Should I use Django's Admin feature?

Question

I\'m building a Django-based review website where public users create all of the content on the site. Users create reviews for given items and they also create the items themsel

Answer 1

Maybe. If the admin functionality covers most of what you want to offer, there's no reason why you shouldn't use it as a starting point.

django.contrib.admin is an application like any other, and provides basically a CRUD interface to your models. Access can be controlled via groups/permissions, just like you would for an application you write yourself. You can give full access to a model with a one-liner, but obviously will have to configure properly when opening up to others.

See also my question Django AdminSite/ModelAdmin for end users? and similar questions Exposing django admin to users. Harmful? and How to make Django admin site accessed by non-staff user?

Regarding arguments about the "intended use" of the admin, please note Django's security update at the end of last year: http://www.djangoproject.com/weblog/2010/dec/22/security/ regarding querystring parameters in object lists. Such an update (quote: "an attacker with access to the admin [...]") is a clear indication that the admin's implementation of the permission system is being constantly scrutinized.