Custom (Portfolio)
Varta — HRM Personnel Management System
Full-featured HRM system for organizational personnel management
Full-featured HRM system for organizational personnel management
This project was developed for a government organization. All personal data shown in screenshots is fictitious and used solely to demonstrate the interface. Any resemblance to real persons is coincidental.
Full-featured HRM system (Human Resource Management) for a brigade-level military unit of the Armed Forces of Ukraine. The system fully replaced paper-based records and legacy solutions, providing real-time personnel tracking.
Full-cycle development — from DB architecture to production deployment. 11 Django apps, 12 frontend modules, ~80 API ViewSets.
Below are screenshots of the key system modules with test data. Actual personnel data is confidential and subject to non-disclosure.
Python 3.12, Django 6 + DRF, Django Channels, Uvicorn (ASGI), PostgreSQL 16, Redis
React 19, TypeScript (strict), Vite, Ant Design 5, TanStack React Query, React Flow, Recharts
Nginx (reverse proxy + static), systemd, Let's Encrypt SSL, WebSocket (Django Channels + Redis)
WhatsApp bot (Node.js), Google Sheets API (OAuth 2.0), DOCX document generation (python-docx)
Flexible unit tree of unlimited depth (django-mptt). Interactive org chart (React Flow + Dagre auto-layout). Positional model: "slots" (positions) exist independently of people — vacancies, staffing table, career history.
Employee card with fixed + dynamic fields (EAV constructor via UI). Multi-block status system with cascading rules. Full career history: assignments, transfers, promotions, temporary duties, deployments. Soft deletion — records are never deleted, only archived.
Employee × days matrix with virtual scrolling. Mapping: status combinations → timetable symbol (configurable via UI). Three data sources: auto-fill, absence panel, manual input. Audit log for every cell change.
~30 granular permissions, dynamic roles via UI. 3-level data isolation: Django ORM (.for_user()), Middleware checks every API response, PostgreSQL RLS (Row-Level Security) as the last line of defense.
DOCX templates with placeholders → auto-fill data from DB. Batch generation for multiple people. 6 document types: vacations, business trips, medical, position handover, etc.
Daily text report. Complex Excel export with formatting (openpyxl). Report builder (drag-and-drop). Google Sheets integration (OAuth 2.0, bidirectional sync). WhatsApp bot for mass messaging and automated notifications.
WebSocket via Django Channels + Redis. Virtual scrolling for 500+ element lists. Server-side pagination, filtering, sorting. Monthly partitioning for high-load tables. Code splitting (React.lazy + Suspense).
Online user monitoring. Server statistics (CPU, RAM, disk). Backup management (manual + automatic). System notifications, maintenance mode lockdown.
Headless architecture: Django serves exclusively as an API backend (no Django Admin, no templates). React SPA communicates via HTTPS and WebSocket. Three levels of data isolation guarantee that no user can access data outside their unit — even through raw SQL.
Custom QuerySet with .for_user() on every ViewSet
Checks every API response for data leaks, blocks and logs violations
Row-Level Security — even raw SQL cannot return data outside allowed units
Full development cycle: system architecture and DB schema, Backend (Django REST API, WebSocket, business logic, RBAC, RLS), Frontend (React SPA with 12 modules), DevOps (Nginx, systemd, SSL, production deployment), integrations (WhatsApp bot, Google Sheets API, document generation).
Backend: Python 3.12, Django 6, Django REST Framework, Django Channels (WebSocket), PostgreSQL 16, Redis. Frontend: React 19, TypeScript (strict mode), Vite, Ant Design, TanStack React Query, React Flow. Infrastructure: Nginx, Uvicorn (ASGI), systemd. Integrations: WhatsApp bot (Node.js), Google Sheets API, DOCX document generation.
Varta implements 3 levels of data isolation: 1) Django ORM with custom QuerySet manager (.for_user()) on every ViewSet, 2) Middleware that checks every API response for data leaks, 3) PostgreSQL Row-Level Security (RLS) on all unit-scoped tables. Additionally: CSRF protection, rate limiting, VPN-only access, HTTPS, CORS strict origins.
The project consists of ~93,000 lines of code across 452 files: Backend (Python/Django) — 167 files, Frontend (TypeScript/React) — 275 files. 17 functional modules, 80+ API ViewSets, 11 Django apps. Supports real-time WebSocket updates and concurrent multi-user access.
Yes, Artbrain specializes in custom HRM/ERP system development. We can build a tailored solution based on your organization's specific requirements — tailored to your specific business needs. Contact us to discuss your project.
