In this project, I developed a RESTful API using Django REST Framework (DRF), following best practices for security and compliance, such as OWASP and GDPR. The application was built around key models for managing Projects, Issues, and Comments, with a focus on user permissions, dynamic serializers, and validation logic.

Project Workflow:

• • ModelViewSets: Used to manage CRUD operations for Projects, Issues, and Comments.
  • OAuth2: Secure authentication with user-specific data handling.
  • Custom Validation: Logic to prevent duplicate entries.
  • Dynamic Serializers: Using the SerializerClassMixin to switch between different serializers based on action.
  • Pagination and Permissions: Implemented to manage data efficiently and control access.
  • OWASP and GDPR: Ensured security and compliance with data privacy laws.

This project showcases the implementation of a secure, scalable, and GDPR-compliant API while following best practices for code efficiency and performance.

• • API RESTful (Django REST-Framework), use ModelViewsets
  • Postman
  • OAUTH2, User attribute age, can_be_contacted, can_data_be_shared
  • create Project with an author and contributors, Issue with an author  default state of 'todo' and an assigen_to and an issue is depending on a project, Comment is related to an issue, has an author models
  • OWASP and GDPR, Green Code
  • CRUD
  • Pipenv
  • pagination
  • permissions
  • DRF nested routes
  • create a property in view to use this property in serializer
  • for GDPR reasons, I have created several serializers (create, list, detail)
  • validation logic when creating, validate if the project, issue and comment already exists
  • using a SerializerClassMixin to choose dynamically which serializer to use
  • customize admin panel

1. RESTful API using DRF and ModelViewSets

The project was structured as a RESTful API using ModelViewSets to handle the CRUD operations for each of the core models: Projects, Issues, and Comments. Each model is tightly integrated with DRF’s serializer and view layers to provide a scalable and maintainable API.

2. OAuth2 Authentication and User Attributes

For authentication, I implemented OAuth2 to ensure secure access to the API. In addition, each user had attributes such as:

• • age
  • can_be_contacted
  • can_data_be_shared

These attributes were key in controlling certain actions and data-sharing processes, ensuring compliance with GDPR regulations.

3. Project, Issue, and Comment Models

• • Project: Each project has an author and contributors. Contributors are allowed to interact with the project’s related entities.
  • Issue: Issues are associated with a specific project, with a default state of "ToDo". Each issue has an author and can be assigned to a contributor.
  • Comment: Comments are related to specific issues and have an author, ensuring clarity in the chain of responsibility.

4. OWASP and GDPR Compliance

Security and data privacy were top priorities. I integrated OWASP guidelines to mitigate common security risks, such as authentication and data exposure vulnerabilities. For GDPR compliance, I ensured that user attributes (such as age, data sharing preferences, etc.) were handled securely, and I created multiple serializers for different views:

• • CreateSerializer for creating records
  • ListSerializer for listing data
  • DetailSerializer for detailed views of records

This approach helps ensure that only necessary data is exposed in different contexts.

5. Green Code

I followed Green Code principles to ensure the project was efficient, minimizing computational overhead and optimizing code for better energy efficiency, making it more sustainable.

6. Pipenv for Environment Management

The project used Pipenv to manage the Python environment and dependencies, ensuring that the development and production environments were consistent and easy to reproduce.

7. Pagination and Permissions

Pagination was implemented to handle large datasets efficiently. For access control, I defined custom permissions to ensure that only authorized users could perform certain actions (e.g., only project contributors could create issues or comments within that project).

8. DRF Nested Routes

I used DRF nested routes to reflect the relationships between Projects, Issues, and Comments. For example, accessing an issue requires knowing which project it belongs to, and comments are nested under specific issues.

9. Dynamic Serializer Selection with SerializerClassMixin

The SerializerClassMixin was used to dynamically select which serializer to use based on the action. This allowed different serializers to handle creation, listing, and detail views, ensuring that the right data was exposed at the right time.

10. Validation Logic

I implemented custom validation logic to ensure data integrity:

• • When creating a new project, issue, or comment, the system checks whether a similar entity already exists to prevent duplicates.

11. Property in View for Serializer Use

To enhance flexibility, I created a custom property in the view that could be used in the serializer. This property allows the API to pass dynamic data to the serializer, ensuring that it could adjust its behavior based on the request context.