RESTful API for managing employees, with authentication, role-based access control and activity logging.
Built with Python + FastAPI + PostgreSQL.
- JWT authentication
- Role-based access control (ADMIN, MANAGER, EMPLOYEE)
- Employee CRUD with filters
- Activity logging for all actions
- Pagination & sorting
- Unit & integration tests
- Initialize FastAPI project
- Configure dependencies
- Add basic project structure
- Healthcheck endpoint
- Environment configuration
- SQLAlchemy + PostgreSQL setup
- User, Employee, ActivityLog models
- Alembic migrations
- JWT auth
- Login & registration
- Role-based access control
- CRUD
- Filters
- Soft delete
- Pagination
- Log system actions
- Error handling
- Tests
- Python 3.14+
- Docker & Docker Compose
- PostgreSQL 16 (or use Docker)
- Clone the repository:
git clone <repo-url>
cd employee-management-api- Create and activate virtual environment:
python3 -m venv .venv
source .venv/bin/activate- Install dependencies:
pip install -r requirements.txt- Configure environment:
Create a
.envfile in the root (or use the existing one). Example:
ENVIRONMENT=dev
POSTGRES_USER=employee_user
POSTGRES_PASSWORD=employee_password
POSTGRES_DB=employee_db
DATABASE_URL=postgresql+psycopg2://employee_user:employee_password@db:5432/employee_db
SECRET_KEY=your-secret-key-here
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=30- Start containers:
docker compose up --build- Run migrations (in a new terminal):
docker compose exec api alembic upgrade head- Seed admin user:
docker compose exec api python scripts/seed_admin.py- Access the API:
- API: http://localhost:8000
- Docs (Swagger UI): http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
- Health check: http://localhost:8000/health
Email: [email protected]
Password: hola123123
pytest -vpytest tests/test_auth.py -v
pytest tests/test_employees.py -vpytest --cov=app --cov-report=html- Auth tests: Login success, wrong password, user not found, missing fields
- Employee tests: CRUD operations, authorization, pagination, soft delete, error handling
# Inside Docker
docker compose exec api alembic upgrade head
# Locally (if Postgres is running)
alembic upgrade headalembic revision --autogenerate -m "description of changes"
alembic upgrade headdocker compose exec db psql -U employee_user -d employee_db -c \
"SELECT id, user_id, action, resource_type, resource_id, details, created_at FROM activity_logs ORDER BY id DESC LIMIT 20;"POST /api/v1/auth/login— Login with credentials (returns JWT token)POST /api/v1/auth/register— Register new userGET /api/v1/auth/me— Get current user profile
POST /api/v1/employees— Create employee (ADMIN/MANAGER only)GET /api/v1/employees— List employees (with pagination & filters)GET /api/v1/employees/{id}— Get employee by IDPUT /api/v1/employees/{id}— Update employee (ADMIN/MANAGER only)DELETE /api/v1/employees/{id}— Delete employee - soft delete (ADMIN/MANAGER only)
is_active— Filter by active status (default: true)skip— Pagination offset (default: 0)limit— Items per page (default: 20, max: 100)
app/
├── main.py # FastAPI app setup & exception handlers
├── api/
│ ├── deps_auth.py # Auth dependencies & RBAC
│ └── v1/
│ ├── routes_auth.py # Authentication routes
│ └── routes_employees.py # Employee CRUD routes
├── core/
│ ├── config.py # Settings from env
│ ├── logging.py # Activity logging helper
│ └── security.py # JWT & password hashing
├── db/
│ ├── session.py # DB connection setup
│ ├── deps.py # DB dependencies
│ └── __init__.py
├── models/
│ ├── user.py # User model
│ ├── employee.py # Employee model
│ └── activity_log.py # Activity log model
└── schemas/
├── user.py # User Pydantic schemas
└── employee.py # Employee Pydantic schemas
tests/
├── conftest.py # Pytest fixtures & configuration
├── test_auth.py # Auth tests
└── test_employees.py # Employee CRUD tests
migrations/ # Alembic migrations
scripts/
└── seed_admin.py # Script to seed admin user
1. Authentication (JWT)
- OAuth2 with JWT tokens
- Secure password hashing with bcrypt
- 30-minute token expiration (configurable)
2. Role-Based Access Control (RBAC)
- Three roles: ADMIN, MANAGER, EMPLOYEE
- Protected endpoints require appropriate role
- Admin/Manager can manage employees
- Employees can view their own profile
3. Activity Logging
- All CRUD operations logged with user, action, resource, timestamp
- Soft delete: marks employees as inactive instead of removing
4. Error Handling
- Centralized exception handlers
- Consistent JSON error responses
- Validation errors (422), auth errors (401), not found (404)
5. Testing
- 17 unit & integration tests (pytest)
- Fixtures for BD session, TestClient, admin user
- Tests cover auth, CRUD, pagination, soft delete, edge cases
- Follow PEP 8
- Use type hints
- Main branch: production-ready code
- Feature branches: development
- Uvicorn error logger for exceptions
- Activity logs for business events (stored in DB)
- Ensure PostgreSQL is running
- Check
DATABASE_URLin.env - Verify Docker container is up:
docker compose ps
- Use correct
POSTGRES_USERfrom.env(e.g.,employee_user) - Recreate containers:
docker compose down && docker compose up --build
- Ensure
tests/conftest.pyexists and has correct imports - Run from project root:
pytest tests/
MIT
Adrián Félix
Software Engineering
Passionate about Android Developer, Full Stack and iOS development and clean architecture.
GitHub: @Elmamis69 Email: [email protected]
License This project is licensed under the MIT License.