A comprehensive RESTful API for managing employee leave requests with role-based access control and approval workflows.
- Overview
- Features
- Technology Stack
- Installation & Setup
- API Documentation
- Database Schema
- Architecture Decisions
- Testing
- Known Limitations
This Leave Management API is designed to handle employee leave requests with a three-tier approval hierarchy:
- General Users submit leave requests → require HR approval
- HR Users submit leave requests → require Admin approval
- Admin Users submit leave requests → auto-approved
The system supports full-day, half-day, and multi-day leave requests with automatic leave balance tracking and validation.
- ✅ User registration and authentication (JWT via Laravel Sanctum)
- ✅ Role-based access control (Admin, HR, General)
- ✅ Secure password hashing
- ✅ Submit leave requests (full-day, half-day, multi-day)
- ✅ Approve/reject leave requests based on role hierarchy
- ✅ View leave history with filtering (by status) and pagination
- ✅ Prevent overlapping approved leave requests
- ✅ Date range validation
- ✅ Annual leave entitlement (30 days default)
- ✅ Real-time leave balance calculation
- ✅ Used days tracking (approved leaves only)
- ✅ Remaining balance display
- ✅ Insufficient balance prevention
- ✅ Role-based authorization middleware
- ✅ Input validation on all endpoints
- ✅ Business logic validation (overlapping, balance, dates)
- ✅ Consistent error handling
- Framework: Laravel 10.x
- Authentication: Laravel Sanctum (Bearer Token)
- Database: MySQL
- API Documentation: OpenAPI 3.0 / Swagger (via L5-Swagger)
- PHP Version: 8.1+
- PHP >= 8.1
- Composer
- MySQL >= 5.7
# 1. Install Dependencies
composer install
# 2. Environment Setup
cp .env.example .env
php artisan key:generate
# 3. Configure Database (.env file)
DB_CONNECTION=mysql
DB_DATABASE=leave_management
DB_USERNAME=root
DB_PASSWORD=
# 4. Create Database
mysql -u root -p
CREATE DATABASE leave_management;
# 5. Run Migrations
php artisan migrate
# 6. Seed Database (Optional)
php artisan db:seed
# 7. Install Swagger
composer require "darkaonline/l5-swagger"
php artisan vendor:publish --provider "L5Swagger\L5SwaggerServiceProvider"
php artisan l5-swagger:generate
# 8. Start Server
php artisan serveAccess:
- API:
http://localhost:8000/api - Swagger Docs:
http://localhost:8000/api/documentation
Test Users (after seeding):
- Admin: admin@example.com / password
- HR: hr@example.com / password
- General: john@example.com / password
Authentication:
- POST
/api/auth/register- Register - POST
/api/auth/login- Login - POST
/api/auth/logout- Logout - GET
/api/auth/me- Get user
Leave Requests:
- GET
/api/leave-requests- List all - POST
/api/leave-requests- Create - GET
/api/leave-requests/{id}- Get one - POST
/api/leave-requests/{id}/approve- Approve (HR/Admin) - POST
/api/leave-requests/{id}/reject- Reject (HR/Admin)
Leave Balance:
- GET
/api/leave-balance- Own balance - GET
/api/leave-balance/all- All users (HR/Admin)
Full Documentation: Visit Swagger UI at http://localhost:8000/api/documentation
users: id, name, email, password, role (admin/hr/general), annual_leave_entitlement (30)
leave_requests: id, user_id, leave_type, start_date, end_date, half_day_period, reason, status, approved_by, rejection_reason, approved_at, days_count
- Sanctum for Authentication - Lightweight, token-based, perfect for APIs
- Role-based Middleware - Simple enum roles with custom middleware
- Real-time Balance Calculation - No caching, always accurate
- Form Request Validation - Clean separation of concerns
- Business Logic in Controller - Explicit approval hierarchy
- Calendar Day Calculation - Weekends/holidays excluded per requirements
Complete test suite with 72 tests covering all functionality:
- Feature Tests: 52 tests for API endpoints
- Unit Tests: 20 tests for models and business logic
# Create test database first
CREATE DATABASE leave_management_test;
# Run all tests
php artisan test
# Run with coverage
php artisan test --coverageTest Coverage:
- ✅ Authentication (registration, login, logout)
- ✅ Leave requests (create, list, approve, reject)
- ✅ Leave balance calculations
- ✅ Role-based authorization
- ✅ Input validation
- ✅ Model methods and relationships
See TESTING.md for detailed testing guide.
- ASSUMPTIONS.md - Comprehensive design decisions and assumptions
- TESTING.md - Complete testing guide and best practices
- API Documentation - Available at
/api/documentation(Swagger UI)
- No weekend/holiday exclusion - Calendar days only (per requirements)
- No leave proration - Fixed 30 days for all (per requirements)
- No email notifications - Not in scope
- No leave cancellation - One-way workflow
- No document attachments - Not implemented
- No carry forward - Annual cycle not defined
Use Swagger UI for interactive API testing:
- Open
http://localhost:8000/api/documentation - Click "Authorize" button
- Enter Bearer token from login
- Test all endpoints
- PSR-12 Standards
- RESTful Design
- SOLID Principles
- Comprehensive Documentation
- Consistent Response Structure
Built with Laravel
We would like to extend our thanks to the following sponsors for funding Laravel development. If you are interested in becoming a sponsor, please visit the Laravel Partners program.
- Vehikl
- Tighten Co.
- WebReinvent
- Kirschbaum Development Group
- 64 Robots
- Curotec
- Cyber-Duck
- DevSquad
- Jump24
- Redberry
- Active Logic
- byte5
- OP.GG
Thank you for considering contributing to the Laravel framework! The contribution guide can be found in the Laravel documentation.
In order to ensure that the Laravel community is welcoming to all, please review and abide by the Code of Conduct.
If you discover a security vulnerability within Laravel, please send an e-mail to Taylor Otwell via taylor@laravel.com. All security vulnerabilities will be promptly addressed.
The Laravel framework is open-sourced software licensed under the MIT license.