This is a production-ready Django approval workflow system built according to professional best practices.
- Custom User Model with role-based access (Admin, Manager, User)
- Request Model with state machine (draft → submitted → approved/rejected)
- Audit Logging system (append-only, tracks all actions)
- Service Layer for business logic separation
- Centralized Permissions using DRF permission classes
- UUID primary keys for all models
- Soft delete implementation
- Server-side permission enforcement
- Custom exception handling
- CSRF protection enabled
- Secure cookie configuration
- Environment-based secrets management
- RESTful API with Django REST Framework
- User management endpoints
- Request CRUD operations
- Approval workflow actions (submit/approve/reject)
- Audit log viewing (managers/admins only)
- Role-based filtering
- Settings split: base, dev, prod
- Environment variables for secrets
- PostgreSQL support for production
- Docker configuration with docker-compose
- Nginx reverse proxy setup
- Unit tests for User model
- Unit tests for Request state transitions
- 10 tests passing successfully
- Coverage for critical workflows
- Comprehensive README with:
- Architecture overview
- API documentation
- Installation instructions
- Security checklist
- Database schema
- Deployment guide
approval_system/
├── apps/
│ ├── users/ # Custom user model
│ ├── requests/ # Request workflow
│ ├── approvals/ # API & business logic
│ ├── audit_logs/ # Audit trail
│ └── notifications/ # Placeholder for future
├── core/
│ ├── constants.py # System constants
│ ├── permissions.py # Permission classes
│ ├── exceptions.py # Custom exceptions
│ └── middleware.py # Custom middleware
├── config/
│ ├── settings/ # Environment configs
│ │ ├── base.py
│ │ ├── dev.py
│ │ └── prod.py
│ └── urls.py # URL routing
├── Dockerfile # Docker container
├── docker-compose.yml # Multi-container setup
├── nginx.conf # Nginx config
├── requirements.txt # Python dependencies
├── .gitignore # Git ignore rules
├── .env.example # Environment template
└── README.md # Full documentation
Enforces valid state transitions:
- Draft → Submitted (creator only)
- Submitted → Approved/Rejected (manager/admin)
- Terminal states cannot change
All business logic in RequestService:
- Enforces permissions
- Manages state transitions
- Creates audit logs
- Maintains atomic operations
Every action is logged with:
- Actor (who)
- Action (what)
- Target object
- Timestamp
- IP address & user agent
- Metadata
- No secrets in code
- Server-side validation
- Permission checks at multiple levels
- Soft deletes for data preservation
- HTTPS enforced in production
cd approval_system
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python manage.py migrate
python manage.py createsuperuser
python manage.py runserverAccess:
docker-compose up --build
docker-compose exec web python manage.py migrate
docker-compose exec web python manage.py createsuperuserPOST /api/v1/requests/
{
"title": "Budget Approval",
"description": "Request to approve Q1 budget"
}POST /api/v1/requests/{id}/submit/POST /api/v1/requests/{id}/approve/POST /api/v1/requests/{id}/reject/
{
"reason": "Insufficient documentation"
}✅ 10/10 tests passing
Tests cover:
- User creation and roles
- State transitions
- Permission enforcement
- Soft delete functionality
- Custom user model implemented
- Role-based permissions
- State machine with validation
- Audit logging
- RESTful API
- Environment-based config
- Docker containerization
- Security best practices
- Unit tests
- Documentation
Ready for deployment!
- Email notifications on state changes
- File attachments to requests
- Request comments/discussion
- Advanced search & filtering
- Analytics dashboard
- API rate limiting
- Celery for async tasks
- Multi-tenant support
- PEP 8 compliant
- Comprehensive docstrings
- Type hints where beneficial
- Separation of concerns
- UUID primary keys
- Database indexing strategy
- Stateless API design
- Ready for horizontal scaling
- Demonstrates best practices
- Shows understanding of security
- Illustrates software design patterns
- Production deployment experience
This is a complete, production-ready Django application that demonstrates:
- Professional software architecture
- Security-first mindset
- Clean code principles
- DevOps practices
- Test-driven development
Perfect for portfolio and interviews! 🎯