Skip to content

Dependency review 2021.06

Synopsis

I am revieweing all direct dependencies of AlekSIS-Core. Priorities:

  • Describe every dependency and why it is there
  • Determine whether the dependency is intended for use by apps and thus part of the public API
  • Qualify which dependencies should be removed/replaced

Dependencies

django-any-js

Reason

Helps keeping JS/CSS asset paths in settings so users are enabled to use their own locally hosted versions, or packagers in e.g. Debian to use the scripts from distribution packages

Recommendations

  • Document how apps can add assets that are configurable

django-debug-toolbar

Reason

Helps with tracing issues and doing performance analysis. Really necessary in development, but helpful on production sites for support reasons.

Recommendations

  • Discuss whether this should be an optional extra dependency

django-middleware-global-request

Reason

Anti-pattern library to get a request object in places where there shouldn't be one; thus in the course of getting removed.

Recommendations

django-menu-generator-ng

Reason

Dynamic definition of menues, not perfect, with some todos. But for this release, we do not have anything better.

Recommendations

  • Document how apps can add menu items and what they should take care of

django-tables2

Reason

Class-based table creation, absolutely necessary.

Recommendations

  • Document how apps should use forms, views models, and tables, and all of them together

Pillow

Reason

Image processing library; probably used by some other dependency.

Recommendations

  • Find out why this is a direct dependency, and probably remove.

django-phonenumber-field

Reason

Used in the Person object for phone number validation.

Recommendations

  • Document fo apps that his can and should be relied on when working with phone numbers

django-sass-processor, libsass and colour

Reason

Dynamic re-generation of CSS after changes to theme preferences.

Recommendations

None

Dynaconf

Reason

Settings generation from environment and config files.

Recommendations

  • Document how config files and environment variables are handled in the admin manual

django-settings-context-processor

Reason

Adds configured settings values to the template context; currently used for ADMINS and DEBUG.

Recommendations

Too trivial to have a dependency for it. Also, seems like an anti-pattern. The ADMINS list is used in error templates and could be injected from the error views; the DEBUG is only used on the status page and could be injected there.

If wer want to make things like ocnfigured admins availlable as a template API for apps, we should provide selective templatetags for it.

  • Remove django-settings-context-processor and define better ways to handl the values it passes

django-auth-ldap

Reason

LDAP authentication, optional dependency.

Recommendations

None

django-maintenance-mode

Reason

Show a static page when a maintenance flag is set

Recommendations

None

ipware

Reason

Used by the maintenance mode to determine client IP address independent of proxies, etc.

Recommendations

  • Discuss whether we need this. If there is a proxy, it probably should handle the maintenance page itself anyway…
  • Determine whether other parts of AlekSIS could profit from ipware

django-impersonate

Reason

Used in support to see AlekSIS from the view of another user, if superuser privileges are available

Recommendations

  • Document this in the admin and user parts of the documentation

python-memcached

Reason

Caching backend memcached; not used by default.

Recommendations

  • Determine whether this should be an optional dependency
  • Discuss migration to uwsgi caching backend as default

django-hattori

Reason

Pseudonymisation of data via management command

Recommendations

  • Discuss whether we want to support data pseudonymisation out of the box
    • Discuss whether this should be optional
    • Discuss whether there should be a frontend

psycopg2

Reason

PostgreSQL driver, necessary.

Recommendations

  • Document in developer reference that apps can rely on PostgreSQL-only features

django_select2

Reason

Integration of Select2 for multi-part form fields and dynamic select fields

Recommendations

  • Document in dev reference that apps can and should use it

requests

Reason

Not used in core

Recommendations

  • Remove (and ensure that apps that currently need it depend on it directly; probably only Exlibris)

django-two-factor-auth

Reason

2FA, obviously. Necessary.

Recommendations

  • Determine whether we can get it integrated directly with allauth instead
  • Document use of 2FA in the user manual
  • Define rules to require 2FA for views or parts of them
    • Document htis mechanism in the dev reference

django-yarnpkg

Reason

Define JS dependencies and integratre with colelctstatic, necessary.

Recommendations

  • Document how to add own JS dependencies for apps in dev reference

django-material

Reason

Partial integration of materialize and Django

Recommendations

  • Document in dev reference what apps should do to get a ocnsistent material design, and how to use partials from core, etc.

django-pwa

Reason

Progressive Web App utilities

Recommendations

  • Document in user manual how to get a native feeling with the PWA (e.e. adding to homescreen on mobile phones)
  • Document in dev reference how to control caching, add things to the serviceworker, etc/

django-dynamic-preferences

Reason

Code-defined preferences with frontend

Recommendations

  • Document in admin manual how settings and preferences relate, and what preference scopes exist (site, group, person)
  • Document in user manual how to change personal preferences
  • Document in dev reference how to add own prefernces, and when to use preferences
    • Document preference best practices

django_widget_tweaks

Reason

Rendering of single form fields with options in templates

Recommendations

  • Docuemnt in dev reference that it can be used and when to do so (definition of such attributes in Form class vs. template)
    • Best practices for form layout
  • Check that we use it wverywhere we should ourselves

django-filter

Reason

Filter list views dybamically

Recommendations

  • Document in dev reference that it can and should be used

django-templated-email and html2text

Reason

used to generate HTML mails and fallback plaintext parts

Recommendations

  • Document in dev reference that it can and should be used
    • Explain why corporate design matters
    • Explain why a good plaintext part also matters
  • Provide base templates for e-mails generated by apps

django-ckeditor

Reason

WYSIWYG fields

Recommendations

  • Get !426 (closed) merged
  • Document in dev reference when to use it, and how to do so consistently
    • Explain why this can be a security risk, and how to prevent this

django-js-reverse

Reason

Used to pass URL map to JavaScript code

Recommendations

  • Document in dev reference how to use this

calendarweek

Reason

Mainly used in Chronos for wee kcalculations, and partially for the i18n of the week selector

Recommendations

  • Discuss whether this is really considered important enough to be in core

Celery, django-celery-results, django-celery-beat, django-celery-email, celery-progress

Reason

Asynchronous tasks

Recommendations

  • Get !491 (merged) merged
  • Document in admin reference (how to set upo, why it is needed, how to do maintenance)
  • Document in dev reference how to use and when to use asynchronous tasks
  • Check that we provide Celery progress everywhere we should
  • Document in dev reference how to let the user wait for a task result, when to do so, and when not

django-jsonstore

Reason

Extended data on extensible omdel

Recommendations

  • Dcoument in dev reference when to use model extensions (and when to use a separate model instead), and hwo this works, and its limitations
  • Reevaluate AGPL licence and whether it is relevant for us or not

django-colorfield

Reason

Used in theme preferences, and provided for other apps (like the timetable in Chronos)

Recommendations

  • Document in dev reference that it can and should be used
  • Verify that the field has a good widget by defualt

django-bleach

Reason

Sanitise HTML

Recommendations

  • Find out where it is used (DashboardFeeds?)
    • Discuss whether it should be a core dependency
    • Is it / can it be used by the ckeditor integration or some such?

django-guardian + rules

Reason

Object-level permissions and code-defined privileges

Recommendations

  • Evaluate Bridgekeeper as a replacement
  • Document in dev reference that it can and should be used
    • Best practices
    • Security implications
    • Legal requirements

django-cache-memoize

Reason

Caching of function results with a decorator

Recommendations

  • Document in dev reference whe nand how to use it

django-haystack and celery-haystack-ng

Reason

Global search with indexing

Recommendations

  • Resolve #363 (closed)
  • Document in dev reference how to fil lthe global search index

django-dbbackup

Reason

Backups of database and media

Recommendations

  • Document in admin manual how to do backups, including best practices

spdx-licence-list and licence-expression

Reason

Used on about page to determine free licences

Recommendations

  • Discuss whether all of this should be in core, or rather in Winkel, or nowhere at all
  • Document in dev reference how to declare meta-data of apps

django-reversion

Reason

Used for history of models and soft deletion

Recommendations

  • Document in dev reference that it can and should be used
    • Explain when to create a revision

django-favicon-plus-reloaded

Reason

Generation of icons for web apps and meta-tags

Recommendations

  • Resolve #356 (closed)
  • Discuss whether we need this or not
  • Document in admin manual how to configure own icons

django-health-check and psutil

Reason

Provides checks for system health

Recommendations

  • Document in admin manual what this is and how to use
  • Document in dev reference how to add own health checks, and when to do so

django-cachalot

Reason

Query caching

Recommendations

  • Document in dev reference that it is used, and what this means for queries

django-prometheus

Reason

Provides metrics in Promtheus exporter format

Recommendations

  • Document in admin manual what this is and how to use it
  • Provide a good Grafana dashboard with AlekSIS
  • Document in dev reference how to add own metrics

importlib-metadata

Reason

Backwards-compatibility for Python 3.7, used in ap pauto-discovery

Recommendations

  • Discuss whether we can suppor tonly Python >3.9
  • Discuss whether we need app auto-discovery

django-model-utils

Reason

Some useful mixins and such, used to add automatic timestamps

Recommendations

  • Document in dev reference that it can and should be used (especially FieldTracker)

bs4 (BeautifulSoup)

Reason

Used in html_helpers to do… something

Recommendations

  • Find out what it does, and whether it is needed in core or not
    • Add resulting documentation

django-extensions and ipython

Reason

Currently used to get shell_plus

Recommendations

It seems having good utilites at hand is also important for admins, not only for developers, and if admins hit rough edges where they e.g. need a shell, we should make their lives easier

  • Discuss the above, and whther things like this should be a core dependency
    • Document in admin manual whichtools are available and how to use them

django-dirtyfields

Reason

Track field modifications for conditional saves/syncs

Recommendations

  • Replace with FieldTracker from django-model-utils (!492 (merged))
Edited by Nik | Klampfradler