A backend REST API built with Django and Django REST Framework that provides secure JWT authentication, Role-Based Access Control (RBAC), task management, filtering, searching, ordering, pagination, and unit testing.
Task Manager REST API is a backend application that enables authenticated users to securely create and manage personal tasks through RESTful APIs.
The project implements:
- JWT Authentication using SimpleJWT
- Role-Based Access Control (RBAC) using Django Groups
- Complete CRUD operations for task management
- Filtering
- Searching
- Ordering
- Pagination
- Unit Tests
The application follows Django REST Framework best practices including
serializers, viewsets, custom permissions, optimized querysets using
select_related(), and clean project organization.
- 🔐 JWT Authentication
- 👥 Role-Based Access Control (Admin & User)
- ✅ Complete CRUD Operations for Task Management
- 🔍 Search Tasks
- 🎯 Filter Tasks
↕️ Ordering Support- 📄 Pagination
- 👤 Admin-only User Listing
- 🗂️ Admin-only Owner Filtering
- ⚡ Optimized Database Queries using
select_related() - 🧪 Unit Tests
This project demonstrates backend development best practices, including authentication, authorization, RESTful API design, query optimization, and automated testing.
| Technology | Purpose |
|---|---|
| Python | Programming Language |
| Django | Web Framework |
| Django REST Framework | REST API Development |
| SQLite | Database |
| SimpleJWT | Authentication |
| django-filter | Filtering |
| python-dotenv | Environment Variables |
| Package | Purpose |
|---|---|
| Django | Web framework |
| Django REST Framework | REST API development |
| djangorestframework-simplejwt | JWT authentication |
| django-filter | Filtering support |
| python-dotenv | Environment variable management |
Task_Manager/
│
├── accounts/
├── tasks/
├── config/
├── manage.py
├── requirements.txt
├── README.md
└── .gitignore
git clone https://github.com/Altu-K/task-manager-api
cd task-manager-apiWindows
python -m venv venv
venv\Scripts\activateLinux/macOS
python3 -m venv venv
source venv/bin/activatepip install -r requirements.txtpython manage.py migratepython manage.py create_rolesThis command creates:
- Admin
- User
python manage.py createsuperuserpython manage.py runserverThe development server will be available at:
http://127.0.0.1:8000/
POST
/api/auth/register/Example Request
{
"username": "john",
"email": "john@example.com",
"password": "Password123!"
}Every registered user is automatically assigned to the User group. All protected endpoints require a valid JWT access token in the Authorization header.
POST
/api/token/Request
{
"username": "john",
"password": "Password123!"
}Response
{
"refresh": "<refresh_token>",
"access": "<access_token>"
}POST
/api/token/refresh/Request
{
"refresh": "<refresh_token>"
}Response
{
"access": "<new_access_token>"
}Authorization: Bearer <access_token>
The application implements Role-Based Access Control (RBAC) using Django Groups.
- View all users' tasks
- Create, update, and delete any task
- List all users
- Filter tasks by owner
- Create tasks
- View only their own tasks
- Update only their own tasks
- Delete only their own tasks
Note:
- Every newly registered user is automatically assigned to the User group.
- The Admin and User groups are created using:
python manage.py create_roles
- To grant Admin privileges, assign a user (including a superuser) to the Admin group through the Django Admin panel.
| Method | Endpoint |
|---|---|
| POST | /api/auth/register/ |
| POST | /api/token/ |
| POST | /api/token/refresh/ |
| Method | Endpoint | Access |
|---|---|---|
| GET | /api/auth/users/ |
Admin Only |
| Method | Endpoint |
|---|---|
| GET | /api/tasks/ |
| POST | /api/tasks/ |
| GET | /api/tasks/{id}/ |
| PUT | /api/tasks/{id}/ |
| PATCH | /api/tasks/{id}/ |
| DELETE | /api/tasks/{id}/ |
POST
POST /api/tasks/Request Body
{
"title": "Complete Django Assessment",
"description": "Finish the Task Manager API project.",
"status": "IN_PROGRESS",
"due_date": "2026-07-15"
}The status field supports the following values:
| Value | Description |
|---|---|
PENDING |
Default status for newly created tasks |
IN_PROGRESS |
Task is currently being worked on |
COMPLETED |
Task has been completed |
Notes:
- If
statusis not provided, it defaults toPENDING.due_dateis optional and should be provided inYYYY-MM-DDformat.
The API supports filtering tasks by status, due date, created date, and owner (Admin only).
GET /api/tasks/?status=PENDINGGET /api/tasks/?due_date__gte=2026-07-01GET /api/tasks/?owner=2GET /api/tasks/?search=djangoSearch is supported for:
- title
- description
GET /api/tasks/?ordering=titleSupported fields:
- title
- due_date
- created_at
- updated_at
The project uses Django REST Framework's global PageNumberPagination to return paginated responses for task listings.
Run all tests
python manage.py testAuthentication
python manage.py test accounts.tests.test_authTask Model
python manage.py test tasks.tests.test_modelsTask API
python manage.py test tasks.tests.test_api- JWT Authentication
- RBAC using Django Groups
- Read-only owner field
- Password validation
- Owner assigned automatically from authenticated user
- Protected endpoints require authentication
- Uses select_related("owner") to prevent the N+1 Query Problem.
- Global pagination to reduce response size
- Docker containerization
- PostgreSQL
- Swagger / OpenAPI
- CI/CD Pipeline
Altamash Khan
Backend Developer | Python | Django | Django REST Framework
GitHub: https://github.com/Altu-K
LinkedIn: https://www.linkedin.com/in/altamash-k/