Team
Team owns staff invites, role editing, team member management, and the public team directory.
On this page
Where to look
| Area | Paths |
|---|---|
| Admin route | src/app/(dashboard)/admin/team/page.tsx |
| Public routes | src/app/(marketing)/team, src/app/(marketing)/team/[id] |
| Access server code | src/features/team/server/access/actions, queries, services, persistence, schemas |
| Public directory server code | src/features/team/server/public-directory |
| Access UI | src/features/team/ui/access |
| Public directory UI | src/features/team/ui/public-directory |
| Shared types | src/features/team/shared/access, src/features/team/shared/public-directory |
Code-backed team map
Access management
Admin team pages manage staff, invites, custom roles, permissions, and member status through feature-owned server actions.
src/app/(dashboard)/admin/team/page.tsxsrc/features/team/server/access/actions/staff-invites.tssrc/features/team/server/access/actions/custom-roles.tssrc/features/team/server/access/actions/team-members.ts
Role services and persistence
Custom role, permission, member, and invite services keep RBAC behavior separate from UI.
src/features/team/server/access/services/custom-role.tssrc/features/team/server/access/services/permissions.tssrc/features/team/server/access/persistence/custom-roles.tssrc/lib/auth/rbac/features.ts
Public directory
Public team pages use a separate directory domain with its own queries, actions, repository, schemas, and UI.
src/app/(marketing)/team/page.tsxsrc/app/(marketing)/team/[id]/page.tsxsrc/features/team/server/public-directory/queries.tssrc/features/team/server/public-directory/actions.tssrc/features/team/ui/public-directory/dashboard.tsx
Team access flow
- 1
Gate admin work
Team management runs behind admin access before invite, role, permission, or member actions execute.
src/app/(dashboard)/admin/team/page.tsxsrc/lib/auth/guards/route.ts
- 2
Validate action payloads
Invite and role schemas normalize user input before services apply business rules.
src/features/team/server/access/schemas/invite.tssrc/features/team/server/access/actions/permission-form.ts
- 3
Apply RBAC changes through services
Role and permission services write through persistence modules and keep navigation feature gates aligned.
src/features/team/server/access/services/custom-role.tssrc/features/team/server/access/services/permissions.tssrc/lib/auth/rbac/nav-config.ts
- 4
Keep public directory separate
Public team member content uses its own repository and does not grant staff access by itself.
src/features/team/server/public-directory/repository.tssrc/features/team/server/public-directory/actions.ts
Staff invite action
Source: src/features/team/server/access/actions/staff-invites.ts
Invite creation checks write access, validates the form, delegates to a service, and revalidates the admin team route.
export async function createStaffInvite(prevState: InviteState, formData: FormData): Promise<InviteState> {
const profile = await getActiveProfile();
const accessCheck = await assertTeamWriteAccess(profile);
if (!accessCheck.success) return { error: accessCheck.error };
const rawEmail = formData.get("email")?.toString().toLowerCase().trim();
const rawAssignedRole = formData.get("assignedRole")?.toString() || null;
const result = InviteSchema.safeParse({
email: rawEmail,
assignedRole: rawAssignedRole,
});
if (!result.success) {
return { error: result.error.errors[0].message };
}Team rules
- Use canonical default roles: super_admin and user.
- Check authorization before role edits, invite actions, and team member changes.
- Keep public directory content separate from staff access management.
- Audit important admin changes.