that to make sure that the API endpoints of all apps start withapi/, but maybe there are better approaches.Closes #150 (log out), #153 (show user info), #152 (link to admin), #149 (change password/forgot password).