FCCG Grants Portal — Film Centre of Montenegro grant submission platform
All Work
Government Web Application — 2026

FCCG
Grants Portal

View Live Portal
Client
Film Centre of Montenegro
Scope
Custom Grant Submission Portal · Role-Based Access · Security Audit
Stack
Laravel 11 · Filament v3 · MariaDB · Cloudflare
Status
Live · konkursi.fccg.me
The Brief

A national institution still running grants
through inboxes.

The Film Centre of Montenegro is the country's national institution for film funding, development and promotion. Every year FCCG opens a series of public grant calls — feature films, debut features, documentaries, animated films, shorts, films in production, and minority co-productions — where domestic and international production companies apply for co-financing.

Before this project, the entire process lived inside email threads and downloaded PDFs. Applicants received category-specific forms, filled them in manually, and sent submissions back as attachments — along with director's explications, producer's explications, budgets, financing plans, treatments, and supporting documents. The FCCG team then triaged dozens of inboxes, renamed files, built spreadsheets, and chased confirmations by hand every call cycle.

There was no submission record beyond an inbox, no audit trail of who reviewed what, no status visibility for applicants, and no structured way to filter, archive, or report on the data. For an institution handling sensitive government-level decisions, this wasn't just inefficient — it was a liability.

konkursi.fccg.me
FCCG Grants Portal homepage — active calls listed with category, deadline and application status
Portal Landing — Active Calls & Deadlines
konkursi.fccg.me/apliciranje/novi-konkurs
FCCG new grant application form — structured fields for director explication, budget and document uploads
Application Form — Structured Submission
Portal Walkthrough
The Solution

A structured, auditable system.
Built for government-level data.

We built a custom Laravel 11 application hosted independently on a dedicated subdomain — fully decoupled from FCCG's institutional site. Every decision in the architecture was driven by three requirements: structured data, provable security, and zero operational drag on the FCCG team once live.

Security Architecture

Every action logged. Every access accounted for.

The portal ships with a full security audit trail — every authentication event and every sensitive admin action is logged with timestamp, IP address, and user-agent context. Failed logins, account approvals and rejections, application status changes — all queryable from inside the Filament panel. Combined with email-based OTP two-factor authentication, rate-limited auth endpoints, enforced session timeouts, secure cookie flags, and a tightened header stack (HSTS, X-Frame-Options, Content-Security-Policy, Referrer-Policy, X-Content-Type-Options), the portal closes the most common attack surfaces on a public-facing system of this kind — and gives FCCG a defensible, auditable record of every decision made inside it.

Applicant Workflow

Seven steps. Zero
email attachments.

1
Register
Production company registers with legal details — company name, legal representative, address, tax ID and contact. Account is created in a pending state.
2
Account Approval
An FCCG administrator reviews the registration and approves or rejects it with a stated reason. The applicant is notified by email either way — no more waiting in the dark.
3
Dashboard — Active Calls
Approved applicants land on a clean dashboard listing every open call — with category, deadline, and a live countdown. One place, full picture.
4
Open the Application Form
Each grant category has its own dedicated form built directly from FCCG's official documentation — director's explication, producer's explication, budget, financing plan, treatment, production schedule, and supporting documents.
5
Upload Required Documents
Each required document slot accepts a PDF up to 10 MB, MIME-validated server-side. No zip files, no email attachments, no ambiguity about what was received.
6
Submit
Submission is stored in the database, a confirmation email goes to the applicant, and the FCCG inbox receives a structured summary with direct download links to every uploaded document.
7
Track Status
Applicants see every submission they've ever made — current status (Submitted · Under Review · Approved · Rejected) visible at a glance from their dashboard. No need to chase FCCG by email for updates.
What We Built
01
Role-Based Access Control
Three sharply separated roles — Applicants who register and submit, Administrators who manage calls and user accounts, and Commission reviewers who access submissions scoped to their assigned calls. No role can exceed its permissions, and every action is tied to a named account.
02
Category-Specific Grant Forms
Feature films, debut features, films in production, animated films, documentaries, short films, minority co-productions — each with its own form schema and document requirements, modeled directly from FCCG's official PDFs. No generic intake form doing everything poorly.
03
Filament v3 Admin Panel
The FCCG team manages calls, reviews applications, filters submissions by call, category, status, applicant or date, moves applications through their lifecycle, adds internal notes, logs decisions, and exports CSV reports — all from a single, purpose-built admin interface.
04
Email Notification System
Automated emails at every meaningful moment — new registration to FCCG admin, account approved or rejected to applicant, submission confirmed to applicant, and a full structured summary with document download links to the FCCG review inbox. The team is always one step ahead without lifting a finger.
05
2FA & Security Hardening
Email-based one-time-password (OTP) two-factor authentication across the platform. Rate-limited authentication and form endpoints protect against credential-stuffing, brute force, and automated submission spam. Session timeouts and secure cookie flags keep active sessions from being hijacked.
06
Full Security Audit Trail
Every login attempt, account decision, and application status change is permanently logged with timestamp, IP and user-agent. The audit log is queryable inside Filament, giving FCCG a clear, defensible record for every decision made inside the system — internally and externally verifiable.
Admin Panel
Filament v3 — grants, users and submissions managed from one place
konkursi.fccg.me/admin — Dashboard
FCCG admin dashboard — submissions overview, active calls and recent activity
Dashboard — Submissions & Active Calls
konkursi.fccg.me/admin — Applications
FCCG admin applications review — filterable submissions table with status and document access
Applications — Review & Status Management
konkursi.fccg.me/admin — Users
FCCG admin user management — applicant accounts with approval, rejection and suspension controls
User Management — Approvals & Access Control
Tech Stack

Secure by design.
Operated by one team.

Laravel 11 was the clear choice — a mature, battle-tested PHP framework with a strong security model, excellent file handling, and first-class support for role-based access. Filament v3 provides the admin panel out of the box with the flexibility to extend it into the exact workflow FCCG's team needed, without building a bespoke UI from scratch. The portal lives on a dedicated subdomain, fully isolated from FCCG's institutional site, with Cloudflare in front of it for DNS, DDoS protection, and an additional security layer.

Backend
Laravel 11 — routing, auth, file handling, queue, notifications
Admin Panel
Filament v3 — Livewire + Alpine.js, custom resources and pages
Database
MariaDB (MySQL-compatible) — structured submissions, audit log, user data
File Storage
Local Laravel disk — PDF-only, MIME-validated, 10 MB per file, admin downloadable
Authentication
Email OTP 2FA — Laravel native auth + custom OTP layer
Security
Rate limiting, HSTS, CSP, X-Frame-Options, session timeout, secure cookies
Hosting
Hostinger VPS — dedicated application server, isolated from institutional site
DNS / CDN
Cloudflare — DDoS protection, subdomain routing (konkursi.fccg.me)
Email
Laravel Mail — transactional notifications across all workflow events
Outcomes

Inboxes replaced.
Accountability built in.

Every application now has a database row, a defined lifecycle, and a permanent record. The security exposure of sensitive applicant material — budgets, scripts, legal documents — has been moved from standard email inboxes into a properly access-controlled system. The FCCG team no longer triages attachments or chases confirmations.

0
Manual email triage per call cycle — fully replaced by structured database submissions
8+
Grant categories live — each with its own dedicated form and document schema
3
Role layers — Applicants, Administrators, and Commission reviewers with scoped permissions
100%
Audit coverage — every auth event and admin action permanently logged and queryable

"I can't believe everything was completed in record time. Revisions were minimal, all testing was finished incredibly quickly, and the portal was live for our users in the shortest timeframe we could have hoped for. We are never changing Studio Piksel. This was a genuinely positive experience — for us and for our applicants."

Ivana Đurašković
CTO, Film Centre of Montenegro
Next Project

Still running on
inboxes?

If you're managing applications, calls, or any structured intake process through email and spreadsheets — there's a cleaner system underneath waiting to be built. Custom. Secure. Yours.

Start a Project View All Work