允许用户更改模板的最佳方式是什么?
在我的一个项目中,我的用户将拥有我网站的专用部分 ({username}.example.org)。在该子域中,我计划允许他们轻松更改设计。 我查看了一些已经这样做的在线网站,例如 Tumblr、Posterous 和 Shopify。
关于这个应用程序的语言,我从 Django 开始,我成功地实现了一个“基于 url 名称的模板渲染,默认为后备”(http://someuser.example.com 将加载templates/someuser/* 或 templates/generic/* 中的模板(如果在第一个中找不到)。 但如果 PHP 或 Play!Framework 更适合我的需求,我可以将其导出。
使用的模板引擎是Jinja2,因为它和Django模板引擎一样简单,易于学习,并且安全(Python 代码不能(通常应该!)被执行)。
这是我发现的每个解决方案的优点/缺点。我真的很感激你对此的想法以及你会采取哪种方式,为什么。谢谢。
注意:用户将对 HTML/CSS 有很好的了解。
更改变量(如标题颜色等)
优点:
- 简单&安全
缺点:
- 功能太有限,想要个性化其网站的用户将无法使用此解决方案实现这一点
仅上传 CSS
优点:
- 易于集成
- 安全
缺点:
- 有限
- 用户图像存储在哪里? (徽标、背景、一些渐变等)
允许用户编辑模板(存储在数据库中)
优点:
- 改变更重要
- 用户(几乎)可以自由地做任何他想做的事情(实现 GA、FeedBurner 等) 优点
缺点:
- 他们将静态文件(徽标、背景图像、一些特殊效果(渐变))放在哪里?
- 模板存储在数据库中,每显示一页都需要一次 SQL 请求
允许用户编辑模板(存储在文件中)
优点:
- 改变更重要
- 用户(几乎)可以自由地做任何他想做的事情(实现 GA、FeedBurner 等)
- 可以启用 FTP 访问,将用户置于其模板目录中。
缺点:
- 静态文件也有同样的问题 缺点
此外,我遇到的问题是如何处理静态文件(图像、css、js):我看不到如何在 Apache(或 NGinx)中定义 VirtualHost ),这将请求数据库查看哪些用户属于该 url。
感谢您的帮助,我很感激!
In one of my project, my users will have a dedicated part of my website ({username}.example.org). In that subdomain, I plan to allow them to change the design easily.
I took a look at some online website that already does that, like Tumblr, Posterous and Shopify.
Regarding the language of this application, I started it with Django, which I succeedly implemented a "template rendering based on the url name with default as fallback" (http://someuser.example.com will load the templates in templates/someuser/* or in templates/generic/* if not found in the first).
But I can export it to PHP or Play!Framework if they are more adapted to my needs.
The template engine used is Jinja2, since it is as simple as Django template engine, easy to learn, and safe (no Python coode can (should normally!) be executed).
Here is the Pros/Cons of each solution I found. I would really appreciate your thoughts on that and which way you would do, why. Thanks.
Note: The users will have a good knowledge in HTML/CSS.
Changing vars (like title color, etc)
Pros:
- Simple & secure
Cons:
- Too limited, an user that want to personalize his website won't be able to do so with this solution
Only upload CSS
Pros:
- Simple to integrate
- Secure
Cons:
- Limited
- Where the user image are stored? (logo, background, some gradient, etc)
Allow user to edit templates (stored in the database)
Pros:
- Changes are more important
- The user is (almost) free to do whatever he wants (implements GA, FeedBurner, etc)
Cons:
- Where do they put the static files (logo, background-image, some special effect (gradient))?
- Template are stored in the database, which require one more SQL request for each page displayed
Allow user to edit templates (stored in files)
Pros:
- Changes are more important
- The user is (almost) free to do whatever he wants (implements GA, FeedBurner, etc)
- A FTP access can be enabled, rooting the user in his Template dir.
Cons:
- The same problem for the static files
Also, where I'm stuck is about how to handle static files (images, css, js) : I can't see how to define a VirtualHost in Apache (or NGinx) that would request the database to see which users belongs this url.
Thanks for your help, I appreciate!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我会根据我所做的和我的研究来回答自己。
正如史蒂夫提到的,您必须非常小心地让用户自定义页面布局。
风险必须得到充分评估!
就我而言,让用户更改完整的 HTML/CSS/JS 是可能的,就像 Posterous 或 Tumblr 可以。
风险是:
如果这两个条件得到很好的评估,选项“允许用户编辑模板(存储在数据库中)”是一个很好的解决方案。
但是,如果您担心数据库可能有太多点击,则最后一个解决方案,又名“允许用户编辑模板(存储在文件中)”,可能是可能的,如果:
好吧,我想我已经涵盖了整个问题。我可能遗漏了一些要点,如果是这样,请添加评论或新帖子,我会完成答案。
Ok, I'll answer myself based on what I did and my research.
As Steve mentionned, you have to be very careful about letting users customise page layout.
The risk must be well evaluated!
In my case, letting users change the complete HTML/CSS/JS is possible, in a way, like Posterous or Tumblr does.
The risks are :
If those two conditions are well evaluated, the option "Allow user to edit templates (stored in the database)" is a good solution.
But if you are worried about too many hits the database could have, the last solution, aka "Allow user to edit templates (stored in files)", could be possible, if :
Well, I think I covered the whole problem. It's possible I miss some points, if it's the case, please add a comment or a new post and I will complete the answer.