Admin Interface & Settings
🛠️ Admin Interface & Settings
settings.py — the file this course has referenced loosely in nearly every chapter without ever looking at directly.
Creating a Superuser
The admin site needs an account with full access — createsuperuser is an interactive command that sets one up:
📋 Registering Models
A model appears in the admin the moment it's registered — one line, versus building an entire CRUD UI by hand:
Hand-Building CRUD vs Django's Admin
FastAPI / Express: Build It Yourself
Routes for list/create/edit/delete, HTML templates for each, form handling, pagination, search, access control for who can reach these pages — all written and maintained by hand, per model.
Django: Four Lines
admin.site.register(Book) — full list view, create/edit forms (auto-generated from the model's fields), delete confirmation, search, and login-gated access, all included.
Customizing With ModelAdmin
The default registration works, but a ModelAdmin subclass controls exactly what the list view shows and how it's searched/filtered:
list_display
Which columns appear in the list view — without it, the admin shows only each row's __str__.
list_filter
Adds a sidebar of clickable filters — Django generates the filter options from the field's actual values automatically.
search_fields
Enables a search box; "author__name" reaches across the relationship the same way a QuerySet filter would (Chapter 6).
@admin.register(...)
A decorator form equivalent to calling admin.site.register(Book, BookAdmin) separately — just a more compact way to associate a model with its customization class.
Inline Editing: Related Models on One Page
An Inline lets you edit an author's books directly on the author's own admin page — no separate navigation needed:
Editing Books Inline on the Author Page
⚙️ Tying It Together: settings.py
Every chapter has referenced settings.py loosely — here's the same file, with everything covered so far pointed out in context:
💻 Coding Challenges
Challenge 1: Register and Customize a Model
Register the Tag model (Chapter 6) with a TagAdmin that shows name in list_display and enables searching by name.
Goal: Practice the @admin.register + ModelAdmin customization pattern on a model not already covered in this chapter's examples.
Challenge 2: Add an Inline
Add a PublisherAdmin with a BookInline so a publisher's books can be added/edited directly from the publisher's own admin page, matching the AuthorAdmin pattern from this chapter.
Goal: Practice reusing the same TabularInline pattern for a different relationship.
Challenge 3: Audit a Production settings.py
Given a settings.py with DEBUG = True and ALLOWED_HOSTS = [] deployed to a real production server, explain what's wrong with each setting and what the corrected values should look like.
Goal: Practice recognizing the specific security misconfiguration this chapter's gotcha (and the OWASP course's Security Misconfiguration chapter) warns about.
DEBUG = True in ProductionDjango's debug page is genuinely excellent for local development — full stack traces, every local variable's value, the entire request. It is also a severe security exposure if left on in production: an unhandled error on a live site would hand any visitor a detailed view of your source code, settings (including secret keys, unless carefully filtered), and internal application structure. This is precisely the "verbose errors" misconfiguration the OWASP Top 10 course's Security Misconfiguration chapter covered — DEBUG must be False in production, with ALLOWED_HOSTS set to the real domain(s) the site serves (Django refuses to serve requests to unrecognized hosts specifically to prevent HTTP Host header attacks).
🎓 Course Complete
That closes Django Fundamentals. Across eight chapters, one contrast ran throughout: where FastAPI and Express hand you a thin core and let you assemble the rest, Django starts from a fully furnished house — routing, an ORM, a templating engine, forms with built-in CSRF protection, and now an entire admin interface, all included from django-admin startproject onward. Course 2 (Intermediate/Advanced) — authentication, Django REST Framework, testing, Celery, caching, and deployment — is sketched and ready in the course bucket list whenever you want to continue.