Digitize your leave workflows β from instant submissions to manager reviews β with secure role-based portals, automated validation constraints, beautiful dark-themed analytics, and structured database safety.
π Quick Start Β· π Interactive Portals & UI Β· ποΈ Architecture & Data Model Β· π System Workflows Β· π API Directory Β· π Codebase Directory
The platform provides dedicated interfaces, operations, and dashboards tailored dynamically to four roles:
| Role | Access Level & Capabilities | Primary Screens & Features |
|---|---|---|
| π Super Admin | Platform Governance Configures system-wide leave policy limits, registers administrative accounts, and generates organization-wide analytics reports. |
System settings panel, admin registry portal, departmental distribution dashboards. |
| π‘οΈ Admin | Organizational Directory Management Creates and manages employee accounts, assigns departments, updates manager-report hierarchies, and deactivates accounts. |
Employee CRUD dashboard, global activity stats overview. |
| π Manager | Team Supervision Audits, approves, or rejects pending leave requests from direct reports with commentary, and tracks team calendar availability. |
Pending request manager queue, team availability overview grid. |
| π€ Employee | Personal Leave Sandbox Applies for leaves (Casual, Sick, Earned, Maternity, Miscarriage, Unpaid) with real-time validation checks and cancels pending requests. |
Interactive leave balance gauges, personal request history table, leave submission form. |
Below are structural representations of the user interface screens, exhibiting the custom-designed Dark Glassmorphism UI (#0a0b14 β #0f1123) using electric indigo, emerald, amber, and rose accents.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LEAVEFLOW SYSTEM β’ EMPLOYEE PORTAL [π€ John] β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β π Leave Balances (2026 Year Calendar) β
β βββββββββββββββββββββββββ βββββββββββββββββββββββββ βββββββββββββββββββββββββ β
β β π CASUAL LEAVE β β π₯ SICK LEAVE β β π
EARNED LEAVE β β
β β 12 Days Allocated β β 12 Days Allocated β β 18 Days Allocated β β
β β [β β β β β β β‘β‘β‘β‘β‘β‘] 50% β β [β β β β β β β β β β β‘β‘] 83% β β [β β β β‘β‘β‘β‘β‘β‘β‘β‘β‘β‘β‘β‘β‘] 16% β β
β β Remaining: 6 Days β β Remaining: 2 Days β β Remaining: 15 Days β β
β βββββββββββββββββββββββββ βββββββββββββββββββββββββ βββββββββββββββββββββββββ β
β β
β π Recent Leave History [+ Apply New Leave] β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Leave Type Duration Days Status Actions β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β π Casual Jun 15 - Jun 18, 2026 3 Days β Pending [Cancel] [View] β β
β β π₯ Sick May 10 - May 12, 2026 2 Days β Approved [View] β β
β β π
Earned Apr 01 - Apr 05, 2026 4 Days β Rejected [View] β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LEAVEFLOW SYSTEM β’ MANAGER PORTAL [π Alice] β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β β³ Pending Approvals Queue β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Employee Leave Type Dates Duration Reason Status β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β Jane Doe π Casual Jun 18 - Jun 20, 2026 2 Days Family Trip β³Pendingβ β
β β John Smith π
Earned Jul 01 - Jul 10, 2026 9 Days Vacation β³Pendingβ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β Selected: Jane Doe βββ Leave Type: Casual βββ Duration: 2 Days β β
β [π¬ Enter optional comments or rejection reason here... ] β
β [ β
Approve Request ] [ β Reject Request ] β
β β
β π
Team Availability Grid (Current Week) β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Team Member Mon 15 Tue 16 Wed 17 Thu 18 Fri 19 β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β Jane Doe Active Active Active [π LEAVE] [π LEAVE] β β
β β John Smith Active Active Active Active Active β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β LEAVEFLOW SYSTEM β’ ADMINISTRATIVE CONTROL [π‘οΈ Admin] β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β π₯ Employee Directory [+ Add Employee] β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Name Email Role Department Status Actions β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β John Doe john@company.com Employee Engineering β Active [βοΈ] [ποΈ] β β
β β Alice Manager alice@company.com Manager Engineering β Active [βοΈ] [ποΈ] β β
β β Jane Doe jane@company.com Employee Design β Active [βοΈ] [ποΈ] β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β π System Stats Overview β
β βββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββ β
β β Total Active Employees: 45 β β Active Out-of-Office Today: β β
β β Org Approved Leaves YTD: 214β β Pending Approvals in Queue: β β
β βββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Leaveflow Management System is built on a clean three-tier structure to isolate browser operations, business transaction gateways, and secure persistent layers.
graph TD
%% Custom Styling
classDef client fill:#1e1b4b,stroke:#4f46e5,stroke-width:2px,color:#fff;
classDef proxy fill:#064e3b,stroke:#10b981,stroke-width:2px,color:#fff;
classDef backend fill:#1e293b,stroke:#64748b,stroke-width:2px,color:#fff;
classDef db fill:#0f172a,stroke:#3b82f6,stroke-width:2px,color:#fff;
classDef security fill:#7f1d1d,stroke:#f43f5e,stroke-width:2px,color:#fff;
Client["π Next.js App Router Client<br/>(Tailored Dynamic Views)"]:::client
Proxy["π‘οΈ Nginx Gateway / Reverse Proxy<br/>(SSL/TLS + Local Rate Limits)"]:::proxy
API["βοΈ FastAPI REST Server<br/>(Business Logic Engine)"]:::backend
DB["ποΈ PostgreSQL Database<br/>(ACID Transactions)"]:::db
JWT["π JWT Authentication & Guard<br/>(Role Middleware Check)"]:::security
Client -->|HTTPS / JSON Requests| Proxy
Proxy -->|Filtered Ports Clean Traffic| API
API -->|Validates Token & Scope| JWT
API -->|Async SQLAlchemy Query| DB
The relational database layer enforces schema-level constraints to prevent duplicate entries, overlapping intervals, and incorrect roles.
erDiagram
EMPLOYEES {
int id PK
string name
string email UK
string password_hash
string role "super_admin, admin, manager, employee"
int manager_id FK
string department
boolean is_active
datetime created_at
}
LEAVE_REQUESTS {
int id PK
int employee_id FK
string leave_type "casual, sick, earned, maternity, miscarriage, unpaid"
date start_date
date end_date
text reason
string status "pending, approved, rejected, cancelled"
datetime created_at
datetime updated_at
}
LEAVE_APPROVALS {
int id PK
int leave_request_id FK
int manager_id FK
string action "approved, rejected"
text comments
datetime acted_at
}
LEAVE_BALANCES {
int id PK
int employee_id FK
string leave_type "casual, sick, earned, maternity, miscarriage"
int total_days
int used_days
int year
}
EMPLOYEES ||--o{ LEAVE_REQUESTS : "applies_for"
EMPLOYEES ||--o{ LEAVE_BALANCES : "allocated"
EMPLOYEES ||--o| EMPLOYEES : "reports_to"
LEAVE_REQUESTS ||--o| LEAVE_APPROVALS : "receives_action"
EMPLOYEES ||--o{ LEAVE_APPROVALS : "audits_and_decides"
When a user logs in, their credential details are checked, a stateless JWT is produced, and the client routes them to the appropriate portal interface:
flowchart TD
classDef default fill:#111326,stroke:#4f46e5,stroke-width:1px,color:#e8ecf4;
classDef primary fill:#4f46e5,stroke:#7c3aed,stroke-width:1px,color:#fff;
classDef success fill:#065f46,stroke:#10b981,stroke-width:1px,color:#fff;
classDef warning fill:#78350f,stroke:#f59e0b,stroke-width:1px,color:#fff;
classDef danger fill:#7f1d1d,stroke:#f43f5e,stroke-width:1px,color:#fff;
Start[π Open Web App] --> Login[π Login Page]:::primary
Login --> Credentials[βοΈ Enter Email & Password]
Credentials --> AuthCheck{Verify API Authenticate}
AuthCheck -->|Failed| FailMsg[β Show Bad Credentials]:::danger
FailMsg --> Credentials
AuthCheck -->|Success| TokenGen[π Return JWT Token + Role]:::success
TokenGen --> RoleSplit{Read User Role}
RoleSplit -->|employee| EmpDash[π€ Employee Dashboard]
RoleSplit -->|manager| MgrDash[π Manager Dashboard]
RoleSplit -->|admin| AdminDash[π‘οΈ Admin Dashboard]
RoleSplit -->|super_admin| SuperDash[π Super Admin Dashboard]
When an employee applies for leave, the backend applies multiple strict validations before debiting balances and writing to database history:
flowchart TD
classDef default fill:#111326,stroke:#4f46e5,stroke-width:1px,color:#e8ecf4;
classDef primary fill:#4f46e5,stroke:#7c3aed,stroke-width:1px,color:#fff;
classDef success fill:#065f46,stroke:#10b981,stroke-width:1px,color:#fff;
classDef warning fill:#78350f,stroke:#f59e0b,stroke-width:1px,color:#fff;
classDef danger fill:#7f1d1d,stroke:#f43f5e,stroke-width:1px,color:#fff;
Init[π Employee Dashboard] --> Action[π±οΈ Click Apply Leave]
Action --> Form[π Fill Request Details]:::primary
Form --> ValidRange{Is End Date >= Start Date?}
ValidRange -->|No| ErrRange[β Invalid Date Range]:::danger
ErrRange --> Form
ValidRange -->|Yes| ValidToday{Is Start Date >= Today?}
ValidToday -->|No| ErrPast[β Start Date cannot be in Past]:::danger
ErrPast --> Form
ValidToday -->|Yes| OverlapCheck{Is Calendar Free?<br/>No Overlapping Leaves}
OverlapCheck -->|No| ErrOverlap[β Overlapping request exists]:::danger
ErrOverlap --> Form
OverlapCheck -->|Yes| BalanceCheck{Leave Unpaid OR<br/>Has Balance >= Requested?}
BalanceCheck -->|No| ErrBalance[β Insufficient Leave Balance]:::danger
ErrBalance --> Form
BalanceCheck -->|Yes| Deduct[βοΈ Deduct Balance - Increment Used Days]:::warning
Deduct --> Submit[π Write Leave Request - Status: PENDING]:::success
Submit --> Notify[π Notify Supervising Manager]
A supervisor audits the leaves from direct reports. If approved, the status is finalized. If rejected, the balance is restored to the employee automatically:
flowchart TD
classDef default fill:#111326,stroke:#4f46e5,stroke-width:1px,color:#e8ecf4;
classDef primary fill:#4f46e5,stroke:#7c3aed,stroke-width:1px,color:#fff;
classDef success fill:#065f46,stroke:#10b981,stroke-width:1px,color:#fff;
classDef warning fill:#78350f,stroke:#f59e0b,stroke-width:1px,color:#fff;
classDef danger fill:#7f1d1d,stroke:#f43f5e,stroke-width:1px,color:#fff;
Start[π Manager Dashboard] --> Queue[π View Pending Requests]:::primary
Queue --> Detail[π Open Request Details]
Detail --> Decision{Approve or Reject?}
Decision -->|Approve| AppComment[π¬ Add Optional Comments]
AppComment --> SaveApp[β
Status -> APPROVED]:::success
SaveApp --> LogApp[π Create LeaveApproval Row]
Decision -->|Reject| RejComment[π¬ Add Mandatory Reason]:::danger
RejComment --> SaveRej[β Status -> REJECTED]:::danger
SaveRej --> Restore[π Restore Balance - Decrement Used Days]:::warning
Restore --> LogRej[π Create LeaveApproval Row]
LogApp --> ClientUpdate[π€ Employee Views Updated History]
LogRej --> ClientUpdate
| Endpoint | Method | Security Level / Role Scope | Description |
|---|---|---|---|
/api/auth/login |
POST |
Public | Authenticates credentials and returns dynamic role JSON + Bearer JWT. |
/api/auth/register |
POST |
super_admin, admin |
Registers new administrator and managers in the database directory. |
/api/employees |
GET |
super_admin, admin |
Retrieves organizational directory, filters by search query. |
/api/employees |
POST |
super_admin, admin |
Inserts a new employee profile and generates default leave balances. |
/api/employees/{id} |
PUT |
super_admin, admin |
Updates employee demographics, manager ID, and roles. |
/api/employees/{id} |
DELETE |
super_admin, admin |
Sets is_active = False to prevent user login and clear hierarchies. |
/api/leaves |
POST |
Authenticated (All) | Submits a leave request, checks rules, and debits balances. |
/api/leaves |
GET |
Authenticated (All) | Fetches the employee's personal leave requests history. |
/api/leaves/balance |
GET |
Authenticated (All) | Retrieves active leave type balances (Total, Used, Remaining). |
/api/leaves/{id}/cancel |
PUT |
Authenticated (All) | Cancels pending request and refunds allocated days. |
/api/leaves/pending |
GET |
super_admin, admin, manager |
Returns outstanding requests (scoped by manager ID or org-wide). |
/api/leaves/{id}/approve |
PUT |
super_admin, admin, manager |
Approves request, adds comment, logs approval details. |
/api/leaves/{id}/reject |
PUT |
super_admin, admin, manager |
Rejects request, requires rejection reason, refunds balance. |
/api/dashboard/stats |
GET |
Authenticated (All) | Computes role-specific counters, charts, and metadata. |
/api/reports/organization |
GET |
super_admin |
Generates breakdown statistics by department and leave type. |
/api/settings |
GET |
super_admin |
Gets system-wide baseline leaves allocation configuration. |
/api/settings |
PUT |
super_admin |
Modifies global limits (Casual, Sick, Earned limits). |
Leaveflow-management/
β
βββ π client/ # π Next.js App Router Frontend
β βββ package.json # Node packages configure
β βββ next.config.js # Next.js configuration parameters
β βββ π src/
β βββ π app/ # App Router folders (Pages & Layouts)
β β βββ page.js # Landing Page
β β βββ layout.js # Global HTML Layout
β β βββ π apply-leave/ # Employee apply leave screen
β β βββ π dashboard/ # Custom dynamic Home Dashboard
β β βββ π employees/ # Admin Employee CRUD controller
β β βββ π leave-history/ # Employee list of requests
β β βββ π login/ # Login Form
β β βββ π manage-admins/ # Super admin portal settings
β β βββ π organization-reports/ # Organization performance stats
β β βββ π pending-requests/ # Manager approval portal
β β βββ π system-settings/ # Super admin setup variables
β β βββ π team-overview/ # Manager direct report calendar
β βββ π components/ # Reusable Glassmorphic elements
β βββ π context/ # Global Contexts (AuthContext provider)
β βββ π lib/ # Shared helpers and constants
β βββ π services/ # Frontend API client integrations
β βββ app.css # Unified Design System styling
β
βββ π server/ # π Python REST API (FastAPI Backend)
β βββ main.py # Coordinator entrypoint & Demo Auto-seeding
β βββ requirements.txt # Pip dependencies
β βββ π app/
β β βββ π core/ # Cross-cutting configurations
β β β βββ config.py # Environment Variable settings
β β β βββ database.py # Async Session and engine configuration
β β β βββ dependencies.py # JWT validation and role checker filters
β β β βββ security.py # Bcrypt utilities
β β βββ π modules/ # Feature modules (Repository-Service Pattern)
β β βββ π auth/ # User authorization services
β β βββ π dashboard/ # Consolidated dashboard API
β β βββ π employees/ # Staff directory services
β β βββ π leaves/ # Core leave engines
β β βββ π reports/ # Super admin org statistics
β β βββ π settings/ # Global limit settings
β βββ π db/
β βββ seed.py # Database seeder script (Drop & Rebuilds schema)
β
βββ π docs/ # π Detailed Architectural Docs
βββ README.md # β You are here!
- Node.js v18+
- Python v3.10+
- PostgreSQL v15+
Create a new Postgres instance:
createdb leave_management# Enter server directory
cd server
# Setup virtual environment
python -m venv venv
# Activate Virtual Environment:
# On Windows (PowerShell):
.\venv\Scripts\Activate.ps1
# On macOS / Linux:
source venv/bin/activate
# Install package dependencies
pip install -r requirements.txt
# Configure environment settings:
# Create a .env file and set DATABASE_URL (Async pg driver) + JWT_SECRET
# e.g., DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/leave_management
# e.g., JWT_SECRET=supersecretkeyshouldbechangedinproduction
# Run database seeder (seeds all default test credentials below)
python db/seed.py
# Launch FastAPI ASGI dev server
uvicorn main:app --host 0.0.0.0 --port 8000 --reload# Open a new terminal in the project root directory
cd client
# Install packages
npm install
# Configure environment settings:
# Create a .env.local file and set NEXT_PUBLIC_API_URL
# e.g., NEXT_PUBLIC_API_URL=http://localhost:8000
# Launch Next.js dev server
npm run dev- Next.js Frontend: http://localhost:3000
- FastAPI Backend (Swagger UI): http://localhost:8000/docs
- FastAPI Base API: http://localhost:8000/api
All passwords default to password123. You can reset the database and seed these accounts by running python db/seed.py.
| Role | Password | Scope & Responsibilities | |
|---|---|---|---|
| π Super Admin | superadmin@company.com |
password123 |
Configures system-wide settings, reviews organization charts. |
| π‘οΈ Admin | admin@company.com |
password123 |
Adds/modifies employee directory entries and manager links. |
| π Manager | alice@company.com |
password123 |
Engineering manager (direct reports: John Doe). |
| π Manager | bob@company.com |
password123 |
Design manager (direct reports: Jane Doe). |
| π€ Employee | john@company.com |
password123 |
Applies for leaves, reports to Alice. |
| π€ Employee | jane@company.com |
password123 |
Applies for leaves, reports to Bob. |
- Gateway Shields: Built-in CORS configuration to restrict backend resource consumption to authorized client Origins.
- Stateless Auth: Enforces JWT token authorization filters with Bcrypt cryptography hashing for login keys.
- Parameter Validation: Restricts SQL injection vulnerability using async SQLAlchemy parameterized queries.
- Business Safe Rails: Employs backend check boundaries and schema Constraints to lock leave applications against invalid dates, overlaps, and negative balances.