Notice: I have neither posted nor updated any content on this blog since the mid 2010's. (😱) Please check out the homepage and my bio, for more recent information.

Blogmaking: Fun with Django newforms-admin

I've been developing in Django for the Spokesman-Review for just over a month and a half now on our super exciting new Web site project -- we most recently got a team together to churn out a replacement for our current blog platform.

A major issue we came across was the problem of multiple blog users on the single Django installation. The permissions setup was great, but wasn't granular enough for our needs -- it was impossible to filter out the admin panel to only display blogs that a particular staffer is assigned to. At least, without having to write our own blog-specific admin panel (or writing managers that plug into the existing Django admin panel -- yuck!).

Anybody that's anybody that follows Django development should have heard about the newforms-admin branch landing last Friday. Upon landing, the branch -- being a big, bulky, backwards-incompatible change -- brought about the big headache of having to tediously convert any Django trunk-based code.

But I'd been looking forward to it. Big enhancements in customization were the prime game-changing features.

I noticed a mention of extra hooks in the newforms-admin documentation.

  • has_change_permission and the related has_add_permission and has_delete_permission bits -- to specifically set up what users can do to models, based on any logic you want

  • more importantly, a queryset hook that allows you to filter out what is displayed to a user in the admin panel. The idea here is that you can be as granular as you want in displaying stuff to a particular user.

Here's a thrown-together example of how I'm planning on using these hooks, based on what I've played around with:

  • -- The User foreign key and the permissions give us things to test for...
  • -- ... and the has_change_permission and queryset functions turn that into something useful.

I'm also using extra permissions ('access_all_posts' and 'access_all_blogs') in this example to provide extra permission to users and groups that might need the original (unfiltered) view -- editors, for example. (I'm also providing the same logic to superusers so they have full access all the time, of course.) In both queryset cases, the logic more or less follows such: I make sure to show everything to the people that are supposed to see it all; otherwise, filter out content to blogs that the current (logged in) user owns. Simple as that.

The full list of hooks and options isn't documented yet, but the model code can be looked at, to see for yourself.

This is a pretty rudimentary example, but the hooks are still poorly documented. For anyone with Python experience, the code itself shouldn't be difficult to understand. I'm sure that folks will find more interesting ways to use this, in time.

Update: Forgot to mention a few particulars with the Users you create.

  • The "Blog author" (lowest rank) user should receive the edit Blog permission and all (add, edit, delete) BlogPost permissions -- you wouldn't have to worry about users editing/deleting posts that aren't theirs, since you're limiting their view (via queryset) and limiting their permissions outside of the standard Django user permissions interface (via the has_change_permission and has_delete_permission hooks).
  • An "editor" user -- someone who should be able to access/change/edit all content -- should receive the standard permissions (add, edit, delete on Blog and BlogPost) but also the special 'access_all_blogs' and 'access_all_posts' permissions.
  • Site superusers won't need anything special, as far as I know.

The above applies to groups, as well. Hell, the "author" and "editor" roles can be turned into groups; you know, save yourself from the individual permission-assigning gruntwork.

Social Networking and News

For the past few weeks, I've been attending a series of staff roundtable discussions -- dubbed "iSalon" (or "Innovation Salon") -- that we have each Monday at the Spokesman-Review. This week, we discussed the changing landscape in the news industry, especially in regard to current restructuring at the newspaper. This was mostly in relation to Project for Excellence in Journalism study and a conference that our Editor (in chief), Steve Smith, attended last week.

Some major topics discussed included the variety of modern distribution platforms -- print, online, mobile phone, radio -- and the use of online communities and social media to extend the idea of journalism providing a public service to the community. (We've discussed the duality between "journalism as a product" and "journalism as a service" many times. I'll definitely write something on this some other time.)

That's all speculation, though. Another thing that happened today brings up an important question: What role do existing social networks and social media tools play in journalism?

The St. Louis Post-Dispatch linked to a slain firefighter's Facebook profile, leading to a deluge of criticism.

The arguments of whether Facebook classifies as a "legitimate source" or not, are moot. The stories and coverage regarding his death don't source Facebook outside of mentions of mourning and a photograph taken from his profile. From my own browsing through the Post-Dispatch site and reading through the stories, I don't believe they used the Facebook profile as coverage, as some claimed. This is not what I'm here to discuss or argue.

There are plentiful complaints that linking to the Facebook profile is disrespectful and that directing the public to view a "personal profile" is tasteless.

However, several comments to that Editor's Note remind me of something that college professors often remind students of: a public profile is public. It is legitimate (though some may say underhanded) for an employer to browse Facebook and make decisions on your character based on the information and photographs there. (Underage drinking, anyone?) The advice often amounts to, if you're making this public, then make sure it represents you, the way you want to be seen.

My point of view in this situation, as a person who occasionally dabbles in street photography is this: if it's in public view -- if you can get to it without jumping any hoops or trespassing on private property or otherwise breaking the law -- it's legitimate to mention. If the public can get to it, then it is within the rights of the news media to reference it.

A link to the man's Facebook profile and a link to a memorial Facebook group -- to me, this says, "this is who he was, and this is where mourners and well-wishers can leave a message for friends and family." I don't feel that this is in bad taste. I feel that this helps interested parties connect with others in a useful way -- isn't that part of journalism's mission to keep the community connected and informed?

So long as the coverage does not source Facebook as a primary source and so long as the Facebook profile and group links represent a way for the community to get in touch, I honestly don't see a problem with this.

Serious business

Internet memes are the backbone of online pop culture. They're those little phrases and concepts that take the Internet by storm, one IM at a time. They're like viruses, propagating throughout the collective consciousness of all those who "lol." But they've got to start somewhere.

And after finally figuring this out, the Wall Street Journal and Time Magazine both covered 4chan last week.

Don't know about 4chan? As the Time article puts it, "You may not realize it, but 4chan has probably touched your life. Possibly inappropriately." If you've heard of lolcats or if you've ever been Rickrolled, you've been touched by 4chan. If you've herd about mudkipz, you've been touched by 4chan. If you've noticed radical and vocal opposition to Scientology in recent months, you've been touched by 4chan. Says the Time article:

4chan is also very profane. A phrase from Star Wars comes to mind: It's a wretched hive of scum and villainy. Spammers don't even bother to spam 4chan; Google started searching it only six months ago. But it is the wellspring from which a lot of Internet culture, and hence popular culture, bubbles.

The articles covered 4chan in a much less sensationalized way than a Fox affiliate did last year. In fact, I'll say they both did a good job in covering such a strange, strange community.

It was revealed in those articles that "moot," the man behind 4chan, was 15 years old when he started the site. (This means that moot himself was breaking his own "no minors" rule on several boards. This also means that he's younger than me. Weird.)

But really, the biggest bomb was the revelation of moot's real name, which had been a well-kept secret all this time. Lev Grossman , the author of the Time article, put it thus:

Towards the end of the piece I mention moot's real name: Christopher Poole. I figure there's about a 5% chance that Christopher Poole is in fact not moot's real name but some incredibly filthy 4chan inside joke. I took the chance because in person moot/Poole comes across as a really nice guy, and if he was playing me he was doing a hell of a good job. But it turns out the Wall Street Journal has the same story -- had it shortly before we did, I think -- so if we're going down, at least we're all going down together.

Me? I'm taking it all with a grain of salt. This could easily be part of an elaborate trolling, and I think it speaks to the quality of Grossman's work that he, too, is treading lightly on it.