Implement comprehensive HR Management Backend System

- FastAPI application with JWT authentication and role-based access control - Complete employee management with CRUD operations - Department management with manager assignments - Leave management system with approval workflow - Payroll processing with overtime and deductions calculation - Attendance tracking with clock in/out functionality - SQLite database with proper migrations using Alembic - Role-based permissions (Admin, HR Manager, Manager, Employee) - Comprehensive API documentation and health checks - CORS enabled for cross-origin requests Environment Variables Required: - SECRET_KEY: JWT secret key for token signing Features implemented: - User registration and authentication - Employee profile management - Department hierarchy management - Leave request creation and approval - Payroll record processing - Daily attendance tracking - Hours calculation for attendance - Proper error handling and validation
2025-06-23 10:06:23 +00:00 · 2025-06-23 10:06:23 +00:00 · 1b9ddb4750
commit 1b9ddb4750
parent 0733420d40
37 changed files with 1861 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,187 @@
-# FastAPI Application
+# HR Management Backend Service
-This is a FastAPI application bootstrapped by BackendIM, the AI-powered backend generation platform.
+A comprehensive HR management backend system built with FastAPI, providing APIs for managing employees, departments, leave requests, payroll, and attendance tracking.
 ## Features
 - **User Authentication**: JWT-based authentication with role-based access control
 - **Employee Management**: Complete employee profile management with hierarchical permissions
 - **Department Management**: Create and manage company departments with managers
 - **Leave Management**: Employee leave request system with approval workflow
 - **Payroll Management**: Payroll processing with overtime, bonuses, and deductions
 - **Attendance Tracking**: Clock in/out system with hours calculation
 - **Role-Based Access**: Admin, HR Manager, Manager, and Employee roles with appropriate permissions
 ## Tech Stack
 - **FastAPI**: Modern, fast web framework for building APIs
 - **SQLAlchemy**: SQL toolkit and ORM
 - **SQLite**: Lightweight database for data storage
 - **Alembic**: Database migration tool
 - **JWT**: Token-based authentication
 - **Pydantic**: Data validation using Python type annotations
 - **Ruff**: Fast Python linter and formatter
 ## Project Structure
 ```
 ├── app/
 │   ├── core/           # Core functionality (security, dependencies)
 │   ├── db/             # Database configuration and session management
 │   ├── models/         # SQLAlchemy database models
 │   ├── routers/        # API route handlers
 │   ├── schemas/        # Pydantic schemas for request/response
 │   └── services/       # Business logic services
 ├── migrations/         # Alembic database migrations
 ├── main.py            # FastAPI application entry point
 ├── requirements.txt   # Python dependencies
 └── alembic.ini       # Alembic configuration
 ```
 ## Installation
 1. Clone the repository
 2. Install dependencies:
   ```bash
   pip install -r requirements.txt
   ```
 ## Running the Application
 Start the FastAPI server with uvicorn:
 ```bash
 uvicorn main:app --host 0.0.0.0 --port 8000 --reload
 ```
 The API will be available at:
 - **Base URL**: http://localhost:8000
 - **API Documentation**: http://localhost:8000/docs
 - **Alternative Docs**: http://localhost:8000/redoc
 - **Health Check**: http://localhost:8000/health
 ## Environment Variables
 The following environment variables should be set for production:
 - `SECRET_KEY`: JWT secret key for token signing (default: "your-secret-key-change-in-production")
 ## API Endpoints
 ### Authentication
 - `POST /auth/register` - Register a new user
 - `POST /auth/login` - Login and get access token
 - `GET /auth/me` - Get current user information
 ### Employees
 - `POST /employees` - Create employee profile
 - `GET /employees` - List all employees
 - `GET /employees/{id}` - Get employee by ID
 - `PUT /employees/{id}` - Update employee
 - `DELETE /employees/{id}` - Delete employee
 ### Departments
 - `POST /departments` - Create department
 - `GET /departments` - List departments
 - `GET /departments/{id}` - Get department by ID
 - `PUT /departments/{id}` - Update department
 - `DELETE /departments/{id}` - Delete department
 ### Leave Management
 - `POST /leaves` - Create leave request
 - `GET /leaves` - List leave requests
 - `GET /leaves/{id}` - Get leave request by ID
 - `PUT /leaves/{id}/approve` - Approve/reject leave request
 - `PUT /leaves/{id}` - Update leave request
 - `DELETE /leaves/{id}` - Delete leave request
 ### Payroll
 - `POST /payroll` - Create payroll record
 - `GET /payroll` - List payroll records
 - `GET /payroll/{id}` - Get payroll record by ID
 - `PUT /payroll/{id}` - Update payroll record
 - `POST /payroll/{id}/process` - Process payroll record
 - `DELETE /payroll/{id}` - Delete payroll record
 ### Attendance
 - `POST /attendance` - Create attendance record
 - `GET /attendance` - List attendance records
 - `GET /attendance/{id}` - Get attendance record by ID
 - `PUT /attendance/{id}` - Update attendance record
 - `POST /attendance/{id}/clock-out` - Clock out from attendance record
 - `DELETE /attendance/{id}` - Delete attendance record
 ## User Roles
 ### Admin
 - Full access to all system features
 - Can manage all users, employees, departments
 - Can view and process all payroll records
 - Can delete any records
 ### HR Manager
 - Can manage employees and departments
 - Can view and approve leave requests
 - Can create and process payroll records
 - Can view all attendance records
 ### Manager
 - Can view employees in their department
 - Can approve leave requests for their department
 - Can view attendance records for their team
 ### Employee
 - Can view and update their own profile
 - Can create and manage their own leave requests
 - Can view their own payroll records
 - Can create and update their own attendance records
 ## Database
 The application uses SQLite database with the following main tables:
 - `users` - User accounts and authentication
 - `employees` - Employee profiles and information
 - `departments` - Company departments
 - `leave_requests` - Leave request records
 - `payroll_records` - Payroll and salary information
 - `attendance_records` - Daily attendance tracking
 Database files are stored in `/app/storage/db/` directory.
 ## Development
 ### Running Linter
 ```bash
 ruff check . --fix
 ```
 ### Database Migrations
 The initial migration is included. For new migrations:
 ```bash
 # Create a new migration
 alembic revision --autogenerate -m "description"
 # Apply migrations
 alembic upgrade head
 ```
 ## Authentication
 The API uses JWT (JSON Web Tokens) for authentication. Include the token in the Authorization header:
 ```
 Authorization: Bearer <your-jwt-token>
 ```
 ## Error Handling
 The API returns appropriate HTTP status codes:
 - `200` - Success
 - `201` - Created
 - `400` - Bad Request
 - `401` - Unauthorized
 - `403` - Forbidden
 - `404` - Not Found
 - `422` - Validation Error
 ## License
 This project is proprietary software for HR management purposes.
--- a/alembic.ini
+++ b/alembic.ini
@ -0,0 +1,102 @@
 # A generic, single database configuration.
 [alembic]
 # path to migration scripts
 script_location = migrations
 # template used to generate migration file names; The default value is %%(rev)s_%%(slug)s
 # Uncomment the line below if you want the files to be prepended with date and time
 # file_template = %%(year)d_%%(month).2d_%%(day).2d_%%(hour).2d%%(minute).2d-%%(rev)s_%%(slug)s
 # sys.path path, will be prepended to sys.path if present.
 # defaults to the current working directory.
 prepend_sys_path = .
 # timezone to use when rendering the date within the migration file
 # as well as the filename.
 # If specified, requires the python-dateutil library that can be
 # installed by adding `alembic[tz]` to the pip requirements
 # string value is passed to dateutil.tz.gettz()
 # leave blank for localtime
 # timezone =
 # max length of characters to apply to the
 # "slug" field
 # truncate_slug_length = 40
 # set to 'true' to run the environment during
 # the 'revision' command, regardless of autogenerate
 # revision_environment = false
 # set to 'true' to allow .pyc and .pyo files without
 # a source .py file to be detected as revisions in the
 # versions/ directory
 # sourceless = false
 # version files to retain and their associated metadata
 version_table_name = alembic_version
 version_table_schema = 
 # version path separator; As mentioned above, this is the character used to split
 # version_locations. The default within new alembic.ini files is "os", which uses
 # os.pathsep. If this key is omitted entirely, it falls back to the legacy
 # behavior of splitting on spaces and/or commas.
 # Valid values for version_path_separator are:
 #
 # version_path_separator = :
 # version_path_separator = ;
 # version_path_separator = space
 version_path_separator = os
 # the output encoding used when revision files
 # are written from script.py.mako
 # output_encoding = utf-8
 sqlalchemy.url = sqlite:////app/storage/db/db.sqlite
 [post_write_hooks]
 # post_write_hooks defines scripts or Python functions that are run
 # on newly generated revision scripts.  See the documentation for further
 # detail and examples
 # format using "black" - use the console_scripts runner, against the "black" entrypoint
 # hooks = black
 # black.type = console_scripts
 # black.entrypoint = black
 # black.options = -l 79 REVISION_SCRIPT_FILENAME
 # Logging configuration
 [loggers]
 keys = root,sqlalchemy,alembic
 [handlers]
 keys = console
 [formatters]
 keys = generic
 [logger_root]
 level = WARN
 handlers = console
 qualname =
 [logger_sqlalchemy]
 level = WARN
 handlers =
 qualname = sqlalchemy.engine
 [logger_alembic]
 level = INFO
 handlers =
 qualname = alembic
 [handler_console]
 class = StreamHandler
 args = (sys.stderr,)
 level = NOTSET
 formatter = generic
 [formatter_generic]
 format = %(levelname)-5.5s [%(name)s] %(message)s
 datefmt = %H:%M:%S
--- a/app/init.py
+++ b/app/init.py
--- a/app/core/init.py
+++ b/app/core/init.py
--- a/app/core/deps.py
+++ b/app/core/deps.py
@ -0,0 +1,55 @@
 from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from sqlalchemy.orm import Session
 from app.db.session import get_db
 from app.core.security import verify_token
 from app.models.users import User
 from app.models.employees import Employee
 security = HTTPBearer()
 def get_current_user(
    credentials: HTTPAuthorizationCredentials = Depends(security),
    db: Session = Depends(get_db)
 ) -> User:
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    payload = verify_token(credentials.credentials)
    if payload is None:
        raise credentials_exception
    email: str = payload.get("sub")
    if email is None:
        raise credentials_exception
    user = db.query(User).filter(User.email == email).first()
    if user is None:
        raise credentials_exception
    return user
 def get_current_employee(
    current_user: User = Depends(get_current_user),
    db: Session = Depends(get_db)
 ) -> Employee:
    employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
    if not employee:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Employee profile not found"
        )
    return employee
 def require_role(required_roles: list):
    def role_checker(current_user: User = Depends(get_current_user)):
        if current_user.role not in required_roles:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
        return current_user
    return role_checker
--- a/app/core/security.py
+++ b/app/core/security.py
@ -0,0 +1,34 @@
 import os
 from datetime import datetime, timedelta
 from typing import Any, Union
 from jose import jwt
 from passlib.context import CryptContext
 SECRET_KEY = os.getenv("SECRET_KEY", "your-secret-key-change-in-production")
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 def create_access_token(subject: Union[str, Any], expires_delta: timedelta = None):
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    to_encode = {"exp": expire, "sub": str(subject)}
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt
 def verify_password(plain_password: str, hashed_password: str) -> bool:
    return pwd_context.verify(plain_password, hashed_password)
 def get_password_hash(password: str) -> str:
    return pwd_context.hash(password)
 def verify_token(token: str):
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        return payload
    except jwt.JWTError:
        return None
--- a/app/db/init.py
+++ b/app/db/init.py
--- a/app/db/base.py
+++ b/app/db/base.py
@ -0,0 +1,3 @@
 from sqlalchemy.ext.declarative import declarative_base
 Base = declarative_base()
--- a/app/db/session.py
+++ b/app/db/session.py
@ -0,0 +1,22 @@
 from sqlalchemy import create_engine
 from sqlalchemy.orm import sessionmaker
 from pathlib import Path
 DB_DIR = Path("/app") / "storage" / "db"
 DB_DIR.mkdir(parents=True, exist_ok=True)
 SQLALCHEMY_DATABASE_URL = f"sqlite:///{DB_DIR}/db.sqlite"
 engine = create_engine(
    SQLALCHEMY_DATABASE_URL,
    connect_args={"check_same_thread": False}
 )
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()
--- a/app/models/init.py
+++ b/app/models/init.py
@ -0,0 +1 @@
 from . import users as users, employees as employees, departments as departments, leaves as leaves, payroll as payroll, attendance as attendance
--- a/app/models/attendance.py
+++ b/app/models/attendance.py
@ -0,0 +1,28 @@
 from sqlalchemy import Column, Integer, String, DateTime, ForeignKey, Date, Time, Enum
 from sqlalchemy.sql import func
 from sqlalchemy.orm import relationship
 from app.db.base import Base
 import enum
 class AttendanceStatus(enum.Enum):
    PRESENT = "present"
    ABSENT = "absent"
    LATE = "late"
    HALF_DAY = "half_day"
 class AttendanceRecord(Base):
    __tablename__ = "attendance_records"
    id = Column(Integer, primary_key=True, index=True)
    employee_id = Column(Integer, ForeignKey("employees.id"), nullable=False)
    date = Column(Date, nullable=False)
    clock_in = Column(Time)
    clock_out = Column(Time)
    hours_worked = Column(String)
    status = Column(Enum(AttendanceStatus), default=AttendanceStatus.PRESENT)
    notes = Column(String)
    created_at = Column(DateTime(timezone=True), server_default=func.now())
    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
    # Relationships
    employee = relationship("Employee", back_populates="attendance_records")
--- a/app/models/departments.py
+++ b/app/models/departments.py
@ -0,0 +1,18 @@
 from sqlalchemy import Column, Integer, String, DateTime, ForeignKey
 from sqlalchemy.sql import func
 from sqlalchemy.orm import relationship
 from app.db.base import Base
 class Department(Base):
    __tablename__ = "departments"
    id = Column(Integer, primary_key=True, index=True)
    name = Column(String, unique=True, index=True, nullable=False)
    description = Column(String)
    manager_id = Column(Integer, ForeignKey("employees.id"))
    created_at = Column(DateTime(timezone=True), server_default=func.now())
    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
    # Relationships
    manager = relationship("Employee", foreign_keys=[manager_id], back_populates="managed_departments")
    employees = relationship("Employee", foreign_keys="Employee.department_id", back_populates="department")
--- a/app/models/employees.py
+++ b/app/models/employees.py
@ -0,0 +1,36 @@
 from sqlalchemy import Column, Integer, String, DateTime, ForeignKey, Date, Numeric, Enum
 from sqlalchemy.sql import func
 from sqlalchemy.orm import relationship
 from app.db.base import Base
 import enum
 class EmploymentStatus(enum.Enum):
    ACTIVE = "active"
    INACTIVE = "inactive"
    TERMINATED = "terminated"
 class Employee(Base):
    __tablename__ = "employees"
    id = Column(Integer, primary_key=True, index=True)
    user_id = Column(Integer, ForeignKey("users.id"), unique=True, nullable=False)
    employee_id = Column(String, unique=True, index=True, nullable=False)
    department_id = Column(Integer, ForeignKey("departments.id"))
    position = Column(String, nullable=False)
    salary = Column(Numeric(10, 2))
    hire_date = Column(Date, nullable=False)
    status = Column(Enum(EmploymentStatus), default=EmploymentStatus.ACTIVE)
    phone = Column(String)
    address = Column(String)
    emergency_contact = Column(String)
    emergency_phone = Column(String)
    created_at = Column(DateTime(timezone=True), server_default=func.now())
    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
    # Relationships
    user = relationship("User")
    department = relationship("Department", foreign_keys=[department_id], back_populates="employees")
    managed_departments = relationship("Department", foreign_keys="Department.manager_id", back_populates="manager")
    leave_requests = relationship("LeaveRequest", back_populates="employee")
    payroll_records = relationship("PayrollRecord", back_populates="employee")
    attendance_records = relationship("AttendanceRecord", back_populates="employee")
--- a/app/models/leaves.py
+++ b/app/models/leaves.py
@ -0,0 +1,40 @@
 from sqlalchemy import Column, Integer, DateTime, ForeignKey, Date, Text, Enum
 from sqlalchemy.sql import func
 from sqlalchemy.orm import relationship
 from app.db.base import Base
 import enum
 class LeaveType(enum.Enum):
    VACATION = "vacation"
    SICK = "sick"
    PERSONAL = "personal"
    MATERNITY = "maternity"
    PATERNITY = "paternity"
    EMERGENCY = "emergency"
 class LeaveStatus(enum.Enum):
    PENDING = "pending"
    APPROVED = "approved"
    REJECTED = "rejected"
    CANCELLED = "cancelled"
 class LeaveRequest(Base):
    __tablename__ = "leave_requests"
    id = Column(Integer, primary_key=True, index=True)
    employee_id = Column(Integer, ForeignKey("employees.id"), nullable=False)
    leave_type = Column(Enum(LeaveType), nullable=False)
    start_date = Column(Date, nullable=False)
    end_date = Column(Date, nullable=False)
    days_requested = Column(Integer, nullable=False)
    reason = Column(Text)
    status = Column(Enum(LeaveStatus), default=LeaveStatus.PENDING)
    approved_by = Column(Integer, ForeignKey("users.id"))
    approved_at = Column(DateTime(timezone=True))
    comments = Column(Text)
    created_at = Column(DateTime(timezone=True), server_default=func.now())
    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
    # Relationships
    employee = relationship("Employee", back_populates="leave_requests")
    approver = relationship("User", foreign_keys=[approved_by])
--- a/app/models/payroll.py
+++ b/app/models/payroll.py
@ -0,0 +1,35 @@
 from sqlalchemy import Column, Integer, DateTime, ForeignKey, Date, Numeric, Enum
 from sqlalchemy.sql import func
 from sqlalchemy.orm import relationship
 from app.db.base import Base
 import enum
 class PayrollStatus(enum.Enum):
    DRAFT = "draft"
    PROCESSED = "processed"
    PAID = "paid"
 class PayrollRecord(Base):
    __tablename__ = "payroll_records"
    id = Column(Integer, primary_key=True, index=True)
    employee_id = Column(Integer, ForeignKey("employees.id"), nullable=False)
    pay_period_start = Column(Date, nullable=False)
    pay_period_end = Column(Date, nullable=False)
    base_salary = Column(Numeric(10, 2), nullable=False)
    overtime_hours = Column(Numeric(5, 2), default=0)
    overtime_rate = Column(Numeric(5, 2), default=0)
    bonus = Column(Numeric(10, 2), default=0)
    deductions = Column(Numeric(10, 2), default=0)
    gross_pay = Column(Numeric(10, 2), nullable=False)
    tax_deductions = Column(Numeric(10, 2), default=0)
    net_pay = Column(Numeric(10, 2), nullable=False)
    status = Column(Enum(PayrollStatus), default=PayrollStatus.DRAFT)
    processed_by = Column(Integer, ForeignKey("users.id"))
    processed_at = Column(DateTime(timezone=True))
    created_at = Column(DateTime(timezone=True), server_default=func.now())
    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
    # Relationships
    employee = relationship("Employee", back_populates="payroll_records")
    processor = relationship("User", foreign_keys=[processed_by])
--- a/app/models/users.py
+++ b/app/models/users.py
@ -0,0 +1,22 @@
 from sqlalchemy import Column, Integer, String, Boolean, DateTime, Enum
 from sqlalchemy.sql import func
 from app.db.base import Base
 import enum
 class UserRole(enum.Enum):
    ADMIN = "admin"
    HR_MANAGER = "hr_manager"
    MANAGER = "manager"
    EMPLOYEE = "employee"
 class User(Base):
    __tablename__ = "users"
    id = Column(Integer, primary_key=True, index=True)
    email = Column(String, unique=True, index=True, nullable=False)
    hashed_password = Column(String, nullable=False)
    full_name = Column(String, nullable=False)
    role = Column(Enum(UserRole), default=UserRole.EMPLOYEE)
    is_active = Column(Boolean, default=True)
    created_at = Column(DateTime(timezone=True), server_default=func.now())
    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
--- a/app/routers/init.py
+++ b/app/routers/init.py
--- a/app/routers/attendance.py
+++ b/app/routers/attendance.py
@ -0,0 +1,207 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 from typing import List
 from datetime import datetime, time, date
 from app.db.session import get_db
 from app.schemas.attendance import AttendanceRecord, AttendanceRecordCreate, AttendanceRecordUpdate
 from app.models.attendance import AttendanceRecord as AttendanceRecordModel
 from app.models.users import User, UserRole
 from app.models.employees import Employee
 from app.core.deps import get_current_user, require_role
 router = APIRouter()
 def calculate_hours_worked(clock_in: time, clock_out: time) -> str:
    """Calculate hours worked between clock in and clock out times"""
    if not clock_in or not clock_out:
        return "0:00"
    # Convert to datetime for calculation
    today = date.today()
    dt_in = datetime.combine(today, clock_in)
    dt_out = datetime.combine(today, clock_out)
    # Handle overnight shifts
    if dt_out < dt_in:
        dt_out = dt_out.replace(day=today.day + 1)
    duration = dt_out - dt_in
    hours = duration.seconds // 3600
    minutes = (duration.seconds % 3600) // 60
    return f"{hours}:{minutes:02d}"
@router.post("", response_model=AttendanceRecord)
 def create_attendance_record(
    attendance: AttendanceRecordCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    # Employees can only create attendance records for themselves unless they're HR/Admin
    if (current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]):
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or attendance.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Can only create attendance records for yourself"
            )
    # Check if attendance record already exists for this date
    existing_record = db.query(AttendanceRecordModel).filter(
        AttendanceRecordModel.employee_id == attendance.employee_id,
        AttendanceRecordModel.date == attendance.date
    ).first()
    if existing_record:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Attendance record already exists for this date"
        )
    attendance_data = attendance.dict()
    # Calculate hours worked if both clock in and out are provided
    if attendance.clock_in and attendance.clock_out:
        attendance_data['hours_worked'] = calculate_hours_worked(attendance.clock_in, attendance.clock_out)
    db_attendance = AttendanceRecordModel(**attendance_data)
    db.add(db_attendance)
    db.commit()
    db.refresh(db_attendance)
    return db_attendance
@router.get("", response_model=List[AttendanceRecord])
 def read_attendance_records(
    skip: int = 0,
    limit: int = 100,
    employee_id: int = None,
    start_date: date = None,
    end_date: date = None,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    query = db.query(AttendanceRecordModel)
    # Apply filters based on user role
    if current_user.role in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        # HR and Admin can see all attendance records
        if employee_id:
            query = query.filter(AttendanceRecordModel.employee_id == employee_id)
    else:
        # Employees can only see their own attendance records
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee:
            raise HTTPException(status_code=404, detail="Employee profile not found")
        query = query.filter(AttendanceRecordModel.employee_id == current_employee.id)
    # Apply date filters
    if start_date:
        query = query.filter(AttendanceRecordModel.date >= start_date)
    if end_date:
        query = query.filter(AttendanceRecordModel.date <= end_date)
    attendance_records = query.offset(skip).limit(limit).all()
    return attendance_records
@router.get("/{attendance_id}", response_model=AttendanceRecord)
 def read_attendance_record(
    attendance_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    attendance_record = db.query(AttendanceRecordModel).filter(AttendanceRecordModel.id == attendance_id).first()
    if attendance_record is None:
        raise HTTPException(status_code=404, detail="Attendance record not found")
    # Check permissions
    if current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or attendance_record.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
    return attendance_record
@router.put("/{attendance_id}", response_model=AttendanceRecord)
 def update_attendance_record(
    attendance_id: int,
    attendance_update: AttendanceRecordUpdate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    attendance_record = db.query(AttendanceRecordModel).filter(AttendanceRecordModel.id == attendance_id).first()
    if attendance_record is None:
        raise HTTPException(status_code=404, detail="Attendance record not found")
    # Check permissions
    if current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or attendance_record.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
    update_data = attendance_update.dict(exclude_unset=True)
    for field, value in update_data.items():
        setattr(attendance_record, field, value)
    # Recalculate hours worked if times are updated
    if attendance_record.clock_in and attendance_record.clock_out:
        attendance_record.hours_worked = calculate_hours_worked(
            attendance_record.clock_in, 
            attendance_record.clock_out
        )
    db.commit()
    db.refresh(attendance_record)
    return attendance_record
@router.post("/{attendance_id}/clock-out")
 def clock_out(
    attendance_id: int,
    clock_out_time: time,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    attendance_record = db.query(AttendanceRecordModel).filter(AttendanceRecordModel.id == attendance_id).first()
    if attendance_record is None:
        raise HTTPException(status_code=404, detail="Attendance record not found")
    # Check permissions
    if current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or attendance_record.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
    attendance_record.clock_out = clock_out_time
    # Calculate hours worked
    if attendance_record.clock_in:
        attendance_record.hours_worked = calculate_hours_worked(
            attendance_record.clock_in, 
            clock_out_time
        )
    db.commit()
    db.refresh(attendance_record)
    return {"message": "Clocked out successfully", "attendance_record": attendance_record}
@router.delete("/{attendance_id}")
 def delete_attendance_record(
    attendance_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    attendance_record = db.query(AttendanceRecordModel).filter(AttendanceRecordModel.id == attendance_id).first()
    if attendance_record is None:
        raise HTTPException(status_code=404, detail="Attendance record not found")
    db.delete(attendance_record)
    db.commit()
    return {"message": "Attendance record deleted successfully"}
--- a/app/routers/auth.py
+++ b/app/routers/auth.py
@ -0,0 +1,35 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 from app.db.session import get_db
 from app.schemas.users import User, UserCreate, LoginRequest, Token
 from app.services.auth import authenticate_user, create_user, get_user_by_email
 from app.core.security import create_access_token
 from app.core.deps import get_current_user
 router = APIRouter()
@router.post("/register", response_model=User)
 def register(user: UserCreate, db: Session = Depends(get_db)):
    db_user = get_user_by_email(db, email=user.email)
    if db_user:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Email already registered"
        )
    return create_user(db=db, user=user)
@router.post("/login", response_model=Token)
 def login(login_data: LoginRequest, db: Session = Depends(get_db)):
    user = authenticate_user(db, login_data.email, login_data.password)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect email or password",
            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token = create_access_token(subject=user.email)
    return {"access_token": access_token, "token_type": "bearer"}
@router.get("/me", response_model=User)
 def read_users_me(current_user: User = Depends(get_current_user)):
    return current_user
--- a/app/routers/departments.py
+++ b/app/routers/departments.py
@ -0,0 +1,76 @@
 from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.orm import Session
 from typing import List
 from app.db.session import get_db
 from app.schemas.departments import Department, DepartmentCreate, DepartmentUpdate
 from app.models.departments import Department as DepartmentModel
 from app.models.users import User, UserRole
 from app.core.deps import require_role
 router = APIRouter()
@router.post("", response_model=Department)
 def create_department(
    department: DepartmentCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    db_department = DepartmentModel(**department.dict())
    db.add(db_department)
    db.commit()
    db.refresh(db_department)
    return db_department
@router.get("", response_model=List[Department])
 def read_departments(
    skip: int = 0,
    limit: int = 100,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER, UserRole.MANAGER]))
 ):
    departments = db.query(DepartmentModel).offset(skip).limit(limit).all()
    return departments
@router.get("/{department_id}", response_model=Department)
 def read_department(
    department_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER, UserRole.MANAGER]))
 ):
    department = db.query(DepartmentModel).filter(DepartmentModel.id == department_id).first()
    if department is None:
        raise HTTPException(status_code=404, detail="Department not found")
    return department
@router.put("/{department_id}", response_model=Department)
 def update_department(
    department_id: int,
    department_update: DepartmentUpdate,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    department = db.query(DepartmentModel).filter(DepartmentModel.id == department_id).first()
    if department is None:
        raise HTTPException(status_code=404, detail="Department not found")
    update_data = department_update.dict(exclude_unset=True)
    for field, value in update_data.items():
        setattr(department, field, value)
    db.commit()
    db.refresh(department)
    return department
@router.delete("/{department_id}")
 def delete_department(
    department_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN]))
 ):
    department = db.query(DepartmentModel).filter(DepartmentModel.id == department_id).first()
    if department is None:
        raise HTTPException(status_code=404, detail="Department not found")
    db.delete(department)
    db.commit()
    return {"message": "Department deleted successfully"}
--- a/app/routers/employees.py
+++ b/app/routers/employees.py
@ -0,0 +1,93 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 from typing import List
 from app.db.session import get_db
 from app.schemas.employees import Employee, EmployeeCreate, EmployeeUpdate
 from app.models.employees import Employee as EmployeeModel
 from app.models.users import User, UserRole
 from app.core.deps import get_current_user, require_role
 router = APIRouter()
@router.post("", response_model=Employee)
 def create_employee(
    employee: EmployeeCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    # Check if employee already exists for this user
    existing_employee = db.query(EmployeeModel).filter(EmployeeModel.user_id == employee.user_id).first()
    if existing_employee:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Employee profile already exists for this user"
        )
    db_employee = EmployeeModel(**employee.dict())
    db.add(db_employee)
    db.commit()
    db.refresh(db_employee)
    return db_employee
@router.get("", response_model=List[Employee])
 def read_employees(
    skip: int = 0,
    limit: int = 100,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER, UserRole.MANAGER]))
 ):
    employees = db.query(EmployeeModel).offset(skip).limit(limit).all()
    return employees
@router.get("/{employee_id}", response_model=Employee)
 def read_employee(
    employee_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    employee = db.query(EmployeeModel).filter(EmployeeModel.id == employee_id).first()
    if employee is None:
        raise HTTPException(status_code=404, detail="Employee not found")
    # Allow access if user is HR/Admin or viewing their own profile
    if (current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER] and 
        employee.user_id != current_user.id):
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Not enough permissions"
        )
    return employee
@router.put("/{employee_id}", response_model=Employee)
 def update_employee(
    employee_id: int,
    employee_update: EmployeeUpdate,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    employee = db.query(EmployeeModel).filter(EmployeeModel.id == employee_id).first()
    if employee is None:
        raise HTTPException(status_code=404, detail="Employee not found")
    update_data = employee_update.dict(exclude_unset=True)
    for field, value in update_data.items():
        setattr(employee, field, value)
    db.commit()
    db.refresh(employee)
    return employee
@router.delete("/{employee_id}")
 def delete_employee(
    employee_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN]))
 ):
    employee = db.query(EmployeeModel).filter(EmployeeModel.id == employee_id).first()
    if employee is None:
        raise HTTPException(status_code=404, detail="Employee not found")
    db.delete(employee)
    db.commit()
    return {"message": "Employee deleted successfully"}
--- a/app/routers/leaves.py
+++ b/app/routers/leaves.py
@ -0,0 +1,152 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 from typing import List
 from datetime import datetime
 from app.db.session import get_db
 from app.schemas.leaves import LeaveRequest, LeaveRequestCreate, LeaveRequestUpdate, LeaveRequestApproval
 from app.models.leaves import LeaveRequest as LeaveRequestModel, LeaveStatus
 from app.models.users import User, UserRole
 from app.models.employees import Employee
 from app.core.deps import get_current_user, require_role
 router = APIRouter()
@router.post("", response_model=LeaveRequest)
 def create_leave_request(
    leave_request: LeaveRequestCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    # Employees can only create leave requests for themselves unless they're HR/Admin
    if (current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]):
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or leave_request.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Can only create leave requests for yourself"
            )
    db_leave_request = LeaveRequestModel(**leave_request.dict())
    db.add(db_leave_request)
    db.commit()
    db.refresh(db_leave_request)
    return db_leave_request
@router.get("", response_model=List[LeaveRequest])
 def read_leave_requests(
    skip: int = 0,
    limit: int = 100,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    if current_user.role in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        # HR and Admin can see all leave requests
        leave_requests = db.query(LeaveRequestModel).offset(skip).limit(limit).all()
    else:
        # Employees can only see their own leave requests
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee:
            raise HTTPException(status_code=404, detail="Employee profile not found")
        leave_requests = db.query(LeaveRequestModel).filter(
            LeaveRequestModel.employee_id == current_employee.id
        ).offset(skip).limit(limit).all()
    return leave_requests
@router.get("/{leave_request_id}", response_model=LeaveRequest)
 def read_leave_request(
    leave_request_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    leave_request = db.query(LeaveRequestModel).filter(LeaveRequestModel.id == leave_request_id).first()
    if leave_request is None:
        raise HTTPException(status_code=404, detail="Leave request not found")
    # Check permissions
    if current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or leave_request.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
    return leave_request
@router.put("/{leave_request_id}/approve", response_model=LeaveRequest)
 def approve_leave_request(
    leave_request_id: int,
    approval: LeaveRequestApproval,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER, UserRole.MANAGER]))
 ):
    leave_request = db.query(LeaveRequestModel).filter(LeaveRequestModel.id == leave_request_id).first()
    if leave_request is None:
        raise HTTPException(status_code=404, detail="Leave request not found")
    leave_request.status = approval.status
    leave_request.comments = approval.comments
    leave_request.approved_by = current_user.id
    leave_request.approved_at = datetime.utcnow()
    db.commit()
    db.refresh(leave_request)
    return leave_request
@router.put("/{leave_request_id}", response_model=LeaveRequest)
 def update_leave_request(
    leave_request_id: int,
    leave_request_update: LeaveRequestUpdate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    leave_request = db.query(LeaveRequestModel).filter(LeaveRequestModel.id == leave_request_id).first()
    if leave_request is None:
        raise HTTPException(status_code=404, detail="Leave request not found")
    # Only allow updates if pending and user owns the request or is HR/Admin
    if leave_request.status != LeaveStatus.PENDING:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Can only update pending leave requests"
        )
    if current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or leave_request.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
    update_data = leave_request_update.dict(exclude_unset=True)
    for field, value in update_data.items():
        setattr(leave_request, field, value)
    db.commit()
    db.refresh(leave_request)
    return leave_request
@router.delete("/{leave_request_id}")
 def delete_leave_request(
    leave_request_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    leave_request = db.query(LeaveRequestModel).filter(LeaveRequestModel.id == leave_request_id).first()
    if leave_request is None:
        raise HTTPException(status_code=404, detail="Leave request not found")
    # Check permissions
    if current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or leave_request.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
    db.delete(leave_request)
    db.commit()
    return {"message": "Leave request deleted successfully"}
--- a/app/routers/payroll.py
+++ b/app/routers/payroll.py
@ -0,0 +1,168 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 from typing import List
 from datetime import datetime
 from decimal import Decimal
 from app.db.session import get_db
 from app.schemas.payroll import PayrollRecord, PayrollRecordCreate, PayrollRecordUpdate
 from app.models.payroll import PayrollRecord as PayrollRecordModel, PayrollStatus
 from app.models.users import User, UserRole
 from app.models.employees import Employee
 from app.core.deps import get_current_user, require_role
 router = APIRouter()
 def calculate_payroll(payroll_data: dict) -> dict:
    """Calculate gross pay and net pay"""
    base_salary = payroll_data.get('base_salary', Decimal('0'))
    overtime_hours = payroll_data.get('overtime_hours', Decimal('0'))
    overtime_rate = payroll_data.get('overtime_rate', Decimal('0'))
    bonus = payroll_data.get('bonus', Decimal('0'))
    deductions = payroll_data.get('deductions', Decimal('0'))
    tax_deductions = payroll_data.get('tax_deductions', Decimal('0'))
    overtime_pay = overtime_hours * overtime_rate
    gross_pay = base_salary + overtime_pay + bonus
    net_pay = gross_pay - deductions - tax_deductions
    return {
        'gross_pay': gross_pay,
        'net_pay': net_pay
    }
@router.post("", response_model=PayrollRecord)
 def create_payroll_record(
    payroll: PayrollRecordCreate,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    payroll_data = payroll.dict()
    calculated_values = calculate_payroll(payroll_data)
    db_payroll = PayrollRecordModel(
        **payroll_data,
        **calculated_values
    )
    db.add(db_payroll)
    db.commit()
    db.refresh(db_payroll)
    return db_payroll
@router.get("", response_model=List[PayrollRecord])
 def read_payroll_records(
    skip: int = 0,
    limit: int = 100,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    if current_user.role in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        # HR and Admin can see all payroll records
        payroll_records = db.query(PayrollRecordModel).offset(skip).limit(limit).all()
    else:
        # Employees can only see their own payroll records
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee:
            raise HTTPException(status_code=404, detail="Employee profile not found")
        payroll_records = db.query(PayrollRecordModel).filter(
            PayrollRecordModel.employee_id == current_employee.id
        ).offset(skip).limit(limit).all()
    return payroll_records
@router.get("/{payroll_id}", response_model=PayrollRecord)
 def read_payroll_record(
    payroll_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
 ):
    payroll_record = db.query(PayrollRecordModel).filter(PayrollRecordModel.id == payroll_id).first()
    if payroll_record is None:
        raise HTTPException(status_code=404, detail="Payroll record not found")
    # Check permissions
    if current_user.role not in [UserRole.ADMIN, UserRole.HR_MANAGER]:
        current_employee = db.query(Employee).filter(Employee.user_id == current_user.id).first()
        if not current_employee or payroll_record.employee_id != current_employee.id:
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Not enough permissions"
            )
    return payroll_record
@router.put("/{payroll_id}", response_model=PayrollRecord)
 def update_payroll_record(
    payroll_id: int,
    payroll_update: PayrollRecordUpdate,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    payroll_record = db.query(PayrollRecordModel).filter(PayrollRecordModel.id == payroll_id).first()
    if payroll_record is None:
        raise HTTPException(status_code=404, detail="Payroll record not found")
    # Can only update draft records
    if payroll_record.status != PayrollStatus.DRAFT:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Can only update draft payroll records"
        )
    update_data = payroll_update.dict(exclude_unset=True)
    for field, value in update_data.items():
        setattr(payroll_record, field, value)
    # Recalculate totals
    payroll_data = {
        'base_salary': payroll_record.base_salary,
        'overtime_hours': payroll_record.overtime_hours,
        'overtime_rate': payroll_record.overtime_rate,
        'bonus': payroll_record.bonus,
        'deductions': payroll_record.deductions,
        'tax_deductions': payroll_record.tax_deductions
    }
    calculated_values = calculate_payroll(payroll_data)
    payroll_record.gross_pay = calculated_values['gross_pay']
    payroll_record.net_pay = calculated_values['net_pay']
    db.commit()
    db.refresh(payroll_record)
    return payroll_record
@router.post("/{payroll_id}/process")
 def process_payroll_record(
    payroll_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN, UserRole.HR_MANAGER]))
 ):
    payroll_record = db.query(PayrollRecordModel).filter(PayrollRecordModel.id == payroll_id).first()
    if payroll_record is None:
        raise HTTPException(status_code=404, detail="Payroll record not found")
    if payroll_record.status != PayrollStatus.DRAFT:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Can only process draft payroll records"
        )
    payroll_record.status = PayrollStatus.PROCESSED
    payroll_record.processed_by = current_user.id
    payroll_record.processed_at = datetime.utcnow()
    db.commit()
    db.refresh(payroll_record)
    return {"message": "Payroll record processed successfully"}
@router.delete("/{payroll_id}")
 def delete_payroll_record(
    payroll_id: int,
    db: Session = Depends(get_db),
    current_user: User = Depends(require_role([UserRole.ADMIN]))
 ):
    payroll_record = db.query(PayrollRecordModel).filter(PayrollRecordModel.id == payroll_id).first()
    if payroll_record is None:
        raise HTTPException(status_code=404, detail="Payroll record not found")
    db.delete(payroll_record)
    db.commit()
    return {"message": "Payroll record deleted successfully"}
--- a/app/schemas/init.py
+++ b/app/schemas/init.py
--- a/app/schemas/attendance.py
+++ b/app/schemas/attendance.py
@ -0,0 +1,30 @@
 from pydantic import BaseModel
 from typing import Optional
 from datetime import datetime, date, time
 from app.models.attendance import AttendanceStatus
 class AttendanceRecordBase(BaseModel):
    employee_id: int
    date: date
    clock_in: Optional[time] = None
    clock_out: Optional[time] = None
    status: AttendanceStatus = AttendanceStatus.PRESENT
    notes: Optional[str] = None
 class AttendanceRecordCreate(AttendanceRecordBase):
    pass
 class AttendanceRecordUpdate(BaseModel):
    clock_in: Optional[time] = None
    clock_out: Optional[time] = None
    status: Optional[AttendanceStatus] = None
    notes: Optional[str] = None
 class AttendanceRecord(AttendanceRecordBase):
    id: int
    hours_worked: Optional[str] = None
    created_at: datetime
    updated_at: Optional[datetime] = None
    class Config:
        from_attributes = True
--- a/app/schemas/departments.py
+++ b/app/schemas/departments.py
@ -0,0 +1,24 @@
 from pydantic import BaseModel
 from typing import Optional
 from datetime import datetime
 class DepartmentBase(BaseModel):
    name: str
    description: Optional[str] = None
    manager_id: Optional[int] = None
 class DepartmentCreate(DepartmentBase):
    pass
 class DepartmentUpdate(BaseModel):
    name: Optional[str] = None
    description: Optional[str] = None
    manager_id: Optional[int] = None
 class Department(DepartmentBase):
    id: int
    created_at: datetime
    updated_at: Optional[datetime] = None
    class Config:
        from_attributes = True
--- a/app/schemas/employees.py
+++ b/app/schemas/employees.py
@ -0,0 +1,39 @@
 from pydantic import BaseModel
 from typing import Optional
 from datetime import datetime, date
 from decimal import Decimal
 from app.models.employees import EmploymentStatus
 class EmployeeBase(BaseModel):
    employee_id: str
    department_id: Optional[int] = None
    position: str
    salary: Optional[Decimal] = None
    hire_date: date
    phone: Optional[str] = None
    address: Optional[str] = None
    emergency_contact: Optional[str] = None
    emergency_phone: Optional[str] = None
 class EmployeeCreate(EmployeeBase):
    user_id: int
 class EmployeeUpdate(BaseModel):
    department_id: Optional[int] = None
    position: Optional[str] = None
    salary: Optional[Decimal] = None
    status: Optional[EmploymentStatus] = None
    phone: Optional[str] = None
    address: Optional[str] = None
    emergency_contact: Optional[str] = None
    emergency_phone: Optional[str] = None
 class Employee(EmployeeBase):
    id: int
    user_id: int
    status: EmploymentStatus
    created_at: datetime
    updated_at: Optional[datetime] = None
    class Config:
        from_attributes = True
--- a/app/schemas/leaves.py
+++ b/app/schemas/leaves.py
@ -0,0 +1,38 @@
 from pydantic import BaseModel
 from typing import Optional
 from datetime import datetime, date
 from app.models.leaves import LeaveType, LeaveStatus
 class LeaveRequestBase(BaseModel):
    leave_type: LeaveType
    start_date: date
    end_date: date
    days_requested: int
    reason: Optional[str] = None
 class LeaveRequestCreate(LeaveRequestBase):
    employee_id: int
 class LeaveRequestUpdate(BaseModel):
    leave_type: Optional[LeaveType] = None
    start_date: Optional[date] = None
    end_date: Optional[date] = None
    days_requested: Optional[int] = None
    reason: Optional[str] = None
 class LeaveRequestApproval(BaseModel):
    status: LeaveStatus
    comments: Optional[str] = None
 class LeaveRequest(LeaveRequestBase):
    id: int
    employee_id: int
    status: LeaveStatus
    approved_by: Optional[int] = None
    approved_at: Optional[datetime] = None
    comments: Optional[str] = None
    created_at: datetime
    updated_at: Optional[datetime] = None
    class Config:
        from_attributes = True
--- a/app/schemas/payroll.py
+++ b/app/schemas/payroll.py
@ -0,0 +1,39 @@
 from pydantic import BaseModel
 from typing import Optional
 from datetime import datetime, date
 from decimal import Decimal
 from app.models.payroll import PayrollStatus
 class PayrollRecordBase(BaseModel):
    employee_id: int
    pay_period_start: date
    pay_period_end: date
    base_salary: Decimal
    overtime_hours: Optional[Decimal] = Decimal('0')
    overtime_rate: Optional[Decimal] = Decimal('0')
    bonus: Optional[Decimal] = Decimal('0')
    deductions: Optional[Decimal] = Decimal('0')
    tax_deductions: Optional[Decimal] = Decimal('0')
 class PayrollRecordCreate(PayrollRecordBase):
    pass
 class PayrollRecordUpdate(BaseModel):
    overtime_hours: Optional[Decimal] = None
    overtime_rate: Optional[Decimal] = None
    bonus: Optional[Decimal] = None
    deductions: Optional[Decimal] = None
    tax_deductions: Optional[Decimal] = None
 class PayrollRecord(PayrollRecordBase):
    id: int
    gross_pay: Decimal
    net_pay: Decimal
    status: PayrollStatus
    processed_by: Optional[int] = None
    processed_at: Optional[datetime] = None
    created_at: datetime
    updated_at: Optional[datetime] = None
    class Config:
        from_attributes = True
--- a/app/schemas/users.py
+++ b/app/schemas/users.py
@ -0,0 +1,38 @@
 from pydantic import BaseModel, EmailStr
 from typing import Optional
 from datetime import datetime
 from app.models.users import UserRole
 class UserBase(BaseModel):
    email: EmailStr
    full_name: str
    role: UserRole = UserRole.EMPLOYEE
 class UserCreate(UserBase):
    password: str
 class UserUpdate(BaseModel):
    email: Optional[EmailStr] = None
    full_name: Optional[str] = None
    role: Optional[UserRole] = None
    is_active: Optional[bool] = None
 class User(UserBase):
    id: int
    is_active: bool
    created_at: datetime
    updated_at: Optional[datetime] = None
    class Config:
        from_attributes = True
 class Token(BaseModel):
    access_token: str
    token_type: str
 class TokenData(BaseModel):
    email: Optional[str] = None
 class LoginRequest(BaseModel):
    email: EmailStr
    password: str
--- a/app/services/init.py
+++ b/app/services/init.py
--- a/app/services/auth.py
+++ b/app/services/auth.py
@ -0,0 +1,28 @@
 from sqlalchemy.orm import Session
 from app.models.users import User
 from app.schemas.users import UserCreate
 from app.core.security import get_password_hash, verify_password
 def get_user_by_email(db: Session, email: str):
    return db.query(User).filter(User.email == email).first()
 def create_user(db: Session, user: UserCreate):
    hashed_password = get_password_hash(user.password)
    db_user = User(
        email=user.email,
        hashed_password=hashed_password,
        full_name=user.full_name,
        role=user.role
    )
    db.add(db_user)
    db.commit()
    db.refresh(db_user)
    return db_user
 def authenticate_user(db: Session, email: str, password: str):
    user = get_user_by_email(db, email)
    if not user:
        return False
    if not verify_password(password, user.hashed_password):
        return False
    return user
--- a/main.py
+++ b/main.py
@ -0,0 +1,45 @@
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 from app.routers import auth, employees, departments, leaves, payroll, attendance
 from app.db.session import engine
 from app.db.base import Base
 # Create database tables
 Base.metadata.create_all(bind=engine)
 app = FastAPI(
    title="HR Management System",
    description="A comprehensive HR management backend system",
    version="1.0.0",
    openapi_url="/openapi.json"
 )
 # CORS configuration
 app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
 )
 # Include routers
 app.include_router(auth.router, prefix="/auth", tags=["Authentication"])
 app.include_router(employees.router, prefix="/employees", tags=["Employees"])
 app.include_router(departments.router, prefix="/departments", tags=["Departments"])
 app.include_router(leaves.router, prefix="/leaves", tags=["Leave Management"])
 app.include_router(payroll.router, prefix="/payroll", tags=["Payroll"])
 app.include_router(attendance.router, prefix="/attendance", tags=["Attendance"])
@app.get("/")
 async def root():
    return {
        "title": "HR Management System",
        "description": "A comprehensive HR management backend system",
        "documentation": "/docs",
        "health_check": "/health"
    }
@app.get("/health")
 async def health_check():
    return {"status": "healthy", "service": "HR Management Backend"}
--- a/migrations/env.py
+++ b/migrations/env.py
@ -0,0 +1,81 @@
 from logging.config import fileConfig
 from sqlalchemy import engine_from_config
 from sqlalchemy import pool
 from alembic import context
 # Add the project root to the Python path
 import sys
 from pathlib import Path
 sys.path.append(str(Path(__file__).parent.parent))
 from app.db.base import Base
 # this is the Alembic Config object, which provides
 # access to the values within the .ini file in use.
 config = context.config
 # Interpret the config file for Python logging.
 # This line sets up loggers basically.
 if config.config_file_name is not None:
    fileConfig(config.config_file_name)
 # add your model's MetaData object here
 # for 'autogenerate' support
 target_metadata = Base.metadata
 # other values from the config, defined by the needs of env.py,
 # can be acquired:
 # my_important_option = config.get_main_option("my_important_option")
 # ... etc.
 def run_migrations_offline() -> None:
    """Run migrations in 'offline' mode.
    This configures the context with just a URL
    and not an Engine, though an Engine is acceptable
    here as well.  By skipping the Engine creation
    we don't even need a DBAPI to be available.
    Calls to context.execute() here emit the given string to the
    script output.
    """
    url = config.get_main_option("sqlalchemy.url")
    context.configure(
        url=url,
        target_metadata=target_metadata,
        literal_binds=True,
        dialect_opts={"paramstyle": "named"},
    )
    with context.begin_transaction():
        context.run_migrations()
 def run_migrations_online() -> None:
    """Run migrations in 'online' mode.
    In this scenario we need to create an Engine
    and associate a connection with the context.
    """
    connectable = engine_from_config(
        config.get_section(config.config_ini_section),
        prefix="sqlalchemy.",
        poolclass=pool.NullPool,
    )
    with connectable.connect() as connection:
        context.configure(
            connection=connection, target_metadata=target_metadata
        )
        with context.begin_transaction():
            context.run_migrations()
 if context.is_offline_mode():
    run_migrations_offline()
 else:
    run_migrations_online()
--- a/migrations/script.py.mako
+++ b/migrations/script.py.mako
@ -0,0 +1,24 @@
 """${message}
 Revision ID: ${up_revision}
 Revises: ${down_revision | comma,n}
 Create Date: ${create_date}
 """
 from alembic import op
 import sqlalchemy as sa
 ${imports if imports else ""}
 # revision identifiers, used by Alembic.
 revision = ${repr(up_revision)}
 down_revision = ${repr(down_revision)}
 branch_labels = ${repr(branch_labels)}
 depends_on = ${repr(depends_on)}
 def upgrade() -> None:
    ${upgrades if upgrades else "pass"}
 def downgrade() -> None:
    ${downgrades if downgrades else "pass"}
--- a/migrations/versions/001_initial_migration.py
+++ b/migrations/versions/001_initial_migration.py
@ -0,0 +1,152 @@
 """Initial migration
 Revision ID: 001
 Revises: 
 Create Date: 2023-12-01 00:00:00.000000
 """
 from alembic import op
 import sqlalchemy as sa
 # revision identifiers, used by Alembic.
 revision = '001'
 down_revision = None
 branch_labels = None
 depends_on = None
 def upgrade() -> None:
    # Create users table
    op.create_table('users',
        sa.Column('id', sa.Integer(), nullable=False),
        sa.Column('email', sa.String(), nullable=False),
        sa.Column('hashed_password', sa.String(), nullable=False),
        sa.Column('full_name', sa.String(), nullable=False),
        sa.Column('role', sa.Enum('ADMIN', 'HR_MANAGER', 'MANAGER', 'EMPLOYEE', name='userrole'), nullable=True),
        sa.Column('is_active', sa.Boolean(), nullable=True),
        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
        sa.PrimaryKeyConstraint('id')
    )
    op.create_index(op.f('ix_users_email'), 'users', ['email'], unique=True)
    op.create_index(op.f('ix_users_id'), 'users', ['id'], unique=False)
    # Create departments table
    op.create_table('departments',
        sa.Column('id', sa.Integer(), nullable=False),
        sa.Column('name', sa.String(), nullable=False),
        sa.Column('description', sa.String(), nullable=True),
        sa.Column('manager_id', sa.Integer(), nullable=True),
        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
        sa.PrimaryKeyConstraint('id')
    )
    op.create_index(op.f('ix_departments_id'), 'departments', ['id'], unique=False)
    op.create_index(op.f('ix_departments_name'), 'departments', ['name'], unique=True)
    # Create employees table
    op.create_table('employees',
        sa.Column('id', sa.Integer(), nullable=False),
        sa.Column('user_id', sa.Integer(), nullable=False),
        sa.Column('employee_id', sa.String(), nullable=False),
        sa.Column('department_id', sa.Integer(), nullable=True),
        sa.Column('position', sa.String(), nullable=False),
        sa.Column('salary', sa.Numeric(precision=10, scale=2), nullable=True),
        sa.Column('hire_date', sa.Date(), nullable=False),
        sa.Column('status', sa.Enum('ACTIVE', 'INACTIVE', 'TERMINATED', name='employmentstatus'), nullable=True),
        sa.Column('phone', sa.String(), nullable=True),
        sa.Column('address', sa.String(), nullable=True),
        sa.Column('emergency_contact', sa.String(), nullable=True),
        sa.Column('emergency_phone', sa.String(), nullable=True),
        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
        sa.ForeignKeyConstraint(['department_id'], ['departments.id'], ),
        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
        sa.PrimaryKeyConstraint('id')
    )
    op.create_index(op.f('ix_employees_employee_id'), 'employees', ['employee_id'], unique=True)
    op.create_index(op.f('ix_employees_id'), 'employees', ['id'], unique=False)
    # Add foreign key for department manager
    op.create_foreign_key(None, 'departments', 'employees', ['manager_id'], ['id'])
    # Create leave_requests table
    op.create_table('leave_requests',
        sa.Column('id', sa.Integer(), nullable=False),
        sa.Column('employee_id', sa.Integer(), nullable=False),
        sa.Column('leave_type', sa.Enum('VACATION', 'SICK', 'PERSONAL', 'MATERNITY', 'PATERNITY', 'EMERGENCY', name='leavetype'), nullable=False),
        sa.Column('start_date', sa.Date(), nullable=False),
        sa.Column('end_date', sa.Date(), nullable=False),
        sa.Column('days_requested', sa.Integer(), nullable=False),
        sa.Column('reason', sa.Text(), nullable=True),
        sa.Column('status', sa.Enum('PENDING', 'APPROVED', 'REJECTED', 'CANCELLED', name='leavestatus'), nullable=True),
        sa.Column('approved_by', sa.Integer(), nullable=True),
        sa.Column('approved_at', sa.DateTime(timezone=True), nullable=True),
        sa.Column('comments', sa.Text(), nullable=True),
        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
        sa.ForeignKeyConstraint(['approved_by'], ['users.id'], ),
        sa.ForeignKeyConstraint(['employee_id'], ['employees.id'], ),
        sa.PrimaryKeyConstraint('id')
    )
    op.create_index(op.f('ix_leave_requests_id'), 'leave_requests', ['id'], unique=False)
    # Create payroll_records table
    op.create_table('payroll_records',
        sa.Column('id', sa.Integer(), nullable=False),
        sa.Column('employee_id', sa.Integer(), nullable=False),
        sa.Column('pay_period_start', sa.Date(), nullable=False),
        sa.Column('pay_period_end', sa.Date(), nullable=False),
        sa.Column('base_salary', sa.Numeric(precision=10, scale=2), nullable=False),
        sa.Column('overtime_hours', sa.Numeric(precision=5, scale=2), nullable=True),
        sa.Column('overtime_rate', sa.Numeric(precision=5, scale=2), nullable=True),
        sa.Column('bonus', sa.Numeric(precision=10, scale=2), nullable=True),
        sa.Column('deductions', sa.Numeric(precision=10, scale=2), nullable=True),
        sa.Column('gross_pay', sa.Numeric(precision=10, scale=2), nullable=False),
        sa.Column('tax_deductions', sa.Numeric(precision=10, scale=2), nullable=True),
        sa.Column('net_pay', sa.Numeric(precision=10, scale=2), nullable=False),
        sa.Column('status', sa.Enum('DRAFT', 'PROCESSED', 'PAID', name='payrollstatus'), nullable=True),
        sa.Column('processed_by', sa.Integer(), nullable=True),
        sa.Column('processed_at', sa.DateTime(timezone=True), nullable=True),
        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
        sa.ForeignKeyConstraint(['employee_id'], ['employees.id'], ),
        sa.ForeignKeyConstraint(['processed_by'], ['users.id'], ),
        sa.PrimaryKeyConstraint('id')
    )
    op.create_index(op.f('ix_payroll_records_id'), 'payroll_records', ['id'], unique=False)
    # Create attendance_records table
    op.create_table('attendance_records',
        sa.Column('id', sa.Integer(), nullable=False),
        sa.Column('employee_id', sa.Integer(), nullable=False),
        sa.Column('date', sa.Date(), nullable=False),
        sa.Column('clock_in', sa.Time(), nullable=True),
        sa.Column('clock_out', sa.Time(), nullable=True),
        sa.Column('hours_worked', sa.String(), nullable=True),
        sa.Column('status', sa.Enum('PRESENT', 'ABSENT', 'LATE', 'HALF_DAY', name='attendancestatus'), nullable=True),
        sa.Column('notes', sa.String(), nullable=True),
        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('(CURRENT_TIMESTAMP)'), nullable=True),
        sa.Column('updated_at', sa.DateTime(timezone=True), nullable=True),
        sa.ForeignKeyConstraint(['employee_id'], ['employees.id'], ),
        sa.PrimaryKeyConstraint('id')
    )
    op.create_index(op.f('ix_attendance_records_id'), 'attendance_records', ['id'], unique=False)
 def downgrade() -> None:
    op.drop_index(op.f('ix_attendance_records_id'), table_name='attendance_records')
    op.drop_table('attendance_records')
    op.drop_index(op.f('ix_payroll_records_id'), table_name='payroll_records')
    op.drop_table('payroll_records')
    op.drop_index(op.f('ix_leave_requests_id'), table_name='leave_requests')
    op.drop_table('leave_requests')
    op.drop_index(op.f('ix_employees_id'), table_name='employees')
    op.drop_index(op.f('ix_employees_employee_id'), table_name='employees')
    op.drop_table('employees')
    op.drop_index(op.f('ix_departments_name'), table_name='departments')
    op.drop_index(op.f('ix_departments_id'), table_name='departments')
    op.drop_table('departments')
    op.drop_index(op.f('ix_users_id'), table_name='users')
    op.drop_index(op.f('ix_users_email'), table_name='users')
    op.drop_table('users')
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,10 @@
 fastapi==0.104.1
 uvicorn[standard]==0.24.0
 sqlalchemy==2.0.23
 alembic==1.12.1
 python-jose[cryptography]==3.3.0
 passlib[bcrypt]==1.7.4
 python-multipart==0.0.6
 python-dotenv==1.0.0
 pydantic[email]==2.5.0
 ruff==0.1.6
		`@ -0,0 +1,3 @@`
							`from sqlalchemy.ext.declarative import declarative_base`

							`Base = declarative_base()`
		`@ -0,0 +1 @@`
							`from . import users as users, employees as employees, departments as departments, leaves as leaves, payroll as payroll, attendance as attendance`