feat: team management pages

[harshtandiya]

• Invitation based team member addition
• Member Add / Delete flows
• Team Switcher
• Team Detail Editing

Summary by CodeRabbit

• New Features

  • Invite colleagues by email, accept invitations to join teams, and send/manage invitations from the team UI.
  • Manage team members: toggle edit permission, remove members, view owner status.
  • Editable team header to update team name and logo.
  • New Team Management page, member list, invite/remove dialogs, and Home + Dashboard layout reorganization.

• Bug Fixes / Improvements

  • Invitation hooks and flows refined; avoid creating default teams for invited users; team membership cache refreshes after changes.

• Tests

  • Integration tests covering invitation flows, member additions, permission toggles, and related behaviors.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: bbf984d8-b61c-4536-9cfc-e221b03772cc

📥 Commits

Reviewing files that changed from the base of the PR and between e950daa and 545486c.

📒 Files selected for processing (3)

• forms_pro/api/team.py
• frontend/src/components/team/TeamMemberList.vue
• frontend/src/stores/team.ts

---

📝 Walkthrough

Walkthrough

Adds email-based team invitations with invitation lifecycle hooks, member permission toggles, safe team field updates, and member removal. Extends FPTeam to include per-member metadata and revocation on removal. Adds backend API endpoints, frontend team management UI and store methods, integration tests, and routing/layout adjustments.

Changes

Cohort / File(s)	Summary
Team API & Permissions forms_pro/api/team.py	New endpoints: invite_team_members, add_member_to_team_via_invitation, toggle_can_edit_team, save, remove_member_from_team. Permission checks, validations, cache invalidation in get_team_members.
FP Team Doctype forms_pro/forms_pro/doctype/fp_team/fp_team.py	Augmented team member payload with can_edit_team and is_owner; skip Guests in add_to_team; added remove_from_team which prevents owner removal and revokes DocShare.
Invitation Hooks & Role Guard forms_pro/hooks.py, forms_pro/overrides/invitations.py, forms_pro/overrides/roles.py	Hook registration for User Invitation after_insert/after_accept; after_insert rewrites redirect to API-add route with invite_id/team_id; after_accept adds accepted user to team and sets current team; role-change handler skips default team creation for invited users.
Tests forms_pro/tests/test_invitations.py	Comprehensive integration tests covering invite permission checks, invitation creation and redirect rewriting, add-via-invite flows, after_accept behavior, and preventing default team creation for invited users.
Frontend Team UI frontend/src/components/team/... InviteMemberDialog.vue, ManageTeamHeader.vue, RemoveMemberDialog.vue, TeamMemberList.vue	New components for inviting by email, editing team name/logo, confirming removals, and listing members with permission toggles and owner display; wired to team store methods.
Team Page, Routing & Sidebar frontend/src/pages/team/ManageTeam.vue, frontend/src/pages/home/*, frontend/src/router.ts, frontend/src/pages/home/sidebarItems.ts	New Manage Team page; new Home/Dashboard split and nested routing; added sidebar items composition for Home routes.
Team Store & Client API Calls frontend/src/stores/team.ts	Extended TeamMember type with can_edit_team and is_owner; added methods toggleEditPermissionForMember, removeMemberFromTeam, and save that call new backend endpoints and refresh state with toasts.
Layout & Misc Frontend Changes frontend/src/layouts/BaseLayout.vue, frontend/src/components/team/TeamSwitcher.vue, frontend/src/pages/manage/ManageForm.vue, frontend/package.json	Wrapped main slot with container, removed fallback sidebarSections, added null-safety in TeamSwitcher, removed padding in ManageForm, bumped lucide-vue-next dependency.
Other	Import/grouping formatting and small refactors to support invitations and sharing imports.

Sequence Diagram(s)

sequenceDiagram
    participant User as User (Browser)
    participant InviteUI as Invite Dialog
    participant API as forms_pro Team API
    participant Frappe as Frappe (DB / Doc)
    participant Hook as Invitation Hook
    participant Email as Email Service

    User->>InviteUI: enter emails & send
    InviteUI->>API: POST invite_team_members(team_id, emails)
    API->>API: validate permissions
    API->>Frappe: create UserInvitation(s) with redirect containing team_id
    Frappe->>Hook: after_insert invoked
    Hook->>Frappe: rewrite redirect_to_path to include invite_id (API route)
    Frappe->>Email: send invitation emails
    Email-->>User: invitation link

    Note over User,Email: Invited user clicks link

    User->>API: GET add_member_to_team_via_invitation?invite_id=...
    API->>API: validate invitation accepted & user exists
    API->>Frappe: add user to FP Team (FPTeam.add_to_team)
    API->>Hook: after_accept invoked
    Hook->>Frappe: set current team for user, adjust redirect_to_path
    API-->>User: redirect to /forms

Loading

sequenceDiagram
    participant Manager as Team Manager UI
    participant Store as Team Store
    participant API as forms_pro Team API
    participant DB as Database / DocShare

    Manager->>Store: initialize() / load members
    Store->>API: GET get_team_members(team_id)
    API->>DB: fetch members + DocShare permissions
    DB-->>API: members with write/share flags
    API-->>Store: TeamMember[] (includes can_edit_team, is_owner)
    Store-->>Manager: render list

    Manager->>Store: toggleEditPermissionForMember(email)
    Store->>API: POST toggle_can_edit_team(team_id, email)
    API->>DB: update DocShare write flag
    DB-->>API: success
    API-->>Store: success
    Store->>API: refresh get_team_members
    Store-->>Manager: updated UI

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: teams v1 #5: Overlaps FPTeam implementation and team API endpoint changes; likely directly related.
• feat: team logos #40: Related to team logo handling and save semantics that overlap the new save endpoint and frontend logo/name edits.
• feat: manage form pages #8: Modifies FPTeam member metadata and API surfaces similar to the member retrieval and permission fields added here.

Poem

🐇 I nibbled keys and sent an invite,

Emails hop out into the night,
I flip a flag with a twitching nose,
Remove a friend where the clover grows,
Team blossoms bright — the rabbit bows.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 60.53% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: team management pages' accurately captures the primary scope of changes, which add new team management UI pages, invitation flows, and member management functionality.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/team-management

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 14

🧹 Nitpick comments (9)

frontend/src/layouts/BaseLayout.vue (1)

50-52: Potential redundant layout constraints with nested routes.

The new wrapper adds p-4 padding and max-w-screen-lg constraints to all slot content. However, ManageForm.vue (at frontend/src/pages/manage/ManageForm.vue:3-4) already applies its own max-w-screen-lg mx-auto container. This creates:

1. Redundant max-w-screen-lg (harmless but unnecessary)
2. Additional p-4 padding around ManageForm's content that may not be intended

Consider whether ManageForm needs to adjust its own container styling, or whether BaseLayout should conditionally apply these constraints.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/layouts/BaseLayout.vue` around lines 50 - 52, BaseLayout.vue
currently wraps all page slots with a div using "p-4 flex-1 max-w-screen-lg
mx-auto", which duplicates the container styling and adds unwanted padding for
pages like ManageForm.vue that already define "max-w-screen-lg mx-auto"; update
BaseLayout.vue to avoid forcing both max-width and padding onto all children —
either remove "max-w-screen-lg mx-auto" from the wrapper and keep only
page-agnostic spacing (e.g., "flex-1") or make the wrapper conditional (e.g.,
add a prop or use a class binding like hasContainer) so pages such as
ManageForm.vue can opt out and avoid redundant max-width and p-4 padding while
preserving layout for other pages.

frontend/src/components/team/RemoveMemberDialog.vue (1)

10-13: Consider awaiting async operation before closing dialog.

If removeMemberFromTeam is async, the dialog closes immediately without confirming success. Consider awaiting the call and handling potential errors to provide user feedback.

♻️ Suggested improvement

-function removeMember() {
-    teamStore.removeMemberFromTeam(memberEmail.value.email);
-    open.value = false;
+async function removeMember() {
+    try {
+        await teamStore.removeMemberFromTeam(memberEmail.value.email);
+        open.value = false;
+    } catch (error) {
+        // Handle error - show toast notification
+    }
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/components/team/RemoveMemberDialog.vue` around lines 10 - 13,
The removeMember function currently calls
teamStore.removeMemberFromTeam(memberEmail.value.email) and immediately closes
the dialog (open.value = false); if removeMemberFromTeam is async, await it and
only close the dialog after success, handling errors to show feedback. Update
removeMember to be async, await
teamStore.removeMemberFromTeam(memberEmail.value.email), set open.value = false
on success, and handle/rethrow errors (e.g., set an error state or show a
notification) so failures don’t silently close the dialog; also consider
disabling the dialog controls or using a loading flag while the call is in
flight.

frontend/src/pages/home/Home.vue (1)

5-6: Redundant userStore.initialize() call.

App.vue already calls userStore.initialize() at the top level (see frontend/src/App.vue:6-7), which executes for all routes. This duplicate call in Home.vue is unnecessary and triggers redundant API requests since initialize() doesn't guard against multiple invocations.

♻️ Remove redundant initialization

 <script setup lang="ts">
 import BaseLayout from "@/layouts/BaseLayout.vue";
-import { useUser } from "@/stores/user";
 import { useSidebarItems } from "./sidebarItems";
-const userStore = useUser();
-userStore.initialize();

 const sidebarItems = useSidebarItems();
 </script>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/pages/home/Home.vue` around lines 5 - 6, The Home.vue component
calls userStore.initialize() redundantly; since App.vue already invokes
useUser().initialize() globally, remove the duplicate call in Home.vue (the
lines referencing useUser and initialize) to prevent repeated API requests;
simply rely on the existing initialization in App.vue and delete the
userStore.initialize() invocation (keep any local useUser() usage only if you
still need the store reference without re-initializing).

forms_pro/forms_pro/doctype/fp_team/fp_team.py (1)

54-56: Handle case when DocShare doesn't exist.

If get_share_name returns None (no share exists), frappe.db.get_value("DocShare", None, "write") will return None. While this is safe (evaluates to falsy for can_edit_team), it's inconsistent with the defensive pattern used in forms_pro/api/team.py:169-171 which explicitly checks for None.

♻️ Suggested defensive check

             share_name = get_share_name(doctype="FP Team", name=self.name, user=member.user, everyone=0)
-            _user["can_edit_team"] = frappe.db.get_value("DocShare", share_name, "write")
+            _user["can_edit_team"] = bool(share_name and frappe.db.get_value("DocShare", share_name, "write"))
             _user["is_owner"] = self.owner == member.user

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/forms_pro/doctype/fp_team/fp_team.py` around lines 54 - 56, The
current code calls frappe.db.get_value("DocShare", share_name, "write") without
checking whether share_name (from get_share_name(doctype="FP Team",
name=self.name, user=member.user, everyone=0)) is None; update the block in the
FP Team code so you first check if share_name is truthy and only then call
frappe.db.get_value to set _user["can_edit_team"], otherwise set
_user["can_edit_team"] = False; keep the existing _user["is_owner"] = self.owner
== member.user assignment unchanged.

frontend/src/components/team/TeamSwitcher.vue (1)

59-64: Inconsistent null-safety patterns within the guarded block.

Line 59 uses optional chaining (?.) while line 64 uses non-null assertion (!). Both are safe since they're inside the v-if="userStore.currentTeam" guard, but the inconsistency reduces readability. Consider using either pattern consistently.

♻️ Suggested fix for consistency

                 <TeamLogo
                     v-if="isSidebarCollapsed"
-                    :team-name="userStore.currentTeam?.team_name"
+                    :team-name="userStore.currentTeam!.team_name"
                     :logo-url="userStore.currentTeam?.logo ?? null"
                 />

Or use optional chaining on line 64 as well:

                     <TeamSwitcherItem
-                        :label="userStore.currentTeam!.team_name"
+                        :label="userStore.currentTeam?.team_name ?? ''"
                         :logo-url="userStore.currentTeam?.logo ?? null"
                     />

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/components/team/TeamSwitcher.vue` around lines 59 - 64, The code
mixes optional chaining and non-null assertion for the same guarded
value—userStore.currentTeam—inside the v-if block (used in TeamSwitcherItem
props like :team-name/:logo-url and :label). Make the null-safety style
consistent: update the TeamSwitcherItem prop that uses userStore.currentTeam!
(the :label prop) to use optional chaining (userStore.currentTeam?.team_name) so
all accesses inside the v-if guard use the same pattern and improve readability.

forms_pro/overrides/invitations.py (1)

44-46: Exact role list comparison may be overly restrictive.

The check role_names != ["Forms Pro User"] will skip processing if the invitation has additional roles beyond "Forms Pro User". If this is intentional (only single-role invitations should be processed), consider adding a comment explaining the design decision.

💡 Alternative: Check if role is included instead of exact match

If invitations with additional roles should also be processed:

-    if role_names != ["Forms Pro User"]:
+    if "Forms Pro User" not in role_names:
         return

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/overrides/invitations.py` around lines 44 - 46, The current exact
equality check using role_names and ["Forms Pro User"] is too strict and will
skip invites that include "Forms Pro User" plus other roles; update the logic in
the invitations handling (where role_names is derived from doc.roles) to either
check membership (ensure "Forms Pro User" is in role_names) if multi-role
invites should be processed, or add a clear explanatory comment next to the
existing check to document that only single-role invitations are intended to be
handled; modify the condition around role_names (and adjust any early return)
accordingly so behavior matches the intended design.

forms_pro/api/team.py (1)

8-14: Consolidate duplicate import blocks.

The imports from forms_pro.utils.teams are split across two blocks. Merge them for cleaner code.

♻️ Proposed fix

 from forms_pro.forms_pro.doctype.fp_team.fp_team import FPTeam, GetTeamMembersResponse
-from forms_pro.utils.teams import (
-    GetTeamFormsResponseSchema,
-    set_current_team,
-)
-from forms_pro.utils.teams import (
-    get_team_forms as get_team_forms_utils,
-)
+from forms_pro.utils.teams import (
+    GetTeamFormsResponseSchema,
+    get_team_forms as get_team_forms_utils,
+    set_current_team,
+)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/api/team.py` around lines 8 - 14, The two separate import blocks
from forms_pro.utils.teams should be merged into a single import statement:
replace the two imports that reference GetTeamFormsResponseSchema,
set_current_team and get_team_forms (aliased as get_team_forms_utils) with one
consolidated import line that imports GetTeamFormsResponseSchema,
set_current_team, and get_team_forms as get_team_forms_utils together to remove
duplication and tidy the top of the module.

frontend/src/stores/team.ts (2)

79-98: async keyword is misleading since the function doesn't await or return a Promise.

The save function is declared async but calls createResource(...).submit() without awaiting. The function effectively returns void immediately while the request executes in the background. Either remove async to match the actual behavior, or properly await the submission if callers need to know when the save completes.

♻️ Option 1: Remove async (match current behavior)

-  async function save(fields: { team_name?: string; logo?: string }) {
+  function save(fields: { team_name?: string; logo?: string }) {
     createResource({

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/stores/team.ts` around lines 79 - 98, The save function is
marked async but doesn't await or return the createResource(...).submit()
Promise, so either remove the async keyword from save to reflect the
fire-and-forget behavior, or make save return/await the submission by returning
the Promise from createResource(...).submit() (and keep async if you await) so
callers can await completion; update the save declaration and ensure
createResource(...).submit() is returned/awaited accordingly (refer to the save
function and the createResource(...).submit() call).

---

68-70: Inconsistent use of reload() vs fetch() for refreshing team members.

removeMemberFromTeam uses teamMembersResource.reload() (line 69) while toggleEditPermissionForMember and save use teamMembersResource.fetch() (lines 48, 91). For consistency and predictability, use the same method throughout.

♻️ Proposed fix for consistency

       onSuccess() {
-        teamMembersResource.reload();
+        teamMembersResource.fetch();
         toast.success("Member removed from team");
       },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/stores/team.ts` around lines 68 - 70, The onSuccess handler in
removeMemberFromTeam currently calls teamMembersResource.reload(), which is
inconsistent with toggleEditPermissionForMember and save that call
teamMembersResource.fetch(); update removeMemberFromTeam's onSuccess to call
teamMembersResource.fetch() instead of reload() so all refreshes use the same
method (ensure any returned promise handling remains the same).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@forms_pro/api/team.py`:
- Around line 204-219: Prevent accidental removal of a team owner by adding an
ownership guard: in the API function remove_member_from_team and/or the
FPTeam.remove_from_team method, detect if the target member_email corresponds to
a member with is_owner (or equivalent owner flag) on the FPTeam and if so raise
a permission/validation error instead of removing them; update
remove_member_from_team to check team.get("members") or call a new
FPTeam.is_owner(member_email) helper before invoking team.remove_from_team, and
add the same owner-check inside FPTeam.remove_from_team to enforce safety at the
model level.
- Around line 153-178: The toggle_can_edit_team function currently flips a
member's write/share on the DocShare even if that member is the team owner;
fetch the FP Team doc (frappe.get_doc("FP Team", team_id)) and check its owner
field, and if team.owner == member_email then prevent the toggle by raising a
frappe.PermissionError (or return a clear error) before calling
get_share_name/frappe.get_doc("DocShare", ...); ensure this check occurs after
the initial permission check and before mutating the DocShare so the owner
always retains full permissions.
- Around line 118-150: add_member_to_team_via_invitation can raise
DuplicateEntryError if the after_accept hook already added the user; update this
function to guard or handle that race by either checking membership before
calling team.add_to_team (use FPTeam methods/fields to see if invite.email is
already in team) or wrap team.add_to_team(invite.email) in a try/except that
catches DuplicateEntryError and treats it as success, then continue with
team.save(ignore_permissions=True) and set_current_team; reference
add_member_to_team_via_invitation, team.add_to_team, DuplicateEntryError and
FPTeam when making the change.

In `@forms_pro/forms_pro/doctype/fp_team/fp_team.py`:
- Around line 105-120: Add a guard to prevent removing the team owner: in the
doctype method remove_from_team check whether the passed user equals the team
document owner (self.owner or the owner field on the FP Team doc) and raise a
validation/permission error instead of removing them; mirror the same check in
the API function remove_member_from_team (validate the user against the
team.owner before calling remove_from_team) and return an appropriate
HTTP/validation error (e.g., raise a ValidationError or return 400) so owner
removal is blocked at both the model and API layers.

In `@forms_pro/tests/test_invitations.py`:
- Around line 85-100: The _make_accepted_invitation function declares an unused
team_id parameter; remove team_id from the function signature and all call sites
so the method only accepts (invitee_email, owner), or alternatively (if team
handling is required) set "redirect_to_path" using the provided team_id (e.g.,
f"/forms?team={team_id}") inside _make_accepted_invitation; pick one approach
and update the function signature and every call to _make_accepted_invitation
accordingly to keep caller/callee signatures consistent.

In `@frontend/src/components/team/InviteMemberDialog.vue`:
- Around line 49-51: The params object construction uses team.currentTeam
without guarding for null, so ensure the submit/action handler in
InviteMemberDialog.vue (the place building params with team_id:
team.currentTeam?.name and emails: inviteEmails.value) checks that
team.currentTeam is non-null before calling the API: if null, return early or
surface a user-facing error/validation and disable the submit flow; only build
params and proceed with the request when team.currentTeam exists (or provide a
fallback identifier) to avoid sending undefined team_id.
- Around line 44-64: sendInvitationEmails currently only creates the useCall
resource but never executes it, so the API is never invoked; update
sendInvitationEmails to trigger the request after creating the resource (e.g.
call the returned resource's .submit() or .fetch() method) or pass immediate:
true to useCall if supported, ensuring the call uses the same options (baseUrl,
url, method, params with team.currentTeam?.name and inviteEmails.value) and that
onSuccess/onError handlers remain unchanged.

In `@frontend/src/components/team/ManageTeamHeader.vue`:
- Around line 32-36: The Upload/Change Button currently has no click handler or
upload flow; wire it to a hidden file input and implement an upload sequence
that reads the selected file, uploads it to your storage service, obtains the
resulting file URL, and then calls teamStore.save({ logo: fileUrl }) to persist
it; specifically, add a ref'd <input type="file"> triggered by Button's click,
implement an onFileSelected handler to upload the file (or call existing upload
utility), await the returned URL, call teamStore.save({ logo: fileUrl }) and
handle success/failure (show loading state and error feedback) while keeping the
Button label logic that uses teamStore.currentTeam?.logo.
- Around line 27-31: The code uses a non-null assertion on
teamStore.currentTeam.team_name which can throw if currentTeam is null; change
the usage in the TeamLogo props to safely handle a missing team by replacing the
non-null assertion with optional chaining and a fallback (e.g., use
teamStore.currentTeam?.team_name ?? '' for the team-name prop) and similarly
ensure logo uses teamStore.currentTeam?.logo ?? null so both props are safe when
teamStore.currentTeam is null; update references to TeamLogo,
teamStore.currentTeam, team_name, and logo accordingly.

In `@frontend/src/components/team/RemoveMemberDialog.vue`:
- Around line 34-36: The onClick handler in RemoveMemberDialog.vue is
reassigning the ref variable (open = false) instead of updating its value;
change the handler to set open.value = false so the dialog actually closes
(match the usage on line 12), and scan other click handlers in this component to
ensure any ref assignments use .value (e.g., the onClick callback that currently
uses open = false).

In `@frontend/src/components/team/TeamMemberList.vue`:
- Around line 39-42: The template currently passes memberToRemove with a wrong
type assertion and a misleading prop name; update the binding to use a clear
prop name and remove the unsafe assertion: change the component usage to bind
the full object (e.g. v-model:member="memberToRemove") instead of
v-model:member-email="memberToRemove as TeamMember" and keep
v-model="openRemoveMemberDialog". Then update RemoveMemberDialog's prop
definition (prop name: member) to accept TeamMember | null (or make it optional
and not required) and handle null checks inside the component before accessing
properties like full_name so opening the dialog with a null value is safe.

In `@frontend/src/pages/home/Dashboard.vue`:
- Around line 101-113: Wrap the async call in handleCreateDraftFormWithDoctype
with a try-catch to surface API failures from createNewFormWithDoctype; in the
try block await createNewFormWithDoctype(...) and keep the existing router.push
to "Edit Form" using data.form_document, and in the catch call toast.error with
the actual error message. Also fix the typo and broaden the pre-check error
message: when !selectedDoctype.value || !user.currentTeam?.name, change
toast.error to a clear sentence (e.g., "Error occurred while creating form.
Ensure a DocType is selected and a team is available.") so it references both
DocType and currentTeam. Ensure you reference the existing symbols
handleCreateDraftFormWithDoctype, selectedDoctype.value, user.currentTeam?.name,
createNewFormWithDoctype, toast.error, and router.push.
- Around line 115-127: handleCreateDraftForm currently lacks error handling and
has a typo in the toast message; wrap the body of handleCreateDraftForm in a
try-catch, correct the message from "Error occured..." to "Error occurred...",
await createNewForm(user.currentTeam.name) inside the try, validate that the
returned data has data.form_document before calling router.push (otherwise show
a toast.error with the caught error or a useful fallback message), and log or
include the caught error details in the toast to aid debugging; reference
handleCreateDraftForm, createNewForm, router.push and toast.error when applying
these changes.

In `@frontend/src/stores/team.ts`:
- Line 4: The import statement currently pulls in an unused symbol `call` from
"frappe-ui" which causes a TypeScript build error; edit the import in this
module (the line importing useCall, createResource, call) to remove `call` so it
only imports the used symbols (`useCall` and `createResource`), then run the
type check/build to confirm the unused-import error is resolved.

---

Nitpick comments:
In `@forms_pro/api/team.py`:
- Around line 8-14: The two separate import blocks from forms_pro.utils.teams
should be merged into a single import statement: replace the two imports that
reference GetTeamFormsResponseSchema, set_current_team and get_team_forms
(aliased as get_team_forms_utils) with one consolidated import line that imports
GetTeamFormsResponseSchema, set_current_team, and get_team_forms as
get_team_forms_utils together to remove duplication and tidy the top of the
module.

In `@forms_pro/forms_pro/doctype/fp_team/fp_team.py`:
- Around line 54-56: The current code calls frappe.db.get_value("DocShare",
share_name, "write") without checking whether share_name (from
get_share_name(doctype="FP Team", name=self.name, user=member.user, everyone=0))
is None; update the block in the FP Team code so you first check if share_name
is truthy and only then call frappe.db.get_value to set _user["can_edit_team"],
otherwise set _user["can_edit_team"] = False; keep the existing
_user["is_owner"] = self.owner == member.user assignment unchanged.

In `@forms_pro/overrides/invitations.py`:
- Around line 44-46: The current exact equality check using role_names and
["Forms Pro User"] is too strict and will skip invites that include "Forms Pro
User" plus other roles; update the logic in the invitations handling (where
role_names is derived from doc.roles) to either check membership (ensure "Forms
Pro User" is in role_names) if multi-role invites should be processed, or add a
clear explanatory comment next to the existing check to document that only
single-role invitations are intended to be handled; modify the condition around
role_names (and adjust any early return) accordingly so behavior matches the
intended design.

In `@frontend/src/components/team/RemoveMemberDialog.vue`:
- Around line 10-13: The removeMember function currently calls
teamStore.removeMemberFromTeam(memberEmail.value.email) and immediately closes
the dialog (open.value = false); if removeMemberFromTeam is async, await it and
only close the dialog after success, handling errors to show feedback. Update
removeMember to be async, await
teamStore.removeMemberFromTeam(memberEmail.value.email), set open.value = false
on success, and handle/rethrow errors (e.g., set an error state or show a
notification) so failures don’t silently close the dialog; also consider
disabling the dialog controls or using a loading flag while the call is in
flight.

In `@frontend/src/components/team/TeamSwitcher.vue`:
- Around line 59-64: The code mixes optional chaining and non-null assertion for
the same guarded value—userStore.currentTeam—inside the v-if block (used in
TeamSwitcherItem props like :team-name/:logo-url and :label). Make the
null-safety style consistent: update the TeamSwitcherItem prop that uses
userStore.currentTeam! (the :label prop) to use optional chaining
(userStore.currentTeam?.team_name) so all accesses inside the v-if guard use the
same pattern and improve readability.

In `@frontend/src/layouts/BaseLayout.vue`:
- Around line 50-52: BaseLayout.vue currently wraps all page slots with a div
using "p-4 flex-1 max-w-screen-lg mx-auto", which duplicates the container
styling and adds unwanted padding for pages like ManageForm.vue that already
define "max-w-screen-lg mx-auto"; update BaseLayout.vue to avoid forcing both
max-width and padding onto all children — either remove "max-w-screen-lg
mx-auto" from the wrapper and keep only page-agnostic spacing (e.g., "flex-1")
or make the wrapper conditional (e.g., add a prop or use a class binding like
hasContainer) so pages such as ManageForm.vue can opt out and avoid redundant
max-width and p-4 padding while preserving layout for other pages.

In `@frontend/src/pages/home/Home.vue`:
- Around line 5-6: The Home.vue component calls userStore.initialize()
redundantly; since App.vue already invokes useUser().initialize() globally,
remove the duplicate call in Home.vue (the lines referencing useUser and
initialize) to prevent repeated API requests; simply rely on the existing
initialization in App.vue and delete the userStore.initialize() invocation (keep
any local useUser() usage only if you still need the store reference without
re-initializing).

In `@frontend/src/stores/team.ts`:
- Around line 79-98: The save function is marked async but doesn't await or
return the createResource(...).submit() Promise, so either remove the async
keyword from save to reflect the fire-and-forget behavior, or make save
return/await the submission by returning the Promise from
createResource(...).submit() (and keep async if you await) so callers can await
completion; update the save declaration and ensure createResource(...).submit()
is returned/awaited accordingly (refer to the save function and the
createResource(...).submit() call).
- Around line 68-70: The onSuccess handler in removeMemberFromTeam currently
calls teamMembersResource.reload(), which is inconsistent with
toggleEditPermissionForMember and save that call teamMembersResource.fetch();
update removeMemberFromTeam's onSuccess to call teamMembersResource.fetch()
instead of reload() so all refreshes use the same method (ensure any returned
promise handling remains the same).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a90b8d64-e06b-4520-bec5-5a5f21162a29

📥 Commits

Reviewing files that changed from the base of the PR and between 717294b and d297206.

⛔ Files ignored due to path filters (1)

• frontend/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (21)

• forms_pro/api/team.py
• forms_pro/forms_pro/doctype/fp_team/fp_team.py
• forms_pro/hooks.py
• forms_pro/overrides/invitations.py
• forms_pro/overrides/roles.py
• forms_pro/tests/test_invitations.py
• frontend/package.json
• frontend/src/components/team/InviteMemberDialog.vue
• frontend/src/components/team/ManageTeamHeader.vue
• frontend/src/components/team/RemoveMemberDialog.vue
• frontend/src/components/team/TeamMemberList.vue
• frontend/src/components/team/TeamSwitcher.vue
• frontend/src/layouts/BaseLayout.vue
• frontend/src/pages/Dashboard.vue
• frontend/src/pages/home/Dashboard.vue
• frontend/src/pages/home/Home.vue
• frontend/src/pages/home/sidebarItems.ts
• frontend/src/pages/manage/ManageForm.vue
• frontend/src/pages/team/ManageTeam.vue
• frontend/src/router.ts
• frontend/src/stores/team.ts

💤 Files with no reviewable changes (1)

• frontend/src/pages/Dashboard.vue

[coderabbitai]

⚠️ Potential issue | 🟠 Major

No guard prevents removing the team owner.

The remove_from_team method (per fp_team.py:105-120) has no owner check. A member with write permission could remove the team owner, leaving the team in an inconsistent state where is_owner checks would fail for all remaining members.

Add a guard to prevent owner removal:

🛡️ Proposed fix

 `@frappe.whitelist`(methods=["POST"])
 def remove_member_from_team(team_id: str, member_email: str) -> None:
     """
     Remove a member from a team
     """

     if not frappe.has_permission(
         doctype="FP Team",
         ptype="write",
         doc=team_id,
         user=frappe.session.user,
     ):
         raise frappe.PermissionError("You do not have permission to remove a member from this team")

     team: FPTeam = frappe.get_doc("FP Team", team_id)
+    if team.owner == member_email:
+        raise frappe.PermissionError("Cannot remove the team owner")
     team.remove_from_team(member_email)

🧰 Tools

🪛 Ruff (0.15.4)

[warning] 216-216: Avoid specifying long messages outside the exception class

(TRY003)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/api/team.py` around lines 204 - 219, Prevent accidental removal of
a team owner by adding an ownership guard: in the API function
remove_member_from_team and/or the FPTeam.remove_from_team method, detect if the
target member_email corresponds to a member with is_owner (or equivalent owner
flag) on the FPTeam and if so raise a permission/validation error instead of
removing them; update remove_member_from_team to check team.get("members") or
call a new FPTeam.is_owner(member_email) helper before invoking
team.remove_from_team, and add the same owner-check inside
FPTeam.remove_from_team to enforce safety at the model level.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Missing guard to prevent owner removal.

The remove_from_team method doesn't prevent removing the team owner. This could orphan the team with no valid owner, breaking ownership-based permission checks. The API endpoint remove_member_from_team (at forms_pro/api/team.py:204-219) also lacks this validation.

🛡️ Proposed fix

     def remove_from_team(self, user: str) -> None:
         """
         Remove a user from the team

         Args:
             user: The user email address
         """
+        if user == self.owner:
+            frappe.throw(
+                frappe._("Cannot remove the team owner"),
+                frappe.ValidationError,
+            )

         self.users = [member for member in self.users if member.user != user]
         self.save()

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def remove_from_team(self, user: str) -> None:
	"""
	Remove a user from the team
	Args:
	user: The user email address
	"""
	self.users = [member for member in self.users if member.user != user]
	self.save()
	remove_docshare(
	doctype="FP Team",
	name=self.name,
	user=user,
	flags={"ignore_permissions": True},
	)
	def remove_from_team(self, user: str) -> None:
	"""
	Remove a user from the team
	Args:
	user: The user email address
	"""
	if user == self.owner:
	frappe.throw(
	frappe._("Cannot remove the team owner"),
	frappe.ValidationError,
	)
	self.users = [member for member in self.users if member.user != user]
	self.save()
	remove_docshare(
	doctype="FP Team",
	name=self.name,
	user=user,
	flags={"ignore_permissions": True},
	)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/forms_pro/doctype/fp_team/fp_team.py` around lines 105 - 120, Add a
guard to prevent removing the team owner: in the doctype method remove_from_team
check whether the passed user equals the team document owner (self.owner or the
owner field on the FP Team doc) and raise a validation/permission error instead
of removing them; mirror the same check in the API function
remove_member_from_team (validate the user against the team.owner before calling
remove_from_team) and return an appropriate HTTP/validation error (e.g., raise a
ValidationError or return 400) so owner removal is blocked at both the model and
API layers.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing error handling and typo in error message.

1. The async call to createNewFormWithDoctype lacks try-catch. If the API call fails, the error won't be displayed to the user.
2. Typo: "occured" → "occurred".
3. The error message only mentions DocType but the guard also checks for currentTeam.

🐛 Suggested fix with error handling

 const handleCreateDraftFormWithDoctype = async () => {
     if (!selectedDoctype.value || !user.currentTeam?.name) {
-        toast.error("Error occured while creating form. Check DocType Selected.");
+        toast.error("Error occurred while creating form. Please ensure a DocType is selected and a team exists.");
         return;
     }
-    const data = await createNewFormWithDoctype(selectedDoctype.value, user.currentTeam.name);
-    router.push({
-        name: "Edit Form",
-        params: {
-            id: data.form_document,
-        },
-    });
+    try {
+        const data = await createNewFormWithDoctype(selectedDoctype.value, user.currentTeam.name);
+        router.push({
+            name: "Edit Form",
+            params: {
+                id: data.form_document,
+            },
+        });
+    } catch (error) {
+        toast.error("Failed to create form", {
+            description: error instanceof Error ? error.message : "Unknown error",
+        });
+    }
 };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/pages/home/Dashboard.vue` around lines 101 - 113, Wrap the async
call in handleCreateDraftFormWithDoctype with a try-catch to surface API
failures from createNewFormWithDoctype; in the try block await
createNewFormWithDoctype(...) and keep the existing router.push to "Edit Form"
using data.form_document, and in the catch call toast.error with the actual
error message. Also fix the typo and broaden the pre-check error message: when
!selectedDoctype.value || !user.currentTeam?.name, change toast.error to a clear
sentence (e.g., "Error occurred while creating form. Ensure a DocType is
selected and a team is available.") so it references both DocType and
currentTeam. Ensure you reference the existing symbols
handleCreateDraftFormWithDoctype, selectedDoctype.value, user.currentTeam?.name,
createNewFormWithDoctype, toast.error, and router.push.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing error handling and typo in error message.

Same issues as handleCreateDraftFormWithDoctype: no try-catch and typo "occured".

🐛 Suggested fix with error handling

 const handleCreateDraftForm = async () => {
     if (!user.currentTeam?.name) {
-        toast.error("Error occured while creating form. User has no default team.");
+        toast.error("Error occurred while creating form. User has no default team.");
         return;
     }
-    const data = await createNewForm(user.currentTeam.name);
-    router.push({
-        name: "Edit Form",
-        params: {
-            id: data.form_document,
-        },
-    });
+    try {
+        const data = await createNewForm(user.currentTeam.name);
+        router.push({
+            name: "Edit Form",
+            params: {
+                id: data.form_document,
+            },
+        });
+    } catch (error) {
+        toast.error("Failed to create form", {
+            description: error instanceof Error ? error.message : "Unknown error",
+        });
+    }
 };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const handleCreateDraftForm = async () => {
	if (!user.currentTeam?.name) {
	toast.error("Error occured while creating form. User has no default team.");
	return;
	}
	const data = await createNewForm(user.currentTeam.name);
	router.push({
	name: "Edit Form",
	params: {
	id: data.form_document,
	},
	});
	};
	const handleCreateDraftForm = async () => {
	if (!user.currentTeam?.name) {
	toast.error("Error occurred while creating form. User has no default team.");
	return;
	}
	try {
	const data = await createNewForm(user.currentTeam.name);
	router.push({
	name: "Edit Form",
	params: {
	id: data.form_document,
	},
	});
	} catch (error) {
	toast.error("Failed to create form", {
	description: error instanceof Error ? error.message : "Unknown error",
	});
	}
	};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/pages/home/Dashboard.vue` around lines 115 - 127,
handleCreateDraftForm currently lacks error handling and has a typo in the toast
message; wrap the body of handleCreateDraftForm in a try-catch, correct the
message from "Error occured..." to "Error occurred...", await
createNewForm(user.currentTeam.name) inside the try, validate that the returned
data has data.form_document before calling router.push (otherwise show a
toast.error with the caught error or a useful fallback message), and log or
include the caught error details in the toast to aid debugging; reference
handleCreateDraftForm, createNewForm, router.push and toast.error when applying
these changes.

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

forms_pro/api/team.py (1)

146-150: ⚠️ Potential issue | 🟠 Major

Make invitation completion idempotent.

after_accept can already add the invitee to the team. In that case this endpoint throws DuplicateEntryError instead of treating the second execution as success, so the redirect flow can fail on a harmless replay.

Suggested fix

-    if team.is_team_member(invite.email):
-        raise frappe.DuplicateEntryError("User is already a member of the team")
-
-    team.add_to_team(invite.email)
-    team.save(ignore_permissions=True)
+    if not team.is_team_member(invite.email):
+        team.add_to_team(invite.email)
+        team.save(ignore_permissions=True)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/api/team.py` around lines 146 - 150, The endpoint should be
idempotent: if team.is_team_member(invite.email) returns true, do not raise
frappe.DuplicateEntryError but treat the request as successful (skip adding and
proceed), because after_accept may have already added the user; update the logic
around team.is_team_member, team.add_to_team, and team.save so existing members
are a no-op and the flow continues normally (e.g., skip add_to_team when
is_team_member is true or catch and ignore duplicate-entry errors from
add_to_team), ensuring the endpoint returns success instead of raising.

🧹 Nitpick comments (1)

forms_pro/tests/test_invitations.py (1)

232-245: Add regression coverage for the invitation replay paths.

The happy-path test doesn't cover the two risky branches in add_member_to_team_via_invitation: reusing an accepted invite after the user is already on the team, and calling the endpoint with a different team_id than the one originally embedded in the invitation. A negative test for each would lock down the intended idempotency and authorization behavior.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/tests/test_invitations.py` around lines 232 - 245, Add two tests to
cover the invitation replay branches for add_member_to_team_via_invitation: (1)
create an accepted invitation via _make_accepted_invitation, call
add_member_to_team_via_invitation once to add the user, then call it again with
the same invite_id and assert the user is not duplicated in the "FP Team" users
list and that frappe.local.response still indicates a redirect to "/forms"; (2)
create an accepted invitation embedding a specific team_id, then call
add_member_to_team_via_invitation with a different team_id and assert the call
is rejected (e.g., raises the same exception the endpoint uses or sets an error
response) to lock down authorization; use existing helpers (_create_user,
_create_team, inv_doc.name) and inspect frappe.get_doc("FP Team", team_id) and
frappe.local.response for assertions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@forms_pro/api/team.py`:
- Around line 124-150: The endpoint currently trusts the caller-supplied team_id
and never verifies it against the invitation; fetch the team id from the
accepted invitation (use the invitation field that encodes the target team,
e.g., invite.team or invite.reference_docname) and either reject if the
caller-supplied team_id mismatches or ignore the caller value and use invite's
team id for all subsequent operations (permission check using invite.invited_by,
team lookup via FPTeam using the invite-derived id, and final
team.add_to_team(invite.email)); if the invitation has no team field, add and
validate one on the User Invitation model and enforce the match before calling
team.add_to_team.
- Around line 100-106: The permission check in invite_team_members currently
uses ptype="read", allowing ordinary members to invite despite "Can Add
Members?" being revoked; update the check to require write access by changing
ptype="read" to ptype="write" in the frappe.has_permission call that checks the
"FP Team" document (the block referencing team_id and frappe.session.user) and
adjust the raised PermissionError message if needed to reflect that write
permission is required.

In `@frontend/src/components/team/TeamMemberList.vue`:
- Around line 79-84: The icon-only trash Button in TeamMemberList.vue lacks an
accessible label, so update the Button usage (the element with
`@click`="handleMemberRemoval(row)") to include an explicit accessible label
(e.g., add aria-label or a visually-hidden text prop) that describes the action
and, when possible, includes the member identity (use row.name or row.email) —
e.g., aria-label="Remove member {name}". Ensure this label is present on the
Button component rather than relying solely on the icon so screen readers
announce the button purpose.

In `@frontend/src/stores/team.ts`:
- Around line 79-97: The save function currently only refetches
teamMembersResource on success, so updated team metadata (team_name/logo) won't
propagate; update the onSuccess handler in the save function (the createResource
call) to also refresh the current team metadata—e.g., call the existing team
metadata resource or method (such as currentTeam.fetch(), teamResource.fetch(),
or whichever resource holds team details) after success so the header and team
switcher reflect the new team_name and logo immediately.

---

Duplicate comments:
In `@forms_pro/api/team.py`:
- Around line 146-150: The endpoint should be idempotent: if
team.is_team_member(invite.email) returns true, do not raise
frappe.DuplicateEntryError but treat the request as successful (skip adding and
proceed), because after_accept may have already added the user; update the logic
around team.is_team_member, team.add_to_team, and team.save so existing members
are a no-op and the flow continues normally (e.g., skip add_to_team when
is_team_member is true or catch and ignore duplicate-entry errors from
add_to_team), ensuring the endpoint returns success instead of raising.

---

Nitpick comments:
In `@forms_pro/tests/test_invitations.py`:
- Around line 232-245: Add two tests to cover the invitation replay branches for
add_member_to_team_via_invitation: (1) create an accepted invitation via
_make_accepted_invitation, call add_member_to_team_via_invitation once to add
the user, then call it again with the same invite_id and assert the user is not
duplicated in the "FP Team" users list and that frappe.local.response still
indicates a redirect to "/forms"; (2) create an accepted invitation embedding a
specific team_id, then call add_member_to_team_via_invitation with a different
team_id and assert the call is rejected (e.g., raises the same exception the
endpoint uses or sets an error response) to lock down authorization; use
existing helpers (_create_user, _create_team, inv_doc.name) and inspect
frappe.get_doc("FP Team", team_id) and frappe.local.response for assertions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ff7d8741-0732-4a0c-9e40-ee1e9c8bae6e

📥 Commits

Reviewing files that changed from the base of the PR and between d297206 and e950daa.

📒 Files selected for processing (6)

• forms_pro/api/team.py
• forms_pro/forms_pro/doctype/fp_team/fp_team.py
• forms_pro/tests/test_invitations.py
• frontend/src/components/team/RemoveMemberDialog.vue
• frontend/src/components/team/TeamMemberList.vue
• frontend/src/stores/team.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• frontend/src/components/team/RemoveMemberDialog.vue

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Bind invitation completion to the invited team.

This endpoint trusts the caller-supplied team_id and never verifies that it matches the team encoded in the accepted invitation. If the inviter can read multiple teams, the same accepted invite_id can be replayed against a different team_id and add the user to the wrong team. Derive the team from invitation metadata, or reject mismatches before team.add_to_team(...).

🧰 Tools

🪛 Ruff (0.15.4)

[warning] 126-126: Avoid specifying long messages outside the exception class

(TRY003)

---

[warning] 131-131: Avoid specifying long messages outside the exception class

(TRY003)

---

[warning] 139-139: Avoid specifying long messages outside the exception class

(TRY003)

---

[warning] 142-142: Avoid specifying long messages outside the exception class

(TRY003)

---

[warning] 147-147: Avoid specifying long messages outside the exception class

(TRY003)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@forms_pro/api/team.py` around lines 124 - 150, The endpoint currently trusts
the caller-supplied team_id and never verifies it against the invitation; fetch
the team id from the accepted invitation (use the invitation field that encodes
the target team, e.g., invite.team or invite.reference_docname) and either
reject if the caller-supplied team_id mismatches or ignore the caller value and
use invite's team id for all subsequent operations (permission check using
invite.invited_by, team lookup via FPTeam using the invite-derived id, and final
team.add_to_team(invite.email)); if the invitation has no team field, add and
validate one on the User Invitation model and enforce the match before calling
team.add_to_team.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Refresh team metadata after save, not just members.

This success path only refetches teamMembersResource. team_name/logo changes won't propagate to the header or team switcher until some other code reloads the current team state, so the user can get a success toast while still seeing stale team details.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/src/stores/team.ts` around lines 79 - 97, The save function
currently only refetches teamMembersResource on success, so updated team
metadata (team_name/logo) won't propagate; update the onSuccess handler in the
save function (the createResource call) to also refresh the current team
metadata—e.g., call the existing team metadata resource or method (such as
currentTeam.fetch(), teamResource.fetch(), or whichever resource holds team
details) after success so the header and team switcher reflect the new team_name
and logo immediately.