The latest articles on Forem by Muhammad Atif Iqbal (@atifwattoo). https://forem.com/atifwattoo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1378080%2Fb3d3d58d-9fb7-40c4-b202-e20905949f2e.jpeg https://forem.com/atifwattoo en Muhammad Atif Iqbal Thu, 07 May 2026 11:00:25 +0000 https://forem.com/atifwattoo/how-authenticator-apps-generate-the-same-otp-as-your-server-without-any-communication-jo4 https://forem.com/atifwattoo/how-authenticator-apps-generate-the-same-otp-as-your-server-without-any-communication-jo4 <h2> How Authenticator Apps Generate the Same OTP on Authenticator APP as Your Server Without Any Communication between them </h2> <p>One of the most common questions developers ask when learning Multi-Factor Authentication (MFA) is:</p> <p><strong>How does my server generate the exact same OTP as an authenticator app like Google Authenticator without sending anything to it?</strong></p> <p>At first, this seems confusing.</p> <p>You might assume one of these things happens:</p> <ul> <li>The server sends the OTP to the authenticator app</li> <li>The authenticator app requests the OTP from the server</li> <li>The server and app somehow communicate in real time</li> </ul> <p>But none of these are true.</p> <p>The real answer is much more interesting.</p> <h2> The Core Concept </h2> <p>There is <strong>no communication</strong> between your server and authenticator app during login.</p> <p>Your server does NOT send OTP to the authenticator app.</p> <p>Your authenticator app does NOT ask your server for OTP.</p> <p>Instead, both generate the same OTP independently using mathematics.</p> <p>This system is called:</p> <p><strong>Time-Based One-Time Password (TOTP)</strong></p> <p>It is commonly implemented using libraries such as:</p> <ul> <li>PyOTP (Python)</li> <li>Speakeasy (Node.js)</li> <li>OTPAuth</li> </ul> <h1> The Real Mechanism </h1> <p>Both your server and authenticator app generate the same OTP because they both have the same three things:</p> <h2> 1. The Same Secret </h2> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>KZXW6YTBON2GK3TH </code></pre> </div> <p>This secret is generated by your server when MFA is enabled.</p> <p>It is then stored:</p> <ul> <li>On your server (database)</li> <li>Inside the authenticator app</li> </ul> <p>This shared secret is the foundation of the entire system.</p> <h2> 2. The Current Time </h2> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:17 PM </code></pre> </div> <p>Both the server and authenticator app use the current time.</p> <p>However, this does NOT mean they calculate OTP every second.</p> <p>We’ll explain that shortly.</p> <h2> 3. The Same Algorithm </h2> <p>Both use the same mathematical algorithm.</p> <p>Conceptually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>OTP = hash(secret + time_window) </code></pre> </div> <p>This is not the exact formula, but it helps understand the idea.</p> <p>Because both systems use:</p> <ul> <li>the same secret</li> <li>the same time</li> <li>the same algorithm</li> </ul> <p>they produce the same OTP.</p> <h1> Important: It Does NOT Use Exact Seconds </h1> <p>This is where most confusion happens.</p> <p>Many people assume OTP is generated using exact timestamps like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:17 </code></pre> </div> <p>or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:18 </code></pre> </div> <p>If that were true, OTP would change every second.</p> <p>That would make MFA nearly impossible to use.</p> <p>Instead, TOTP uses <strong>time windows</strong>.</p> <h1> Time Windows </h1> <p>Most authenticator systems use:</p> <p><strong>30-second windows</strong></p> <p>This means time is divided into 30-second blocks.</p> <p>Example:</p> <h2> Time Window 1 </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:00 → 3:24:29 </code></pre> </div> <p>Same OTP for all these seconds.</p> <h2> Time Window 2 </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:30 → 3:24:59 </code></pre> </div> <p>A new OTP is generated.</p> <h2> Time Window 3 </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:25:00 → 3:25:29 </code></pre> </div> <p>Another new OTP.</p> <p>So if you open your authenticator app at:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:05 </code></pre> </div> <p>and again at:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:27 </code></pre> </div> <p>you will see the exact same OTP.</p> <p>Because both times fall within the same 30-second window.</p> <h1> Your Exact Scenario </h1> <p>Suppose you try logging in at:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:23:52 PM </code></pre> </div> <p>Your server verifies your password and asks for MFA.</p> <p>You then pick up your phone and open your authenticator app at:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:04 PM </code></pre> </div> <p>Will it still work?</p> <p>The answer depends on the time window.</p> <h2> Case 1: Still Within Acceptable Window </h2> <p>If both are effectively verified within the same accepted 30-second range, then:</p> <p>Server generates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>483921 </code></pre> </div> <p>Authenticator generates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>483921 </code></pre> </div> <p>Login succeeds.</p> <h2> Case 2: Time Window Changed </h2> <p>Suppose you wait until:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:31 PM </code></pre> </div> <p>A new time window starts.</p> <p>Now the OTP becomes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>927441 </code></pre> </div> <p>The previous OTP is no longer valid.</p> <h1> How Systems Handle Delays </h1> <p>Modern MFA systems account for timing differences.</p> <p>They usually verify against multiple windows.</p> <p>Typically:</p> <ul> <li>Previous window</li> <li>Current window</li> <li>Next window</li> </ul> <p>For example, if current server time is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:31 </code></pre> </div> <p>the server checks OTPs for:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:00 - 3:24:29 3:24:30 - 3:24:59 3:25:00 - 3:25:29 </code></pre> </div> <p>This handles:</p> <ul> <li>Slight typing delay</li> <li>Minor clock mismatch</li> <li>Network latency</li> </ul> <p>This is why MFA remains practical.</p> <h1> The Mathematical Process </h1> <p>Now let’s understand how OTP is actually generated.</p> <h2> Step 1: Convert Time into a Counter </h2> <p>Suppose current Unix timestamp is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1715077445 </code></pre> </div> <p>Divide by 30:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1715077445 / 30 = 57169248 </code></pre> </div> <p>Take only the integer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>57169248 </code></pre> </div> <p>This becomes the current time counter.</p> <p>At:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:10 </code></pre> </div> <p>counter might be:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>57169248 </code></pre> </div> <p>At:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:22 </code></pre> </div> <p>counter is still:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>57169248 </code></pre> </div> <p>So both generate the same OTP.</p> <p>At:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>3:24:31 </code></pre> </div> <p>counter becomes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>57169249 </code></pre> </div> <p>Now OTP changes.</p> <h2> Step 2: Combine Secret + Counter </h2> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>KZXW6YTBON2GK3TH + 57169248 </code></pre> </div> <h2> Step 3: Apply Cryptographic Hash </h2> <p>The system uses:</p> <p><strong>HMAC-SHA1</strong></p> <p>This produces a long encrypted output.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>A82BC9F1E0D... </code></pre> </div> <h2> Step 4: Extract Final 6 Digits </h2> <p>From that output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>483921 </code></pre> </div> <p>This becomes the OTP shown to the user.</p> <h1> Why Both Generate the Same OTP </h1> <p>Because both server and authenticator app use:</p> <ul> <li>The same secret</li> <li>The same time counter</li> <li>The same cryptographic algorithm</li> </ul> <p>So they naturally produce the same result.</p> <p>No communication required.</p> <h1> Real-Life Analogy </h1> <p>Imagine two students.</p> <p>Both have:</p> <h2> The Same Secret Formula </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(secret × window) mod 1000000 </code></pre> </div> <p>Both look at the same wall clock.</p> <p>If the current 30-second block is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>48 </code></pre> </div> <p>Both calculate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(12345 × 48) mod 1000000 </code></pre> </div> <p>Both get:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>592184 </code></pre> </div> <p>They never communicate.</p> <p>They simply used the same formula with the same inputs.</p> <p>That is exactly how TOTP works.</p> <h1> Why QR Codes Are Used </h1> <p>When a user enables MFA, your server shows a QR code.</p> <p>The QR code contains the secret.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>otpauth://totp/MyApp:atif@gmail.com?secret=KZXW6YTBON2GK3TH </code></pre> </div> <p>The authenticator app scans it.</p> <p>Now the app stores the secret locally.</p> <p>This is the only time your server and authenticator exchange MFA data.</p> <p>After this:</p> <p>No communication is needed.</p> <h1> Why Authenticator Apps Work Offline </h1> <p>Since the app already has:</p> <ul> <li>the secret</li> <li>the current device time</li> <li>the algorithm</li> </ul> <p>it can generate OTP offline.</p> <p>That is why apps like Google Authenticator work even when your phone has:</p> <ul> <li>No internet</li> <li>Airplane mode enabled</li> <li>No SIM card</li> </ul> <h1> The Biggest Misconception </h1> <p>Many developers think:</p> <p>❌ The server sends OTP to the authenticator app<br> ❌ The authenticator app asks server for OTP</p> <p>Neither happens.</p> <p>The reality is:</p> <p>Both independently calculate the same OTP using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>OTP = Secret + Time Window + Algorithm </code></pre> </div> <h1> Final Takeaway </h1> <p>The entire MFA mechanism works because your server and authenticator app both share the same secret and use synchronized time windows.</p> <p>That allows both sides to generate identical OTPs independently.</p> <p>No API call.</p> <p>No real-time communication.</p> <p>Just mathematics.</p> <p>That is the real mechanism behind authenticator-based MFA.</p> authenticatorapps ai programming tutorial Muhammad Atif Iqbal Tue, 05 May 2026 10:19:09 +0000 https://forem.com/atifwattoo/mastering-django-rest-framework-a-deep-dive-into-viewsets-routers-and-custom-api-architectures-2k8e https://forem.com/atifwattoo/mastering-django-rest-framework-a-deep-dive-into-viewsets-routers-and-custom-api-architectures-2k8e <h2> Introduction: The Architecture of a Modern Sports Platform </h2> <p>When building a high-performance backend like the <strong>AI Soccer App</strong>, the primary challenge isn't just "making it work"—it's making it scalable, secure, and maintainable. In a project that handles everything from AI-driven team analytics to complex Multi-Factor Authentication (MFA), the way you structure your API determines how easily you can add features six months from now.</p> <p>In this article, we will use our AI Soccer App as a living case study to explore the two primary philosophies of API building in Django: the <strong>Explicit Action Pattern</strong> (using APIViews) and the <strong>Resource Management Pattern</strong> (using ViewSets and Routers).</p> <h2> Part 1: The Explicit Action Pattern (The Authentication Case Study) </h2> <p>In our <code>apps/users/</code> directory, we chose not to use automated routers. Instead, we manually defined every path in <code>urls.py</code>. To understand why, we have to look at the nature of authentication.</p> <h3> Why APIViews for Auth? </h3> <p>Authentication is rarely a standard CRUD (Create, Read, Update, Delete) operation. When a user hits <code>/auth/login/</code>, they aren't "creating" a login object in the database; they are submitting credentials to receive a JWT token. When they hit <code>/auth/verify_otp/</code>, they are performing a validation step in a multi-stage workflow.</p> <h4> The Code Structure </h4> <p>In <code>apps/users/urls.py</code>, we see a dense list of endpoints:</p> <ul> <li><code>register/</code></li> <li><code>login/</code></li> <li><code>verify_otp/</code></li> <li><code>enable_mfa/</code></li> <li> <code>google/</code> (Social Sign-in)</li> </ul> <p>Each of these points to a specific <code>APIView</code>. This gives us total control. If we need the <code>LoginView</code> to check for suspicious IP addresses or the <code>RegisterView</code> to trigger a welcome email and a background task for AI profile initialization, an <code>APIView</code> provides the cleanest "canvas" to write that logic.</p> <p><strong>The Pro Tip:</strong> Use manual <code>path()</code> definitions when the URL name itself carries specific business meaning that doesn't fit a generic resource name.</p> <h2> Part 2: The Resource Management Pattern (The Teams Case Study) </h2> <p>Moving over to <code>apps/teams/</code>, the philosophy shifts entirely. Here, we are dealing with a classic "Resource." A <strong>Team</strong> is something that exists in a list, has details, can be edited, and can be deleted.</p> <h3> The Magic of the <code>DefaultRouter</code> </h3> <p>By using the DRF <code>DefaultRouter</code>, we reduced our <code>urls.py</code> to essentially one registration line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">router</span><span class="p">.</span><span class="nf">register</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">teams</span><span class="sh">'</span><span class="p">,</span> <span class="n">TeamViewSet</span><span class="p">,</span> <span class="n">basename</span><span class="o">=</span><span class="sh">'</span><span class="s">team</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <p>This single line is incredibly powerful. It tells Django: "I want a standardized RESTful API. Generate the URLs for me." It creates a predictable interface that frontend developers love because it follows the standard convention:</p> <ul> <li> <code>GET /teams/</code> -&gt; Returns the list.</li> <li> <code>POST /teams/</code> -&gt; Creates a new one.</li> <li> <code>GET /teams/5/</code> -&gt; Returns details for team #5.</li> </ul> <h2> Part 3: To Override or Not to Override? </h2> <p>The most common point of confusion for DRF developers is understanding what happens inside a <code>ModelViewSet</code>. Since it inherits from <code>viewsets.ModelViewSet</code>, it already knows how to perform all standard actions. So why did we rewrite the <code>list</code>, <code>create</code>, <code>retrieve</code>, <code>update</code>, and <code>destroy</code> methods in our <code>TeamViewSet</code>?</p> <h3> The "Formatting" Layer </h3> <p>In our AI Soccer App, we utilize a <code>custom_response()</code> utility. This is a strategic decision for the entire project. By overriding the standard actions, we can ensure that every single response—whether it's a success or a validation error—arrives at the frontend in a beautiful, consistent wrapper.</p> <p>Consider our <code>list</code> override:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">list</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">queryset</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_queryset</span><span class="p">()</span> <span class="n">serializer</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">get_serializer</span><span class="p">(</span><span class="n">queryset</span><span class="p">,</span> <span class="n">many</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="nf">custom_response</span><span class="p">(</span> <span class="n">data</span><span class="o">=</span><span class="n">serializer</span><span class="p">.</span><span class="n">data</span><span class="p">,</span> <span class="n">message</span><span class="o">=</span><span class="sh">'</span><span class="s">Teams retrieved successfully</span><span class="sh">'</span><span class="p">,</span> <span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_200_OK</span> <span class="p">)</span> </code></pre> </div> <p>If we <em>didn't</em> write this, DRF would still return the teams, but the JSON would be "naked." By overriding, we add a <code>message</code> key and a <code>success</code> boolean. This makes the frontend developer's life significantly easier because they can write a single global error handler for the entire app.</p> <h2> Part 4: The Security "Untouchables" </h2> <p>While overriding <code>list()</code> is about <strong>presentation</strong>, there are three other methods we overrode in the <code>TeamViewSet</code> that are strictly about <strong>Logic and Security</strong>. These are the "Untouchables"—methods you should almost never remove unless you have a very specific reason.</p> <h3> 1. The Multi-Tenancy Shield: <code>get_queryset()</code> </h3> <p>In a sports app, privacy is paramount. You don't want a coach from "Team A" seeing the roster and strategy of "Team B."<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_queryset</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">is_superuser</span><span class="p">:</span> <span class="k">return</span> <span class="n">Team</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">all</span><span class="p">()</span> <span class="k">return</span> <span class="n">Team</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">user</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> </code></pre> </div> <p>By overriding <code>get_queryset</code>, we implement "Automatic Filtering." The database query itself is limited to only the items owned by the logged-in user. This is a fail-safe; even if a user tries to guess a URL like <code>/teams/999/</code>, the system will return a 404 because that team doesn't exist <em>within the filtered queryset</em>.</p> <h3> 2. The Granular Guard: <code>get_permissions()</code> </h3> <p>One size does not fit all in permissions. Everyone should be able to see their teams (List/Retrieve), but should they be able to delete them? What if you have a "read-only" staff member?</p> <p>In our app, we use <code>get_permissions</code> to dynamically switch guards:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">get_permissions</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">action</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">'</span><span class="s">update</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">partial_update</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">destroy</span><span class="sh">'</span><span class="p">]:</span> <span class="k">return</span> <span class="p">[</span><span class="n">permissions</span><span class="p">.</span><span class="nc">IsAuthenticated</span><span class="p">(),</span> <span class="nc">IsOwnerOrSuperAdmin</span><span class="p">()]</span> <span class="k">return</span> <span class="p">[</span><span class="n">permissions</span><span class="p">.</span><span class="nc">IsAuthenticated</span><span class="p">()]</span> </code></pre> </div> <p>This is a sophisticated pattern. We allow any authenticated user to view the list, but the moment they try to <strong>mutate</strong> data (Update/Delete), we bring in the <code>IsOwnerOrSuperAdmin</code> permission. This ensures that even if someone finds a way to bypass other checks, they cannot modify data they don't own.</p> <h3> 3. The Data Integrity Hook: <code>perform_create()</code> </h3> <p>When a user clicks "Create Team," they don't send their own User ID in the JSON body. That would be a security risk (anyone could create a team and assign it to someone else!). Instead, we use <code>perform_create</code> to stitch the data together:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">perform_create</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">serializer</span><span class="p">):</span> <span class="n">serializer</span><span class="p">.</span><span class="nf">save</span><span class="p">(</span><span class="n">user</span><span class="o">=</span><span class="n">self</span><span class="p">.</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> </code></pre> </div> <p>This method acts as a "pre-save hook." It takes the validated data from the serializer and injects the <code>user</code> object from the request. This is the gold standard for maintaining data integrity in relational databases.</p> <h2> Part 5: Comparing the Two Worlds </h2> <p>Let's look at a side-by-side comparison of these two methods as implemented in the AI Soccer App.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th> <code>APIView</code> (Auth App)</th> <th> <code>ViewSet</code> (Teams App)</th> </tr> </thead> <tbody> <tr> <td><strong>Logic Type</strong></td> <td>Process-Oriented</td> <td>Object-Oriented</td> </tr> <tr> <td><strong>URL Setup</strong></td> <td>Manual and Descriptive</td> <td>Automatic and Standardized</td> </tr> <tr> <td><strong>Code Length</strong></td> <td>Longer (per endpoint)</td> <td>Shorter (per resource)</td> </tr> <tr> <td><strong>Flexibility</strong></td> <td>Maximum</td> <td>High (via overrides)</td> </tr> <tr> <td><strong>Best For</strong></td> <td>Login, Password Reset, OTP</td> <td>Teams, Players, Matches</td> </tr> </tbody> </table></div> <h2> Part 6: Best Practices for Growing your API </h2> <p>As your project grows, you will inevitably face the "Fat ViewSet" problem, where your view files become 1000 lines long. Here is how to keep your code as clean as the AI Soccer App:</p> <ol> <li> <strong>Move Logic to Serializers:</strong> If you find yourself doing complex data validation in the view, move it to the serializer's <code>validate()</code> method.</li> <li> <strong>Use Custom Mixins:</strong> If you find yourself repeating the same <code>custom_response</code> logic in 10 different ViewSets, create a <code>ResponseMixin</code> that handles the formatting.</li> <li> <strong>Permissions are Key:</strong> Never rely on the frontend for security. Always verify ownership in <code>get_queryset</code> or <code>get_permissions</code>.</li> <li> <strong>Documentation is Free:</strong> By using <code>drf-spectacular</code> (as we do in our <code>config/settings.py</code>), your ViewSets automatically generate Swagger documentation. This is only possible because we follow DRF's structured patterns.</li> </ol> <h2> Conclusion: The Right Tool for the Job </h2> <p>Building the <strong>AI Soccer App</strong> taught us that there is no "perfect" way to build an API—only the "right" way for a specific feature. </p> <ul> <li>Use <strong>APIViews</strong> when you are building a unique experience or a complex workflow like MFA.</li> <li>Use <strong>ViewSets and Routers</strong> when you are building a structured management system for your data models.</li> <li> <strong>Always Override</strong> for security, multitenancy, and ownership.</li> <li> <strong>Optionally Override</strong> for consistent branding and response formatting.</li> </ul> <p>By understanding the lifecycle of a DRF request and knowing exactly which hooks to use, you can build backends that are not only powerful but also a joy to maintain.</p> ai django webdev python Muhammad Atif Iqbal Tue, 07 Oct 2025 13:30:55 +0000 https://forem.com/atifwattoo/what-is-robocorp-3fg https://forem.com/atifwattoo/what-is-robocorp-3fg <h2> 🧠 <strong>1. What is <a href="https://globalnewsone.com/introduction-to-robocorp/" rel="noopener noreferrer">Robocorp</a>?</strong> </h2> <p><strong>Robocorp</strong> is a <strong>platform for building, running, and managing software robots</strong> — digital workers that automate repetitive computer tasks.</p> <h3> Also Read <a href="https://globalnewsone.com/robocorp-and-rpa/" rel="noopener noreferrer"> Robocorp and RPA: The Complete Guide to Open-Source Robotic Process Automation Using Python </a> </h3> <p>It provides:</p> <ul> <li> <strong>Developer tools</strong> (like <em>Robocorp Lab</em> or <em>VS Code extensions</em>) for creating automation scripts.</li> <li>A <strong>Python-based framework</strong> called <strong>Robot Framework</strong> or <strong>RPA Framework</strong>.</li> <li> <strong>Cloud orchestration</strong> tools (<em>Control Room</em>) to deploy, schedule, and monitor bots.</li> </ul> <p>Think of it like a <strong>modern open-source alternative</strong> to tools such as UiPath, Blue Prism, or Automation Anywhere — but built on <strong>Python</strong> and <strong>open standards</strong>, not proprietary drag-and-drop systems.</p> <h2> ⚙️ <strong>2. What is RPA (Robotic Process Automation)?</strong> </h2> <p><strong>RPA (Robotic Process Automation)</strong> is the technology that allows software "robots" (bots) to <strong>mimic human actions</strong> on a computer to complete repetitive tasks.</p> <p>For example:</p> <ul> <li>Reading invoices from emails and entering them into an ERP system.</li> <li>Copying data between Excel and a web app.</li> <li>Logging into websites, downloading reports, and sending them by email.</li> </ul> <p>RPA is mainly used in <strong>business process automation</strong> — finance, HR, healthcare, etc.</p> <h2> 🤖 <strong>3. What is Robocorp RPA?</strong> </h2> <p><strong>Robocorp RPA</strong> means using Robocorp’s ecosystem to build and run <strong>RPA bots</strong>.</p> <p>In other words:</p> <blockquote> <p>It’s Robocorp’s implementation of RPA — built with Python and the open-source <strong>RPA Framework</strong> libraries.</p> </blockquote> <p>A Robocorp RPA workflow might:</p> <ul> <li>Use <strong>Python</strong> + <strong>RPA Framework</strong> to interact with Excel, PDFs, browsers, or APIs.</li> <li>Be packaged into a “robot” that runs locally or in <strong>Robocorp Control Room (cloud)</strong>.</li> <li>Be triggered manually, on a schedule, or by API/webhook.</li> </ul> <h2> 🧩 Example of Robocorp RPA in action: </h2> <p>Let’s say you want a bot to:</p> <ol> <li>Log into Gmail</li> <li>Download invoice attachments</li> <li>Extract data from PDF invoices</li> <li>Enter data into a Google Sheet</li> </ol> <p>You could write this using Robocorp’s RPA Framework:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">RPA.Email.ImapSmtp</span> <span class="kn">import</span> <span class="n">ImapSmtp</span> <span class="kn">from</span> <span class="n">RPA.PDF</span> <span class="kn">import</span> <span class="n">PDF</span> <span class="kn">from</span> <span class="n">RPA.Google</span> <span class="kn">import</span> <span class="n">Sheets</span> <span class="c1"># Simple workflow </span></code></pre> </div> <p>Then deploy it in Robocorp’s Control Room to run every morning — fully automated. 🚀</p> <h2> 🆚 In short: </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Concept</th> <th>Description</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><strong>RPA</strong></td> <td>Automating repetitive tasks using software robots</td> <td>Any RPA tool like UiPath</td> </tr> <tr> <td><strong>Robocorp</strong></td> <td>A company/platform providing open-source RPA tools built on Python</td> <td>robocorp.com</td> </tr> <tr> <td><strong>Robocorp RPA</strong></td> <td>RPA implemented using Robocorp’s tools and RPA Framework</td> <td>Building Python bots for automation</td> </tr> </tbody> </table></div> python ai automation robocorp Muhammad Atif Iqbal Fri, 03 Oct 2025 13:50:31 +0000 https://forem.com/atifwattoo/django-formfieldforforeignkey-function-48f https://forem.com/atifwattoo/django-formfieldforforeignkey-function-48f <h2> Mastering Django <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer"><code>formfield_for_foreignkey</code></a>: Complete Guide with Examples </h2> <p>Django’s admin is one of its most powerful features. Out of the box, it gives you CRUD forms to create, edit, and manage your models. But sometimes, the <strong>default dropdowns for ForeignKey fields are too broad</strong> — they list all related objects in the database, which may not always be secure, efficient, or user-friendly.</p> <p>This is where <strong><a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a></strong> comes in.</p> <p>In this guide, we’ll cover everything you need to know:</p> <ul> <li>✅ What <code>formfield_for_foreignkey</code> is</li> <li>✅ How Django handles ForeignKey fields by default</li> <li>✅ Real-world use cases for overriding it</li> <li>✅ Advanced examples with filtering, permissions, and tenants</li> <li>✅ Best practices for production apps</li> <li>✅ FAQs and troubleshooting tips</li> </ul> <p>By the end, you’ll be able to <strong>customize your admin dropdowns</strong> to be smarter, safer, and tailored to your business rules.</p> <h2> 1. What is <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a>? </h2> <p>In Django Admin, the method <code>formfield_for_foreignkey(self, db_field, request, **kwargs)</code> is a <strong>hook method</strong> inside <code>ModelAdmin</code>. It allows you to <strong>customize the queryset</strong> for ForeignKey dropdown fields in the admin form.</p> <p>By default, Django lists all related objects in the dropdown. But with this hook, you can:</p> <ul> <li>Filter objects (e.g., only active ones)</li> <li>Restrict by logged-in user</li> <li>Sort objects for usability</li> <li>Enforce multi-tenant separation</li> <li>Apply role-based visibility rules</li> </ul> <p><strong>Method signature:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="c1"># custom logic </span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <h2> 2. How Django Handles ForeignKey by Default </h2> <p>Consider this example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Author</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Book</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">title</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">author</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span><span class="n">Author</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">)</span> </code></pre> </div> <p>In Django Admin, when creating a <code>Book</code>, the <strong>author dropdown</strong> will list <em>all authors</em> in the database.</p> <p>That’s fine for small projects, but:</p> <ul> <li>It can clutter the UI when there are thousands of authors.</li> <li>It may expose data users shouldn’t see (e.g., other tenants’ data).</li> <li>It can confuse staff who only need a subset.</li> </ul> <p>This is the default behavior — and exactly where <code>formfield_for_foreignkey</code> helps.</p> <h2> 3. Real-World Use Cases </h2> <h3> Example 1: Filter by Logged-In User </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@admin.register</span><span class="p">(</span><span class="n">Book</span><span class="p">)</span> <span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">created_by</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Only authors created by the logged-in user appear in the dropdown.</p> <h3> Example 2: Show Only Active Records </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">is_active</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Inactive authors are hidden.</p> <h3> Example 3: Sort Dropdown Alphabetically </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">all</span><span class="p">().</span><span class="nf">order_by</span><span class="p">(</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Users see a clean, ordered dropdown.</p> <h3> Example 4: Restrict by Permissions </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="nf">has_perm</span><span class="p">(</span><span class="sh">"</span><span class="s">app.view_all_authors</span><span class="sh">"</span><span class="p">):</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">all</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">created_by</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Superusers/managers see all authors.<br> ✅ Staff see only their own.</p> <h3> Example 5: Multi-Tenant Filtering </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">customer</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Customer</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">tenant</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">tenant</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Each tenant only sees their own customers.</p> <h2> 4. When to Use It? </h2> <p>You should override <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a> when:</p> <ul> <li>You want to <strong>limit foreign key options</strong> based on logged-in user.</li> <li>You need to <strong>hide irrelevant or sensitive records</strong>.</li> <li>You want to <strong>improve usability</strong> by sorting or filtering.</li> <li>You’re working with a <strong>multi-tenant app</strong>.</li> </ul> <h2> 5. Best Practices </h2> <ul> <li>✅ Always call <code>super()</code> at the end.</li> <li>✅ Keep queries efficient — avoid heavy joins here.</li> <li>✅ Apply consistent filtering across forms and lists (<code>get_queryset</code>).</li> <li>✅ Test with multiple roles (staff, superuser).</li> <li>✅ Document your filtering logic — future devs will thank you.</li> </ul> <h2> 6. Common Mistakes </h2> <ul> <li>❌ Forgetting to return <code>super()</code> → breaks form rendering.</li> <li>❌ Overly complex queries → slows down admin.</li> <li>❌ Inconsistent logic with <code>get_queryset</code> → users see mismatched data.</li> </ul> <h2> 7. FAQs </h2> <p><strong>Q: Can I filter dropdowns differently for add vs. change forms?</strong><br> 👉 Yes, you can check <code>request.resolver_match</code> or <code>request.path</code> to see the context.</p> <p><strong>Q: Can I use it for ManyToMany fields?</strong><br> 👉 Use <code>formfield_for_manytomany</code> instead.</p> <p><strong>Q: Is this the only way to filter foreign keys?</strong><br> 👉 No — you can also use custom ModelForms, but this method is the most admin-friendly.</p> <h2> 8. Final Thoughts </h2> <p>Django’s <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a> is more than just a customization hook — it’s a <strong>security and usability tool</strong>. By mastering it, you can:</p> <ul> <li>Keep admin dropdowns clean and focused.</li> <li>Enforce tenant and role-based restrictions.</li> <li>Prevent accidental data leaks.</li> </ul> python ai programming django Muhammad Atif Iqbal Fri, 03 Oct 2025 12:56:31 +0000 https://forem.com/atifwattoo/formfieldforforeignkey-with-django-permissions-fine-grained-control-in-admin-22nm https://forem.com/atifwattoo/formfieldforforeignkey-with-django-permissions-fine-grained-control-in-admin-22nm <p>formfield_for_foreignkey()' with Django## Mastering <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a> with Django Permissions: Fine-Grained Control in Admin</p> <p>Django’s admin is famous for giving developers a fully functional interface out of the box. But real-world apps often need <strong>fine-grained access control</strong> — different users should see different subsets of related objects.</p> <p>You may already know about <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a>, a hook that lets you filter ForeignKey dropdowns in Django Admin. But here’s where it gets really powerful: <strong>combine it with Django’s built-in permissions and roles</strong> to create a <strong>role-aware and secure admin</strong>.</p> <p>In this article, we’ll explore:</p> <p>✅ Why combine <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a> with permissions<br> ✅ How to restrict dropdowns using <code>has_perm()</code><br> ✅ Using groups and roles for finer control<br> ✅ Handling sensitive data with custom rules<br> ✅ Multi-tenant use cases<br> ✅ Best practices</p> <h2> What is <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a>? </h2> <p>Django provides this method inside <code>ModelAdmin</code> classes to customize the queryset for a ForeignKey dropdown. By default, it lists <strong>all related objects</strong> in the database. But with <code>formfield_for_foreignkey</code>, you can filter, sort, or restrict that list.</p> <p>Signature:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="c1"># custom logic here </span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <h2> Why Combine with Permissions? </h2> <p>While <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey</a> controls <strong>what objects appear</strong>, Django’s permission system controls <strong>who can see what</strong>. Combining them means:</p> <ul> <li>Different roles (staff, manager, superuser) see different dropdown options</li> <li>Sensitive objects can be hidden unless a user has explicit permission</li> <li>Multi-tenant applications prevent cross-tenant data leaks</li> </ul> <h2> Example 1: Restrict by Permission </h2> <p>Suppose you have <code>Author</code> and <code>Book</code> models. Normally, all authors would appear in the dropdown. But maybe only staff with the <code>app.view_all_authors</code> permission should see everyone. Others should see only their own.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.contrib</span> <span class="kn">import</span> <span class="n">admin</span> <span class="kn">from</span> <span class="n">.models</span> <span class="kn">import</span> <span class="n">Author</span><span class="p">,</span> <span class="n">Book</span> <span class="nd">@admin.register</span><span class="p">(</span><span class="n">Book</span><span class="p">)</span> <span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="nf">has_perm</span><span class="p">(</span><span class="sh">"</span><span class="s">app.view_all_authors</span><span class="sh">"</span><span class="p">):</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">all</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">created_by</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Superusers or staff with the permission see all authors.<br> ✅ Other users see only the authors they created.</p> <h2> Example 2: Role-Based Dropdown Filtering </h2> <p>If you’re using Django <strong>groups</strong> or a <code>role</code> field on your User model, you can scope choices based on role.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="k">if</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">groups</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">Managers</span><span class="sh">"</span><span class="p">).</span><span class="nf">exists</span><span class="p">():</span> <span class="c1"># Managers see all active authors </span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">is_active</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Regular staff only see their own active authors </span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span> <span class="n">created_by</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">,</span> <span class="n">is_active</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Managers have broader visibility.<br> ✅ Staff stay scoped to their own data.</p> <h2> Example 3: Handling Sensitive Data </h2> <p>Sometimes you want to hide sensitive objects unless the user has explicit permission.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">project</span><span class="sh">"</span><span class="p">:</span> <span class="n">qs</span> <span class="o">=</span> <span class="n">Project</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">is_active</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="nf">has_perm</span><span class="p">(</span><span class="sh">"</span><span class="s">app.can_assign_sensitive_projects</span><span class="sh">"</span><span class="p">):</span> <span class="n">qs</span> <span class="o">=</span> <span class="n">qs</span><span class="p">.</span><span class="nf">exclude</span><span class="p">(</span><span class="n">is_sensitive</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">qs</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Sensitive projects don’t even appear in the dropdown unless allowed.</p> <h2> Example 4: Multi-Tenant Use Case </h2> <p>In SaaS apps with multiple tenants, you can combine tenant ownership with permissions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">customer</span><span class="sh">"</span><span class="p">:</span> <span class="n">qs</span> <span class="o">=</span> <span class="n">Customer</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">tenant</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">tenant</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="nf">has_perm</span><span class="p">(</span><span class="sh">"</span><span class="s">app.view_inactive_customers</span><span class="sh">"</span><span class="p">):</span> <span class="n">qs</span> <span class="o">=</span> <span class="n">qs</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">is_active</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">qs</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Users only see customers from their tenant.<br> ✅ Optional permission controls visibility of inactive customers.</p> <h2> Best Practices </h2> <ul> <li> <strong>Always call <code>super()</code></strong> at the end to retain Django’s defaults.</li> <li> <strong>Keep queries efficient</strong> — avoid heavy joins inside this method.</li> <li> <strong>Test with multiple roles</strong> (staff, manager, superuser) to avoid hidden bugs.</li> <li> <strong>Stay consistent</strong> — if you filter dropdowns here, apply the same logic in <code>get_queryset()</code> for list views.</li> </ul> <h2> Final Thoughts </h2> <p><code>formfield_for_foreignkey</code> gives you object-level filtering power, while Django’s permission system gives you user-level control. Together, they create an <strong>admin that’s secure, role-aware, and tenant-safe</strong>.</p> <p>Whether you’re managing sensitive data, building a SaaS app, or just keeping the admin clean for staff, mastering this combination will make your Django admin much more robust.</p> <p>👉 With these examples, you can now:</p> <ul> <li>Use permissions to decide <strong>who sees what</strong> in dropdowns.</li> <li>Implement role-based logic with groups.</li> <li>Keep your admin secure in multi-tenant and sensitive-data scenarios.</li> </ul> python django programming ai Muhammad Atif Iqbal Fri, 03 Oct 2025 11:22:06 +0000 https://forem.com/atifwattoo/how-to-restrict-foreignkey-choices-in-django-3k7m https://forem.com/atifwattoo/how-to-restrict-foreignkey-choices-in-django-3k7m <h2> Introduction </h2> <p>If you’ve ever built an application with <strong>Django Admin</strong>, you’ve probably used dropdowns for related models. These dropdowns appear whenever you have a <strong>ForeignKey</strong> field.</p> <p>Read this article aslo <a href="https://globalnewsone.com/restrict-foreignkey-choices-django-admin/" rel="noopener noreferrer">How to Restrict ForeignKey Choices in Django</a></p> <p>But here’s the problem:<br> By default, Django Admin will show <strong>all related objects</strong> in that dropdown.</p> <ul> <li>What if you only want to show the objects created by the <strong>logged-in user</strong>?</li> <li>Or maybe you want staff users to only see certain options?</li> <li>Or perhaps you need to filter choices based on <strong>business logic</strong> (like only “active” records)?</li> </ul> <p>If you landed here by searching things like:</p> <ul> <li><em>“Django admin limit dropdown choices”</em></li> <li><em>“How to restrict ForeignKey options per user in Django”</em></li> <li><em>“Django admin filter related objects dynamically”</em></li> <li><em>“Restrict choices in Django admin form”</em></li> <li><em>“How to show limited foreign key options in Django”</em></li> </ul> <p>👉 Then this article is exactly for you.</p> <p>The solution lies in a powerful Django Admin method:<br> <code>formfield_for_foreignkey(self, db_field, request, **kwargs)</code></p> <p>In this article, we’ll explore:</p> <ul> <li>Why Django shows all ForeignKey objects by default</li> <li>How to filter dropdown choices in the admin</li> <li>Step-by-step examples with code</li> <li>Alternative approaches (querysets, limit_choices_to)</li> <li>Best practices for performance &amp; maintainability</li> <li>Common pitfalls &amp; FAQs</li> </ul> <p>By the end, you’ll know exactly how to <strong>control your admin dropdowns like a pro</strong>.</p> <h2> Why Does Django Show All ForeignKey Choices by Default? </h2> <p>When Django sees a <strong>ForeignKey</strong> in your model, it automatically renders a dropdown in the Admin. For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.db</span> <span class="kn">import</span> <span class="n">models</span> <span class="k">class</span> <span class="nc">Author</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Book</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">title</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">author</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span><span class="n">Author</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">)</span> </code></pre> </div> <p>In the <strong>Book Admin form</strong>, Django will render a dropdown for <code>author</code>.</p> <p>But by default:</p> <ul> <li>It will show <strong>all authors</strong> from the database.</li> <li>Even if you only want to allow some of them.</li> </ul> <p>That’s fine for small projects, but in <strong>real-world apps</strong>, you often need restrictions.</p> <h2> When Do You Need to Restrict ForeignKey Choices? </h2> <p>Here are some common use cases where you might want to filter ForeignKey dropdowns in Django Admin:</p> <ol> <li><strong>User-specific data</strong></li> </ol> <ul> <li>Example: Only show <code>Projects</code> created by the logged-in user.</li> <li>Useful in multi-tenant apps.</li> </ul> <ol> <li><strong>Role-based filtering</strong></li> </ol> <ul> <li>Example: Staff can only assign orders to employees in their department.</li> </ul> <ol> <li><strong>Status-based filtering</strong></li> </ol> <ul> <li>Example: Only show “active” categories, not archived ones.</li> </ul> <ol> <li><strong>Security restrictions</strong></li> </ol> <ul> <li>Example: Prevent staff users from accessing other users’ data.</li> </ul> <ol> <li><strong>Performance reasons</strong></li> </ol> <ul> <li>If you have thousands of related objects, filtering avoids <strong>slow dropdowns</strong>.</li> </ul> <h2> The Django Way: Using <code>formfield_for_foreignkey</code> </h2> <p>Django gives us a built-in method for this exact problem:<br> <code>formfield_for_foreignkey(self, db_field, request, **kwargs)</code></p> <p>This method is part of the <strong>ModelAdmin class</strong> and runs whenever Django builds a form field for a ForeignKey.</p> <h3> Method Signature </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="c1"># your logic here </span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <ul> <li> <strong>db_field</strong> → the field object (so you can check if it’s the field you want to customize).</li> <li> <strong>request</strong> → the current HTTP request (so you can check the logged-in user).</li> <li> <strong>kwargs</strong> → extra options passed to the form field.</li> </ul> <h2> Example 1: Restrict Choices to Logged-in User </h2> <p>Let’s say each <code>Book</code> belongs to an <code>Author</code>, and you want a user to only select themselves as the author.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.contrib</span> <span class="kn">import</span> <span class="n">admin</span> <span class="kn">from</span> <span class="n">.models</span> <span class="kn">import</span> <span class="n">Book</span><span class="p">,</span> <span class="n">Author</span> <span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">user</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="n">admin</span><span class="p">.</span><span class="n">site</span><span class="p">.</span><span class="nf">register</span><span class="p">(</span><span class="n">Book</span><span class="p">,</span> <span class="n">BookAdmin</span><span class="p">)</span> </code></pre> </div> <p>✔ Now, the dropdown for <code>author</code> will only show authors tied to the logged-in user.</p> <h2> Example 2: Restrict Choices Based on User Role </h2> <p>Let’s say staff users should only see authors in their department.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">is_superuser</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">department</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">.</span><span class="n">department</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✔ Superusers see all authors, staff see filtered ones.</p> <h2> Example 3: Show Only Active Records </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">is_active</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✔ Only active authors appear in the dropdown.</p> <h2> Alternative Approaches </h2> <p>Sometimes you don’t need <code>formfield_for_foreignkey</code>. Here are other options:</p> <h3> 1. Using <code>limit_choices_to</code> in the Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Book</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">author</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span> <span class="n">Author</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">,</span> <span class="n">limit_choices_to</span><span class="o">=</span><span class="p">{</span><span class="sh">'</span><span class="s">is_active</span><span class="sh">'</span><span class="p">:</span> <span class="bp">True</span><span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p>⚠️ Downside: This is <strong>static</strong> — you can’t use the logged-in user or request context.</p> <h3> 2. Overriding the Form Class </h3> <p>You can also customize choices in the <strong>form</strong> itself:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django</span> <span class="kn">import</span> <span class="n">forms</span> <span class="kn">from</span> <span class="n">.models</span> <span class="kn">import</span> <span class="n">Book</span><span class="p">,</span> <span class="n">Author</span> <span class="k">class</span> <span class="nc">BookForm</span><span class="p">(</span><span class="n">forms</span><span class="p">.</span><span class="n">ModelForm</span><span class="p">):</span> <span class="k">class</span> <span class="nc">Meta</span><span class="p">:</span> <span class="n">model</span> <span class="o">=</span> <span class="n">Book</span> <span class="n">fields</span> <span class="o">=</span> <span class="sh">"</span><span class="s">__all__</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="n">kwargs</span><span class="p">.</span><span class="nf">pop</span><span class="p">(</span><span class="sh">'</span><span class="s">request</span><span class="sh">'</span><span class="p">).</span><span class="n">user</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">fields</span><span class="p">[</span><span class="sh">'</span><span class="s">author</span><span class="sh">'</span><span class="p">].</span><span class="n">queryset</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">user</span><span class="o">=</span><span class="n">user</span><span class="p">)</span> </code></pre> </div> <p>Then plug the form into your admin:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="n">form</span> <span class="o">=</span> <span class="n">BookForm</span> </code></pre> </div> <h2> Best Practices </h2> <ul> <li>✅ Use <code>formfield_for_foreignkey</code> if you need request-aware filtering.</li> <li>✅ Use <code>limit_choices_to</code> for <strong>static filters</strong>.</li> <li>✅ Cache querysets if you expect heavy load.</li> <li>✅ Always allow superusers full access.</li> </ul> <h2> Common Pitfalls </h2> <ol> <li><p><strong>Forgetting <code>super()</code></strong><br> Always call the parent method, otherwise you may break Django’s defaults.</p></li> <li><p><strong>Filtering too aggressively</strong><br> If you filter incorrectly, you might prevent staff from editing old data.</p></li> <li><p><strong>Performance issues</strong><br> Large querysets in dropdowns can slow down admin forms — add filters wisely.</p></li> </ol> <h2> FAQs </h2> <h3> ❓ Can I restrict ForeignKey dropdowns outside the admin? </h3> <p>Yes — in custom forms, override the <code>__init__</code> method and filter querysets.</p> <h3> ❓ Can I hide the dropdown completely? </h3> <p>Yes — you can set <code>readonly_fields</code> or replace the field with a custom widget.</p> <h3> ❓ What if I want autocomplete instead of dropdown? </h3> <p>Use <code>autocomplete_fields</code> in your <code>ModelAdmin</code>. It works well with large datasets.</p> <h2> Conclusion </h2> <p>Restricting ForeignKey choices in Django Admin is a <strong>common real-world need</strong>.<br> And Django makes it easy with the <code>formfield_for_foreignkey</code> method.</p> <p>So whether you searched for:</p> <ul> <li><em>“How to filter related objects in Django admin form”</em></li> <li><em>“Django admin restrict choices dynamically per user”</em></li> <li><em>“Limit ForeignKey dropdown in Django”</em></li> </ul> <p>👉 This guide gives you the complete solution.</p> <p>By overriding <code>formfield_for_foreignkey</code>, you can:</p> <ul> <li>Filter dropdowns per user</li> <li>Apply role-based restrictions</li> <li>Improve performance</li> <li>Keep your admin secure</li> </ul> <p>Read this article aslo <a href="https://globalnewsone.com/restrict-foreignkey-choices-django-admin/" rel="noopener noreferrer">How to Restrict ForeignKey Choices in Django</a></p> python programming django ai Muhammad Atif Iqbal Fri, 03 Oct 2025 10:22:25 +0000 https://forem.com/atifwattoo/formfieldforforeignkey-in-django-admin-a-complete-guide-4586 https://forem.com/atifwattoo/formfieldforforeignkey-in-django-admin-a-complete-guide-4586 <h2> Mastering <code>formfield_for_foreignkey</code> in Django Admin: A Complete Guide </h2> <p>Django’s admin is one of its most powerful features. Out of the box, it gives you forms to create, edit, and manage your models. But sometimes, the default dropdowns for <strong>ForeignKey fields</strong> are too permissive — they show all related objects in the database.</p> <p>What if you want to <strong>restrict the choices</strong> a user can see, based on who is logged in, or some business logic?</p> <p>That’s where <strong><code>formfield_for_foreignkey</code></strong> comes in.</p> <p>Read this aticle also <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey in Django</a></p> <p>In this article, we’ll dive into:</p> <ul> <li>✅ What is <code>formfield_for_foreignkey</code>?</li> <li>✅ How Django handles ForeignKey fields by default</li> <li>✅ Real-world examples of overriding <code>formfield_for_foreignkey</code> </li> <li>✅ When and why you should use it</li> <li>✅ Best practices</li> </ul> <h2> 🔎 What is <code>formfield_for_foreignkey</code> in Django Admin? </h2> <p>In Django Admin, the method <strong><code>formfield_for_foreignkey(self, db_field, request, **kwargs)</code></strong> is a <strong>hook method</strong> that lets you customize the queryset for ForeignKey dropdown fields in the admin form.</p> <p>By default, Django will show <strong>all objects</strong> of the related model.<br> With this method, you can <strong>filter, sort, or limit</strong> the available options.</p> <p><strong>Method signature:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="c1"># custom logic </span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <h2> 🛠 How Django Handles ForeignKey by Default </h2> <p>Imagine we have two models:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Author</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Book</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">title</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">author</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span><span class="n">Author</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">)</span> </code></pre> </div> <ul> <li>In the Django Admin, when creating a <code>Book</code>, the <code>author</code> dropdown will list <strong>all authors</strong> in the database.</li> <li>This is the default behavior.</li> </ul> <p>But what if you only want staff users to see <strong>authors they created</strong>? That’s where you override <code>formfield_for_foreignkey</code>.</p> <h2> 🚀 Example 1: Filter ForeignKey Choices by Logged-in User </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.contrib</span> <span class="kn">import</span> <span class="n">admin</span> <span class="kn">from</span> <span class="n">.models</span> <span class="kn">import</span> <span class="n">Book</span><span class="p">,</span> <span class="n">Author</span> <span class="nd">@admin.register</span><span class="p">(</span><span class="n">Book</span><span class="p">)</span> <span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Only show authors created by the logged-in user </span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">created_by</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Now, when a staff user opens the <strong>Book form</strong>, the <code>author</code> dropdown only lists the authors they created.<br> Superusers will still see everything.</p> <h2> 🚀 Example 2: Show Only Active Related Objects </h2> <p>Sometimes you want to show only <em>active</em> records.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">is_active</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>✅ Now, inactive authors won’t appear in the dropdown.</p> <h2> 🚀 Example 3: Sort the Dropdown Options </h2> <p>You can also <strong>order the queryset</strong> to make the dropdown more user-friendly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">all</span><span class="p">().</span><span class="nf">order_by</span><span class="p">(</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <h2> 🔑 When Should You Use <code>formfield_for_foreignkey</code>? </h2> <p>You should override this method when:</p> <ul> <li>You want to <strong>restrict foreign key options</strong> based on the logged-in user.</li> <li>You need to <strong>hide inactive or irrelevant related objects</strong>.</li> <li>You want to <strong>improve usability</strong> by sorting or limiting dropdown choices.</li> <li>You are working in a <strong>multi-tenant application</strong> where users should not see each other’s data.</li> </ul> <h2> ⚡ Best Practices </h2> <ul> <li>Always call <code>super()</code> at the end so Django can apply its defaults.</li> <li>Be careful with queries — don’t run expensive queries inside this method.</li> <li>Test both staff and superuser accounts to ensure permissions work as expected.</li> <li>Keep the logic simple — if the filtering is very complex, consider using <strong>custom forms</strong> instead.</li> </ul> <h2> 🎯 Final Thoughts </h2> <p>The <strong><code>formfield_for_foreignkey</code></strong> method is one of the most useful hooks in Django Admin. It gives you control over what appears in your ForeignKey dropdowns, making your admin interface <strong>safer, more user-friendly, and tenant-aware</strong>.</p> <p>Whether you’re building a small project or a large SaaS app, mastering this hook will save you a lot of time and prevent accidental data leaks.</p> <p>✅ With this article, you can now:</p> <ul> <li>Explain what <code>formfield_for_foreignkey</code> is.</li> <li>Customize dropdowns for different use cases.</li> <li>Improve your Django admin forms for better usability and security.</li> </ul> <p>Read this aticle also <a href="https://globalnewsone.com/formfield_for_foreignkey-in-django-admin/" rel="noopener noreferrer">formfield_for_foreignkey in Django</a></p> django djangoadmin python ai Muhammad Atif Iqbal Thu, 02 Oct 2025 12:55:53 +0000 https://forem.com/atifwattoo/demystifying-dbfield-in-django-admin-4goe https://forem.com/atifwattoo/demystifying-dbfield-in-django-admin-4goe <p>When working with Django Admin, you’ll often need to customize how fields appear in your forms. Django provides hooks such as <code>formfield_for_foreignkey</code>, <code>formfield_for_choice_field</code>, and <code>formfield_for_dbfield</code> — all of which receive an argument called <strong><code>db_field</code></strong>.</p> <p>If you’ve ever wondered <em>what exactly <code>db_field</code> is and how you can use it</em>, this article is for you.</p> <h2> For complete article please visit <a href="https://globalnewsone.com/demystifying-db_field-in-django-admin/" rel="noopener noreferrer">db_field in Django Admin</a> </h2> <h2> What is <code>db_field</code>? </h2> <p>In short, <strong><code>db_field</code> is the model field object being processed</strong> when Django builds the admin form.</p> <p>When you define a model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.db</span> <span class="kn">import</span> <span class="n">models</span> <span class="k">class</span> <span class="nc">Author</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">name</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">100</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Book</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">title</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">author</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">ForeignKey</span><span class="p">(</span><span class="n">Author</span><span class="p">,</span> <span class="n">on_delete</span><span class="o">=</span><span class="n">models</span><span class="p">.</span><span class="n">CASCADE</span><span class="p">)</span> </code></pre> </div> <p>Django Admin inspects each field (<code>title</code>, <code>author</code>, etc.) when rendering the form. At that point, it passes the actual <strong>field instance</strong> (a <code>CharField</code> or <code>ForeignKey</code>) to your override methods as <code>db_field</code>.</p> <p>So:</p> <ul> <li>For <code>Book.title</code> → <code>db_field</code> will be a <code>CharField</code> instance.</li> <li>For <code>Book.author</code> → <code>db_field</code> will be a <code>ForeignKey</code> instance.</li> </ul> <h2> Where is <code>db_field</code> Used? </h2> <p>The <code>db_field</code> argument appears in several admin customization methods:</p> <ol> <li><p><strong><code>formfield_for_foreignkey(self, db_field, request, **kwargs)</code></strong><br> → Lets you change how <code>ForeignKey</code> fields are displayed.</p></li> <li><p><strong><code>formfield_for_choice_field(self, db_field, request, **kwargs)</code></strong><br> → Lets you modify dropdowns created from <code>choices</code>.</p></li> <li><p><strong><code>formfield_for_dbfield(self, db_field, request, **kwargs)</code></strong><br> → A generic hook for <em>any</em> field type.</p></li> </ol> <h2> Example 1 — Filtering a ForeignKey </h2> <p>Imagine you want to limit which authors appear in the dropdown when creating a book.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.contrib</span> <span class="kn">import</span> <span class="n">admin</span> <span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="c1"># Only customize the "author" field </span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">author</span><span class="sh">"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">queryset</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">Author</span><span class="p">.</span><span class="n">objects</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="n">name__startswith</span><span class="o">=</span><span class="sh">"</span><span class="s">A</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_foreignkey</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>🔎 What’s happening?</p> <ul> <li>Django passes the <code>Book.author</code> field as <code>db_field</code>.</li> <li>We check <code>db_field.name == "author"</code>.</li> <li>Then we override its queryset to only show authors whose names start with “A”.</li> </ul> <h2> Example 2 — Customizing Choices </h2> <p>Suppose you have a field with predefined choices:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Book</span><span class="p">(</span><span class="n">models</span><span class="p">.</span><span class="n">Model</span><span class="p">):</span> <span class="n">GENRE_CHOICES</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span><span class="sh">"</span><span class="s">fiction</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Fiction</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">nonfiction</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Non-Fiction</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">poetry</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Poetry</span><span class="sh">"</span><span class="p">),</span> <span class="p">]</span> <span class="n">title</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">genre</span> <span class="o">=</span> <span class="n">models</span><span class="p">.</span><span class="nc">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">20</span><span class="p">,</span> <span class="n">choices</span><span class="o">=</span><span class="n">GENRE_CHOICES</span><span class="p">)</span> </code></pre> </div> <p>You can alter how these choices appear in admin:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_choice_field</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">db_field</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">genre</span><span class="sh">"</span><span class="p">:</span> <span class="c1"># Reorder or filter choices </span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">choices</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span><span class="sh">"</span><span class="s">fiction</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Fiction</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">poetry</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Poetry</span><span class="sh">"</span><span class="p">),</span> <span class="p">]</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_choice_field</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <h2> Example 3 — Catch-All with <code>formfield_for_dbfield</code> </h2> <p>If you want to apply a rule to <strong>all fields</strong>, use <code>formfield_for_dbfield</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">BookAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="k">def</span> <span class="nf">formfield_for_dbfield</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="c1"># Example: add placeholder text to all CharFields </span> <span class="k">if</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">models</span><span class="p">.</span><span class="n">CharField</span><span class="p">):</span> <span class="n">kwargs</span><span class="p">[</span><span class="sh">"</span><span class="s">widget</span><span class="sh">"</span><span class="p">].</span><span class="n">attrs</span><span class="p">[</span><span class="sh">"</span><span class="s">placeholder</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Enter </span><span class="si">{</span><span class="n">db_field</span><span class="p">.</span><span class="n">verbose_name</span><span class="si">}</span><span class="sh">"</span> <span class="k">return</span> <span class="nf">super</span><span class="p">().</span><span class="nf">formfield_for_dbfield</span><span class="p">(</span><span class="n">db_field</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> </code></pre> </div> <p>Here, every <code>CharField</code> in the model gets a placeholder in its admin input box.</p> <h2> Why is <code>db_field</code> Useful? </h2> <ul> <li>🎯 <strong>Granular Control</strong> — target individual fields like <code>author</code> or <code>genre</code>.</li> <li>👥 <strong>User-Specific Filtering</strong> — restrict dropdowns per user role.</li> <li>🛠 <strong>Custom Widgets</strong> — attach custom widgets or attributes.</li> <li>🧹 <strong>Centralized Logic</strong> — all customization stays inside <code>ModelAdmin</code>.</li> </ul> <h2> Key Takeaways </h2> <ul> <li> <code>db_field</code> is <strong>the actual field object</strong> from your model.</li> <li>Django sends it to hooks so you can inspect the field and modify its admin form behavior.</li> <li> <p>Use:</p> <ul> <li> <code>formfield_for_foreignkey</code> → control <code>ForeignKey</code> dropdowns.</li> <li> <code>formfield_for_choice_field</code> → control <code>choices</code>.</li> <li> <code>formfield_for_dbfield</code> → catch-all for any field type.</li> </ul> </li> </ul> <p>✅ By leveraging <code>db_field</code>, you can transform the Django Admin from a basic CRUD tool into a finely tuned interface that enforces business rules and improves usability.</p> python django djangoadmin beginners Muhammad Atif Iqbal Mon, 15 Sep 2025 13:49:53 +0000 https://forem.com/atifwattoo/what-is-threading-in-python-5eog https://forem.com/atifwattoo/what-is-threading-in-python-5eog <h2> 🔹 What is <strong>threading</strong> in Python? </h2> <ul> <li> <strong>Threading</strong> means running multiple <em>threads</em> of execution within the same process.</li> <li>A <strong>thread</strong> is the smallest unit of a program that can run independently.</li> <li> <p>In Python, threads are often used for tasks like:</p> <ul> <li>Handling multiple user requests in a web server.</li> <li>Running background tasks (like sending emails, logging, or processing data).</li> <li>Improving responsiveness (so the program doesn’t “freeze” while waiting for something).</li> </ul> </li> </ul> <p>👉 Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">threading</span> <span class="kn">import</span> <span class="n">time</span> <span class="k">def</span> <span class="nf">worker</span><span class="p">(</span><span class="n">name</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s"> started</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">2</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s"> finished</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Create 2 threads </span><span class="n">t1</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">worker</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="sh">"</span><span class="s">Thread-1</span><span class="sh">"</span><span class="p">,))</span> <span class="n">t2</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">worker</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="sh">"</span><span class="s">Thread-2</span><span class="sh">"</span><span class="p">,))</span> <span class="n">t1</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="n">t2</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> </code></pre> </div> <p>This runs two “workers” at the same time (interleaved).</p> <h2> 🔹 Why use threading in Django? </h2> <ul> <li>Django (and many web servers like Gunicorn or Uvicorn) may serve multiple users at once.</li> <li>Each request may be handled by a <strong>different thread</strong>.</li> <li>If you need some data <strong>specific to a request/thread</strong> (like which website/domain is being used), you can store it in <strong>thread-local storage</strong> so that it doesn’t get mixed up with another request.</li> </ul> <h2> 🔹 What is <code>_thread_local</code>? </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">_thread_local</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nf">local</span><span class="p">()</span> </code></pre> </div> <ul> <li> <code>threading.local()</code> creates a <strong>thread-local storage object</strong>.</li> <li>That means each thread can store its own attributes without interfering with other threads.</li> <li> <code>_thread_local</code> is just a variable name (the underscore <code>_</code> is a Python convention meaning <em>“this is private, internal use”</em>).</li> </ul> <p>👉 Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">threading</span> <span class="n">local_data</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nf">local</span><span class="p">()</span> <span class="k">def</span> <span class="nf">worker</span><span class="p">(</span><span class="n">name</span><span class="p">):</span> <span class="n">local_data</span><span class="p">.</span><span class="n">value</span> <span class="o">=</span> <span class="n">name</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">In </span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">, local_data.value = </span><span class="si">{</span><span class="n">local_data</span><span class="p">.</span><span class="n">value</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">t1</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">worker</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="sh">"</span><span class="s">Thread-1</span><span class="sh">"</span><span class="p">,))</span> <span class="n">t2</span> <span class="o">=</span> <span class="n">threading</span><span class="p">.</span><span class="nc">Thread</span><span class="p">(</span><span class="n">target</span><span class="o">=</span><span class="n">worker</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">(</span><span class="sh">"</span><span class="s">Thread-2</span><span class="sh">"</span><span class="p">,))</span> <span class="n">t1</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="n">t2</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> </code></pre> </div> <p>Each thread has its own <code>local_data.value</code> → no conflict.</p> <p>✅ <strong>Summary in plain words</strong>:</p> <ul> <li> <strong>Threading</strong> = running multiple requests at once.</li> <li> <strong>threading.local()</strong> = keeps request-specific data separate.</li> <li> <strong>_thread_local.current_website</strong> = acts like a <em>per-request global variable</em>.</li> <li> <strong>Underscore <code>_</code></strong> = naming convention meaning “internal use only”.</li> </ul> python programming ai beginners Muhammad Atif Iqbal Thu, 04 Sep 2025 12:02:51 +0000 https://forem.com/atifwattoo/what-is-a-decorator-in-python-django-and-fastapi-5hj0 https://forem.com/atifwattoo/what-is-a-decorator-in-python-django-and-fastapi-5hj0 <h2> 🔹 Decorators in Python, Django and FastAPI in details with examples </h2> <p>In <strong>Python</strong>, a decorator is a function that <strong>wraps another function or class</strong> to modify or extend its behavior <em>without changing its code directly</em>.</p> <p>Think of it like:</p> <blockquote> <p>“A decorator takes a function/class as input → adds some extra functionality → and returns a new function/class.”</p> </blockquote> <h3> 🔹 Example 1 – Simple function decorator </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">my_decorator</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Before function runs</span><span class="sh">"</span><span class="p">)</span> <span class="nf">func</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">After function runs</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="nd">@my_decorator</span> <span class="c1"># same as: hello = my_decorator(hello) </span><span class="k">def</span> <span class="nf">hello</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Hello, World!</span><span class="sh">"</span><span class="p">)</span> <span class="nf">hello</span><span class="p">()</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Before function runs Hello, World! After function runs </code></pre> </div> <p>Here:</p> <ul> <li> <code>@my_decorator</code> <strong>wraps</strong> the <code>hello()</code> function.</li> <li>When you call <code>hello()</code>, actually <code>wrapper()</code> runs.</li> </ul> <h2> 🔹 Example 2 – Decorator with arguments </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">repeat</span><span class="p">(</span><span class="n">n</span><span class="p">):</span> <span class="k">def</span> <span class="nf">decorator</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">n</span><span class="p">):</span> <span class="nf">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="k">return</span> <span class="n">decorator</span> <span class="nd">@repeat</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span> <span class="c1"># repeat hello 3 times </span><span class="k">def</span> <span class="nf">hello</span><span class="p">(</span><span class="n">name</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Hello </span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="s">!</span><span class="sh">"</span><span class="p">)</span> <span class="nf">hello</span><span class="p">(</span><span class="sh">"</span><span class="s">Atif</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Hello Atif! Hello Atif! Hello Atif! </code></pre> </div> <h3> 🔹 Example 3 – Django decorator </h3> <p>In Django, you’ve seen things like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">django.contrib.auth.decorators</span> <span class="kn">import</span> <span class="n">login_required</span> <span class="nd">@login_required</span> <span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="bp">...</span> </code></pre> </div> <p>Here <code>@login_required</code> ensures that <strong>only logged-in users</strong> can access that view.</p> <h3> 🔹 Example 4 – Class decorator (Django admin) </h3> <p>In your admin file, you saw:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@admin.register</span><span class="p">(</span><span class="n">Payment</span><span class="p">)</span> <span class="k">class</span> <span class="nc">PaymentAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="bp">...</span> </code></pre> </div> <p>This is a <strong>class decorator</strong>.<br> It tells Django: <em>“Register the <code>Payment</code> model in the admin, using this custom admin class.”</em></p> <p>Equivalent without decorator:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">PaymentAdmin</span><span class="p">(</span><span class="n">admin</span><span class="p">.</span><span class="n">ModelAdmin</span><span class="p">):</span> <span class="bp">...</span> <span class="n">admin</span><span class="p">.</span><span class="n">site</span><span class="p">.</span><span class="nf">register</span><span class="p">(</span><span class="n">Payment</span><span class="p">,</span> <span class="n">PaymentAdmin</span><span class="p">)</span> </code></pre> </div> <h3> 🔹 Example 5 – FastAPI decorator </h3> <p>In FastAPI, routes are defined with decorators:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/hello</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">say_hello</span><span class="p">():</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">msg</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Hello World</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p>Here <code>@app.get("/hello")</code> is a decorator that says: <em>“When someone sends a GET request to <code>/hello</code>, call this function.”</em></p> <h3> ✅ <strong>Summary for decorators:</strong> </h3> <ul> <li>Decorators = wrappers that extend/modify behavior of functions/classes.</li> <li>They’re widely used in Django (admin, views, permissions) and FastAPI (routes, middlewares).</li> </ul> <h2> <strong>how to write your own decorator step by step</strong> </h2> <p>Let’s build <strong>your own decorators step by step</strong>.<br> We’ll start from <strong>very basic → then add arguments → then apply in Django-like use cases</strong>.</p> <h3> 🛠 Step 1: Basic decorator </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">simple_decorator</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">👉 Before the function</span><span class="sh">"</span><span class="p">)</span> <span class="nf">func</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">👉 After the function</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="nd">@simple_decorator</span> <span class="k">def</span> <span class="nf">say_hello</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Hello Atif!</span><span class="sh">"</span><span class="p">)</span> <span class="nf">say_hello</span><span class="p">()</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>👉 Before the function Hello Atif! 👉 After the function </code></pre> </div> <p>📌 Here:</p> <ul> <li> <code>@simple_decorator</code> is applied to <code>say_hello</code>.</li> <li>When you call <code>say_hello()</code>, Python actually runs <code>wrapper()</code>.</li> </ul> <h3> 🛠 Step 2: Decorator for any function with arguments </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">log_args</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Function </span><span class="si">{</span><span class="n">func</span><span class="p">.</span><span class="n">__name__</span><span class="si">}</span><span class="s"> called with args=</span><span class="si">{</span><span class="n">args</span><span class="si">}</span><span class="s">, kwargs=</span><span class="si">{</span><span class="n">kwargs</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="c1"># run the real function </span> <span class="k">return</span> <span class="n">wrapper</span> <span class="nd">@log_args</span> <span class="k">def</span> <span class="nf">add</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span> <span class="k">return</span> <span class="n">a</span> <span class="o">+</span> <span class="n">b</span> <span class="nf">print</span><span class="p">(</span><span class="nf">add</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span> <span class="mi">5</span><span class="p">))</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Function add called with args=(3, 5), kwargs={} 8 </code></pre> </div> <h3> 🛠 Step 3: Decorator with arguments </h3> <p>Sometimes you want to pass options to your decorator itself.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">repeat</span><span class="p">(</span><span class="n">n</span><span class="p">):</span> <span class="k">def</span> <span class="nf">decorator</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">n</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Run </span><span class="si">{</span><span class="n">i</span><span class="o">+</span><span class="mi">1</span><span class="si">}</span><span class="s"> of </span><span class="si">{</span><span class="n">n</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="k">return</span> <span class="n">decorator</span> <span class="nd">@repeat</span><span class="p">(</span><span class="mi">3</span><span class="p">)</span> <span class="c1"># repeat the function 3 times </span><span class="k">def</span> <span class="nf">greet</span><span class="p">(</span><span class="n">name</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Hello </span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">greet</span><span class="p">(</span><span class="sh">"</span><span class="s">Atif</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Run 1 of 3 Hello Atif Run 2 of 3 Hello Atif Run 3 of 3 Hello Atif </code></pre> </div> <h2> Decorator in Django </h2> <h3> 🛠 A Django-like decorator </h3> <p>Let’s make our own <strong>login_required</strong> style decorator:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">my_login_required</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="ow">not</span> <span class="nf">getattr</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="sh">"</span><span class="s">user</span><span class="sh">"</span><span class="p">,</span> <span class="bp">None</span><span class="p">):</span> <span class="c1"># check if request has a user </span> <span class="k">return</span> <span class="sh">"</span><span class="s">❌ User not logged in!</span><span class="sh">"</span> <span class="k">return</span> <span class="nf">func</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="c1"># fake request objects </span><span class="k">class</span> <span class="nc">Request</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">user</span> <span class="o">=</span> <span class="n">user</span> <span class="nd">@my_login_required</span> <span class="k">def</span> <span class="nf">dashboard</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Welcome </span><span class="si">{</span><span class="n">request</span><span class="p">.</span><span class="n">user</span><span class="si">}</span><span class="s">!</span><span class="sh">"</span> <span class="nf">print</span><span class="p">(</span><span class="nf">dashboard</span><span class="p">(</span><span class="nc">Request</span><span class="p">()))</span> <span class="c1"># no user </span><span class="nf">print</span><span class="p">(</span><span class="nf">dashboard</span><span class="p">(</span><span class="nc">Request</span><span class="p">(</span><span class="sh">"</span><span class="s">Atif</span><span class="sh">"</span><span class="p">)))</span> <span class="c1"># with user </span></code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>❌ User not logged in! Welcome Atif! </code></pre> </div> <h1> 🛠 Using class decorator (like Django Admin) </h1> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">register_model</span><span class="p">(</span><span class="n">model_name</span><span class="p">):</span> <span class="k">def</span> <span class="nf">decorator</span><span class="p">(</span><span class="n">admin_class</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">✅ Registered </span><span class="si">{</span><span class="n">model_name</span><span class="si">}</span><span class="s"> with admin class </span><span class="si">{</span><span class="n">admin_class</span><span class="p">.</span><span class="n">__name__</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">admin_class</span> <span class="k">return</span> <span class="n">decorator</span> <span class="nd">@register_model</span><span class="p">(</span><span class="sh">"</span><span class="s">Payment</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">PaymentAdmin</span><span class="p">:</span> <span class="k">pass</span> </code></pre> </div> <p><strong>Output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>✅ Registered Payment with admin class PaymentAdmin </code></pre> </div> <p>📌 This is exactly how <code>@admin.register(Model)</code> works internally.</p> <h3> ✅ <strong>Summary for Django Decorators:</strong> </h3> <ul> <li>A decorator is a function that wraps another function/class.</li> <li> <code>@decorator_name</code> is just shorthand for <code>function = decorator_name(function)</code>.</li> <li>They’re useful for <strong>authentication checks, logging, caching, registering routes/admins, etc.</strong> </li> </ul> <h2> <strong>decorators in FastAPI</strong>. </h2> <p>They work the same as Python decorators, but in FastAPI they’re often used for <strong>middleware-like behavior</strong> (before/after running your endpoint).</p> <h3> 🛠 Example 1: Simple logging decorator </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="c1"># Custom decorator </span><span class="k">def</span> <span class="nf">log_request</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">👉 Calling endpoint: </span><span class="si">{</span><span class="n">func</span><span class="p">.</span><span class="n">__name__</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">✅ Finished endpoint: </span><span class="si">{</span><span class="n">func</span><span class="p">.</span><span class="n">__name__</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">result</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/hello</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@log_request</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">say_hello</span><span class="p">():</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Hello Atif!</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p><strong>When you visit <code>/hello</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>👉 Calling endpoint: say_hello ✅ Finished endpoint: say_hello </code></pre> </div> <h3> 🛠 Example 2: Decorator to check API Key </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">Request</span><span class="p">,</span> <span class="n">HTTPException</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="k">def</span> <span class="nf">require_api_key</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">api_key</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">X-API-Key</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">api_key</span> <span class="o">!=</span> <span class="sh">"</span><span class="s">secret123</span><span class="sh">"</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">403</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Invalid API Key</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">func</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/secure</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@require_api_key</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">secure_endpoint</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">Request</span><span class="p">):</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">You are authorized!</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <p>🔑 If you call <code>/secure</code> without <code>X-API-Key: secret123</code>, you’ll get:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="nl">"detail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Invalid API Key"</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 🛠 Example 3: Decorator with arguments (rate limiter style) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">time</span> <span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="k">def</span> <span class="nf">rate_limit</span><span class="p">(</span><span class="n">seconds</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> <span class="n">last_called</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">def</span> <span class="nf">decorator</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">wrapper</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">now</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">if</span> <span class="n">func</span><span class="p">.</span><span class="n">__name__</span> <span class="ow">in</span> <span class="n">last_called</span> <span class="ow">and</span> <span class="n">now</span> <span class="o">-</span> <span class="n">last_called</span><span class="p">[</span><span class="n">func</span><span class="p">.</span><span class="n">__name__</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">seconds</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">429</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Too many requests</span><span class="sh">"</span><span class="p">)</span> <span class="n">last_called</span><span class="p">[</span><span class="n">func</span><span class="p">.</span><span class="n">__name__</span><span class="p">]</span> <span class="o">=</span> <span class="n">now</span> <span class="k">return</span> <span class="k">await</span> <span class="nf">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapper</span> <span class="k">return</span> <span class="n">decorator</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/ping</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@rate_limit</span><span class="p">(</span><span class="mi">5</span><span class="p">)</span> <span class="c1"># limit calls to every 5 seconds </span><span class="k">async</span> <span class="k">def</span> <span class="nf">ping</span><span class="p">():</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">pong!</span><span class="sh">"</span><span class="p">}</span> </code></pre> </div> <ul> <li>First request works ✅</li> <li>Second request within 5s → <strong>429 Too Many Requests</strong> </li> </ul> <h3> 🛠 Example 4: Class decorator for routes (like Django’s <code>@admin.register</code>) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">tag_routes</span><span class="p">(</span><span class="n">tag</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="k">def</span> <span class="nf">decorator</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="n">func</span><span class="p">.</span><span class="n">_tag</span> <span class="o">=</span> <span class="n">tag</span> <span class="c1"># attach metadata </span> <span class="k">return</span> <span class="n">func</span> <span class="k">return</span> <span class="n">decorator</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/items</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@tag_routes</span><span class="p">(</span><span class="sh">"</span><span class="s">inventory</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_items</span><span class="p">():</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">items</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">apple</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">banana</span><span class="sh">"</span><span class="p">]}</span> <span class="c1"># Later you could inspect `get_items._tag` == "inventory" </span></code></pre> </div> <h2> ✅ <strong>Summary for FastAPI decorators</strong> </h2> <ul> <li>Work same as Python decorators</li> <li> <p>Useful for:</p> <ul> <li>Logging</li> <li>Auth / API keys</li> <li>Rate limiting</li> <li>Attaching metadata</li> </ul> </li> <li><p>You can mix them with <strong>FastAPI’s built-in dependencies</strong>, but decorators give more fine-grained control.</p></li> </ul> python decorator django fastapi Muhammad Atif Iqbal Tue, 02 Sep 2025 11:52:23 +0000 https://forem.com/atifwattoo/arrays-lists-dicts-and-sets-across-python-c-and-javascript-34j4 https://forem.com/atifwattoo/arrays-lists-dicts-and-sets-across-python-c-and-javascript-34j4 <h2> Comparison of Arrays, Lists, Dicts, and Sets Across Python, C++, and JavaScript </h2> <h2> ✅ 1. <strong>Arrays vs Dicts in Each Language</strong> </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Concept</th> <th>Python</th> <th>C++</th> <th>JavaScript</th> </tr> </thead> <tbody> <tr> <td><strong>Array / List</strong></td> <td><code>list = [10, 20, 30]</code></td> <td> <code>int arr[3] = {10, 20, 30};</code> or <code>vector&lt;int&gt; arr = {10, 20, 30};</code> </td> <td><code>let arr = [10, 20, 30];</code></td> </tr> <tr> <td><strong>Dictionary / Map (Key-Value)</strong></td> <td><code>d = {"a": 1, "b": 2}</code></td> <td><code>map&lt;string, int&gt; d = {{"a", 1}, {"b", 2}};</code></td> <td> <code>let d = {a: 1, b: 2};</code> or <code>let d = new Map([["a", 1], ["b", 2]]);</code> </td> </tr> <tr> <td><strong>Set (Unique elements, unordered)</strong></td> <td><code>s = {1, 2, 3}</code></td> <td><code>set&lt;int&gt; s = {1, 2, 3};</code></td> <td><code>let s = new Set([1, 2, 3]);</code></td> </tr> </tbody> </table></div> <h2> ✅ 2. <strong>Why "Array" is called "List" in Python &amp; JavaScript</strong> </h2> <ul> <li>In <strong>C++</strong>, <code>array</code> is a <strong>low-level fixed-size container</strong>. Example: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">arr</span><span class="p">[</span><span class="mi">3</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">};</span> <span class="c1">// Size is 3, cannot change</span> </code></pre> </div> <ul> <li>In <strong>Python</strong> and <strong>JavaScript</strong>, arrays are <strong>dynamic and resizable</strong>, so they are closer to C++ <code>vector</code>: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">]</span> <span class="n">arr</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span> <span class="c1"># can grow </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">arr</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">];</span> <span class="nx">arr</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="mi">4</span><span class="p">);</span> <span class="c1">// can grow</span> </code></pre> </div> <p>👉 That’s why Python calls it <code>list</code>, not <code>array</code>, because it’s flexible.<br> 👉 JS still calls it <code>Array</code>, but it behaves like a Python list.</p> <h2> ✅ 3. <strong>Why C++ Arrays are Declared with <code>{}</code> not <code>[]</code></strong> </h2> <ul> <li> <strong>Square brackets <code>[]</code></strong> → specify <strong>size/index</strong>. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">arr</span><span class="p">[</span><span class="mi">3</span><span class="p">];</span> <span class="c1">// array of size 3</span> </code></pre> </div> <ul> <li> <strong>Curly braces <code>{}</code></strong> → specify <strong>values for initialization</strong>. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">arr</span><span class="p">[</span><span class="mi">3</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="mi">10</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">30</span><span class="p">};</span> <span class="c1">// initialize</span> </code></pre> </div> <p>So:</p> <ul> <li> <code>[]</code> → size</li> <li> <code>{}</code> → values</li> </ul> <h2> ✅ 4. <strong>C++ 3D Array Example</strong> </h2> <p>A <strong>3D array</strong> = array of arrays of arrays.<br> Example: a cube <code>2 × 3 × 4</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#include</span> <span class="cpf">&lt;iostream&gt;</span><span class="cp"> </span><span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> <span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">arr</span><span class="p">[</span><span class="mi">2</span><span class="p">][</span><span class="mi">3</span><span class="p">][</span><span class="mi">4</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span> <span class="p">{</span> <span class="p">{</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">},</span> <span class="p">{</span><span class="mi">5</span><span class="p">,</span> <span class="mi">6</span><span class="p">,</span> <span class="mi">7</span><span class="p">,</span> <span class="mi">8</span><span class="p">},</span> <span class="p">{</span><span class="mi">9</span><span class="p">,</span> <span class="mi">10</span><span class="p">,</span> <span class="mi">11</span><span class="p">,</span> <span class="mi">12</span><span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="p">{</span><span class="mi">13</span><span class="p">,</span> <span class="mi">14</span><span class="p">,</span> <span class="mi">15</span><span class="p">,</span> <span class="mi">16</span><span class="p">},</span> <span class="p">{</span><span class="mi">17</span><span class="p">,</span> <span class="mi">18</span><span class="p">,</span> <span class="mi">19</span><span class="p">,</span> <span class="mi">20</span><span class="p">},</span> <span class="p">{</span><span class="mi">21</span><span class="p">,</span> <span class="mi">22</span><span class="p">,</span> <span class="mi">23</span><span class="p">,</span> <span class="mi">24</span><span class="p">}</span> <span class="p">}</span> <span class="p">};</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">arr</span><span class="p">[</span><span class="mi">1</span><span class="p">][</span><span class="mi">2</span><span class="p">][</span><span class="mi">3</span><span class="p">];</span> <span class="c1">// Output: 24</span> <span class="p">}</span> </code></pre> </div> <p>👉 Think of it as a <strong>box</strong> with <code>2 layers</code>, each having <code>3 rows</code>, each row having <code>4 columns</code>.</p> <h2> ✅ 5. <strong>Sets in Each Language</strong> </h2> <ul> <li> <strong>Python</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="n">s</span> <span class="o">=</span> <span class="p">{</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">3</span><span class="p">}</span> <span class="nf">print</span><span class="p">(</span><span class="n">s</span><span class="p">)</span> <span class="c1"># {1, 2, 3} (removes duplicates) </span></code></pre> </div> <ul> <li> <strong>C++</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="cp">#include</span> <span class="cpf">&lt;set&gt;</span><span class="cp"> </span> <span class="n">set</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">s</span> <span class="o">=</span> <span class="p">{</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">3</span><span class="p">};</span> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">x</span> <span class="o">:</span> <span class="n">s</span><span class="p">)</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">x</span> <span class="o">&lt;&lt;</span> <span class="s">" "</span><span class="p">;</span> <span class="c1">// 1 2 3</span> </code></pre> </div> <ul> <li> <strong>JavaScript</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">let</span> <span class="nx">s</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">([</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">3</span><span class="p">]);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">s</span><span class="p">);</span> <span class="c1">// Set(3) {1, 2, 3}</span> </code></pre> </div> <p>👉 <strong>Difference with <code>{}</code> in Python</strong></p> <ul> <li> <code>{}</code> in Python <strong>by default = dict</strong> (empty dictionary).</li> <li> <code>set()</code> must be used for empty set. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">a</span> <span class="o">=</span> <span class="p">{}</span> <span class="c1"># dictionary </span><span class="n">b</span> <span class="o">=</span> <span class="nf">set</span><span class="p">()</span> <span class="c1"># empty set </span></code></pre> </div> <p>👉 In C++ <code>{}</code> is not a set—it’s <strong>array initializer</strong>.</p> <h2> ✅ 6. <strong>Quick Example Comparison</strong> </h2> <h3> Array / List </h3> <ul> <li>Python: <code>arr = [10, 20, 30]</code> </li> <li>C++: <code>int arr[3] = {10, 20, 30};</code> </li> <li>JS: <code>let arr = [10, 20, 30];</code> </li> </ul> <h3> Dictionary / Map </h3> <ul> <li>Python: <code>{"x": 1, "y": 2}</code> </li> <li>C++: <code>map&lt;string, int&gt; d = {{"x",1},{"y",2}};</code> </li> <li>JS: <code>{x:1, y:2}</code> or <code>new Map([["x",1],["y",2]])</code> </li> </ul> <h3> Set </h3> <ul> <li>Python: <code>{1, 2, 3}</code> </li> <li>C++: <code>set&lt;int&gt; s = {1, 2, 3};</code> </li> <li>JS: <code>new Set([1, 2, 3])</code> </li> </ul> <p>✅ So summary:</p> <ul> <li><strong>C++ arrays = low-level, fixed size.</strong></li> <li><strong>Python list / JS Array = dynamic array (like C++ vector).</strong></li> <li><strong>Dict/Map = key-value store (different thing).</strong></li> <li><strong>Set = unique elements in all three.</strong></li> </ul> python javascript cpp programming Muhammad Atif Iqbal Mon, 01 Sep 2025 15:00:07 +0000 https://forem.com/atifwattoo/django-vs-flask-vs-fastapi-37n4 https://forem.com/atifwattoo/django-vs-flask-vs-fastapi-37n4 <h1> Django vs Flask vs FastAPI: A Complete Comparison </h1> <p>When building a web application in Python, three popular frameworks often come up in discussions: <strong>Django</strong>, <strong>Flask</strong>, and <strong>FastAPI</strong>. Each has its own strengths, weaknesses, and use cases. Choosing the right one depends on your project requirements, scalability goals, and developer experience.</p> <h2> 1. <strong>Django</strong> </h2> <h3> Overview </h3> <p>Django is a <strong>high-level, full-stack web framework</strong> designed for rapid development. It comes with batteries-included philosophy, meaning most of the essential features (ORM, authentication, admin panel) are built-in.</p> <h3> Key Features </h3> <ul> <li>Built-in <strong>ORM</strong> for database operations</li> <li> <strong>Authentication and Authorization</strong> out of the box</li> <li> <strong>Admin interface</strong> for managing data</li> <li>Template engine for rendering HTML</li> <li>Follows <strong>MTV (Model-Template-View)</strong> pattern</li> </ul> <h3> Pros </h3> <ul> <li>Great for <strong>large projects</strong> needing structure</li> <li>Mature ecosystem with <strong>lots of third-party packages</strong> </li> <li>Strong community and documentation</li> <li>Excellent for applications where you need an admin panel and a lot of built-in tools</li> </ul> <h3> Cons </h3> <ul> <li> <strong>Heavyweight</strong> compared to Flask and FastAPI</li> <li>Less flexible (you often need to follow Django’s way of doing things)</li> <li>Not as fast as FastAPI for APIs</li> </ul> <h3> Best Use Cases </h3> <ul> <li><strong>Enterprise applications</strong></li> <li> <strong>Content-heavy websites</strong> (CMS, e-commerce)</li> <li> <strong>Projects where rapid prototyping</strong> with an admin panel is needed</li> </ul> <h2> 2. <strong>Flask</strong> </h2> <h3> Overview </h3> <p>Flask is a <strong>lightweight, micro web framework</strong>. Unlike Django, it doesn’t force you to use an ORM or specific tools. It’s very flexible and lets developers pick their own components.</p> <h3> Key Features </h3> <ul> <li>Minimal, simple, and easy to get started</li> <li>Jinja2 templating engine</li> <li>Extensions available for ORM (SQLAlchemy), authentication, etc.</li> <li>Designed for flexibility</li> </ul> <h3> Pros </h3> <ul> <li>Very <strong>lightweight and flexible</strong> </li> <li>Easy to learn and understand</li> <li>Perfect for <strong>small APIs or web apps</strong> </li> <li>Great choice when you need <strong>full control</strong> over architecture</li> </ul> <h3> Cons </h3> <ul> <li>No built-in ORM, authentication, or admin (everything must be added manually)</li> <li>Can lead to “reinventing the wheel” for larger apps</li> <li>Not the fastest (synchronous, unless extended with async libraries)</li> </ul> <h3> Best Use Cases </h3> <ul> <li><strong>Small to medium APIs</strong></li> <li> <strong>Prototypes</strong> and learning projects</li> <li>Apps where you need <strong>complete freedom</strong> in choosing tools</li> </ul> <h2> 3. <strong>FastAPI</strong> </h2> <h3> Overview </h3> <p>FastAPI is a <strong>modern, high-performance web framework</strong> for building APIs with Python. It’s built on <strong>Starlette</strong> (for the web parts) and <strong>Pydantic</strong> (for data validation). It is designed with <strong>asynchronous support</strong> and automatic <strong>OpenAPI/Swagger documentation</strong>.</p> <h3> Key Features </h3> <ul> <li>Built-in <strong>async/await</strong> support</li> <li>Automatic generation of <strong>interactive API docs</strong> (Swagger &amp; ReDoc)</li> <li>Strong typing with <strong>Pydantic models</strong> </li> <li>Extremely <strong>fast performance</strong> (comparable to Node.js and Go)</li> </ul> <h3> Pros </h3> <ul> <li>Very <strong>fast</strong> (close to raw Starlette speed)</li> <li>Great for <strong>modern APIs and microservices</strong> </li> <li>Automatic validation and documentation saves time</li> <li>Strong typing makes debugging and scaling easier</li> </ul> <h3> Cons </h3> <ul> <li>Relatively <strong>younger framework</strong> (less mature ecosystem than Django/Flask)</li> <li>Smaller community compared to Django</li> <li>Not ideal for traditional <strong>monolithic web apps with templates and admin</strong> </li> </ul> <h3> Best Use Cases </h3> <ul> <li><strong>REST APIs and microservices</strong></li> <li> <strong>Real-time applications</strong> (chat, IoT, etc.)</li> <li> <strong>Machine Learning/AI apps</strong> (where performance matters)</li> </ul> <h2> 4. <strong>Performance Comparison</strong> </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Django 🟦</th> <th>Flask 🟧</th> <th>FastAPI 🟩</th> </tr> </thead> <tbody> <tr> <td>Learning Curve</td> <td>Moderate</td> <td>Easy</td> <td>Moderate</td> </tr> <tr> <td>Performance</td> <td>Medium</td> <td>Medium</td> <td><strong>High</strong></td> </tr> <tr> <td>Async Support</td> <td>Limited</td> <td>Partial</td> <td><strong>Native</strong></td> </tr> <tr> <td>Built-in Tools</td> <td><strong>Many</strong></td> <td>Few</td> <td>Moderate</td> </tr> <tr> <td>Community &amp; Ecosystem</td> <td><strong>Large</strong></td> <td>Large</td> <td>Growing</td> </tr> <tr> <td>Best for</td> <td>Full apps</td> <td>Small apps</td> <td>APIs &amp; microservices</td> </tr> </tbody> </table></div> <h2> 5. <strong>Which One Should You Choose?</strong> </h2> <ul> <li> <strong>Choose Django</strong> if you’re building a <strong>large web application</strong> with a database, admin panel, and built-in tools. (e.g., e-commerce site, CMS, ERP)</li> <li> <strong>Choose Flask</strong> if you need a <strong>simple, lightweight solution</strong> or you want full control with minimal dependencies. (e.g., small APIs, prototypes)</li> <li> <strong>Choose FastAPI</strong> if you’re building <strong>modern APIs or microservices</strong> where speed and scalability matter. (e.g., ML model serving, real-time apps)</li> </ul> <p>✅ <strong>In short:</strong></p> <ul> <li> <strong>Django = batteries included</strong> (big projects, admin dashboards)</li> <li> <strong>Flask = flexibility</strong> (small projects, learning, custom solutions)</li> <li> <strong>FastAPI = speed &amp; modern APIs</strong> (microservices, AI/ML backends)</li> </ul> python django flask fastapi