tenseleyflow/shithub / f926e68

+	var repoCount, teamCount int64

+	_ = h.d.Pool.QueryRow(r.Context(), `SELECT count(*) FROM repos WHERE owner_org_id = $1 AND deleted_at IS NULL`, org.ID).Scan(&repoCount)

+	_ = h.d.Pool.QueryRow(r.Context(), `SELECT count(*) FROM teams WHERE org_id = $1`, org.ID).Scan(&teamCount)

+		"Title":        org.Slug + " · people",

+		"CSRFToken":    middleware.CSRFTokenForRequest(r),

+		"Org":          org,

+		"Members":      members,

+		"Pending":      pending,

+		"ActiveOrgTab": "people",

+		"RepoCount":    repoCount,

+		"MemberCount":  int64(len(members)),

+		"TeamCount":    teamCount,

+		"IsOwner":      isOwner,

+	"context"

+	"net/url"

+	"github.com/jackc/pgx/v5/pgtype"

+type orgNavCounts struct {

+	RepoCount   int64

+	MemberCount int64

+	TeamCount   int64

+}

+

+type teamAggregateCounts struct {

+	MemberCount int64

+	RepoCount   int64

+	ChildCount  int64

+}

+

+type teamListItem struct {

+	ID           int64

+	Slug         string

+	DisplayName  string

+	Description  string

+	Privacy      string

+	ParentSlug   string

+	Path         string

+	MemberCount  int64

+	RepoCount    int64

+	ChildCount   int64

+	IsSecret     bool

+	HasParent    bool

+	CreatedLabel string

+}

+

+type teamRepoCandidate struct {

+	ID         int64

+	Name       string

+	Visibility string

+}

+

+// teamsList renders /{org}/teams. GitHub keeps org teams member-only:

+// visible teams are visible to org members, while secret teams are

+// further limited to team members and org owners.

+	if !h.canSeeOrgTeams(w, r, org.ID, viewer) {

+		return

+	}

+	counts := h.teamAggregateCounts(r.Context(), org.ID)

+	parentSlugs := teamParentSlugs(all)

+	items := h.teamListItems(org, visible, counts, parentSlugs)

+	visibleCount, secretCount := teamPrivacyCounts(items)

+	query := strings.TrimSpace(r.URL.Query().Get("q"))

+	privacy := strings.TrimSpace(r.URL.Query().Get("privacy"))

+	items = filterTeamListItems(items, query, privacy)

+	navCounts := h.orgNavCounts(r.Context(), org.ID, int64(len(visible)))

+		"Title":          org.Slug + " · teams",

+		"CSRFToken":      middleware.CSRFTokenForRequest(r),

+		"Org":            org,

+		"AvatarURL":      "/avatars/" + url.PathEscape(string(org.Slug)),

+		"Teams":          items,

+		"TeamTotalCount": len(visible),

+		"VisibleCount":   visibleCount,

+		"SecretCount":    secretCount,

+		"Query":          query,

+		"PrivacyFilter":  privacy,

+		"ActiveOrgTab":   "teams",

+		"RepoCount":      navCounts.RepoCount,

+		"MemberCount":    navCounts.MemberCount,

+		"TeamCount":      navCounts.TeamCount,

+		"IsOwner":        isOwner,

+	if !h.canSeeOrgTeams(w, r, org.ID, viewer) {

+		return

+	}

+	children, _ := q.ListChildTeams(r.Context(), h.d.Pool, pgtype.Int8{Int64: team.ID, Valid: true})

+	childItems := h.teamListItems(org, h.filterSecretTeams(r, children, org.ID, viewer),

+		h.teamAggregateCounts(r.Context(), org.ID), teamParentSlugs(children))

+	repoCandidates := h.teamRepoCandidates(r.Context(), org.ID, team.ID)

+	navCounts := h.orgNavCounts(r.Context(), org.ID, -1)

+		"Title":           string(org.Slug) + "/" + string(team.Slug),

+		"CSRFToken":       middleware.CSRFTokenForRequest(r),

+		"Org":             org,

+		"AvatarURL":       "/avatars/" + url.PathEscape(string(org.Slug)),

+		"Team":            team,

+		"TeamDisplayName": teamDisplayName(team),

+		"TeamPath":        h.teamPath(org, team),

+		"TeamPrivacy":     string(team.Privacy),

+		"TeamIsSecret":    team.Privacy == orgsdb.TeamPrivacySecret,

+		"ChildTeams":      childItems,

+		"Members":         members,

+		"Repos":           repos,

+		"RepoCandidates":  repoCandidates,

+		"ActiveOrgTab":    "teams",

+		"RepoCount":       navCounts.RepoCount,

+		"MemberCount":     navCounts.MemberCount,

+		"TeamCount":       navCounts.TeamCount,

+		"IsOwner":         isOwner,

+	repoID, err := h.repoIDFromTeamForm(r, org.ID)

+	if !h.repoBelongsToOrg(r.Context(), org.ID, repoID) {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return

+	}

+func (h *Handlers) canSeeOrgTeams(w http.ResponseWriter, r *http.Request, orgID int64, viewer middleware.CurrentUser) bool {

+	if viewer.IsAnonymous() {

+		http.Redirect(w, r, "/login?next="+url.QueryEscape(r.URL.RequestURI()), http.StatusSeeOther)

+		return false

+	}

+	if viewer.IsSiteAdmin {

+		return true

+	}

+	isMember, _ := orgs.IsMember(r.Context(), h.deps(), orgID, viewer.ID)

+	if !isMember {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, "")

+		return false

+	}

+	return true

+}

+

+// canSeeTeam decides whether the viewer is allowed to see a team's members

+// and repositories. canSeeOrgTeams has already enforced org membership;

+// visible teams are readable to those members, while secret teams require

+// team membership or org ownership.

+// filterSecretTeams strips secret teams the viewer can't see after the

+// caller has already established org-team-page visibility.

+func (h *Handlers) orgNavCounts(ctx context.Context, orgID int64, visibleTeamCount int64) orgNavCounts {

+	var counts orgNavCounts

+	_ = h.d.Pool.QueryRow(ctx, `SELECT count(*) FROM repos WHERE owner_org_id = $1 AND deleted_at IS NULL`, orgID).Scan(&counts.RepoCount)

+	_ = h.d.Pool.QueryRow(ctx, `SELECT count(*) FROM org_members WHERE org_id = $1`, orgID).Scan(&counts.MemberCount)

+	if visibleTeamCount >= 0 {

+		counts.TeamCount = visibleTeamCount

+	} else {

+		_ = h.d.Pool.QueryRow(ctx, `SELECT count(*) FROM teams WHERE org_id = $1`, orgID).Scan(&counts.TeamCount)

+	}

+	return counts

+func (h *Handlers) teamAggregateCounts(ctx context.Context, orgID int64) map[int64]teamAggregateCounts {

+	rows, err := h.d.Pool.Query(ctx, `

+		SELECT t.id,

+		       count(DISTINCT tm.user_id)::bigint AS member_count,

+		       count(DISTINCT tra.repo_id)::bigint AS repo_count,

+		       count(DISTINCT child.id)::bigint AS child_count

+		  FROM teams t

+		  LEFT JOIN team_members tm ON tm.team_id = t.id

+		  LEFT JOIN team_repo_access tra ON tra.team_id = t.id

+		  LEFT JOIN teams child ON child.parent_team_id = t.id

+		 WHERE t.org_id = $1

+		 GROUP BY t.id`, orgID)

+	if err != nil {

+		h.d.Logger.WarnContext(ctx, "teams: counts", "org_id", orgID, "error", err)

+		return nil

+	}

+	defer rows.Close()

+	out := map[int64]teamAggregateCounts{}

+	for rows.Next() {

+		var id int64

+		var c teamAggregateCounts

+		if err := rows.Scan(&id, &c.MemberCount, &c.RepoCount, &c.ChildCount); err == nil {

+			out[id] = c

+		}

+	}

+	return out

+}

+

+func (h *Handlers) teamListItems(org orgsdb.Org, teams []orgsdb.Team, counts map[int64]teamAggregateCounts, parentSlugs map[int64]string) []teamListItem {

+	out := make([]teamListItem, 0, len(teams))

+	for _, team := range teams {

+		c := counts[team.ID]

+		parentSlug := ""

+		if team.ParentTeamID.Valid {

+			parentSlug = parentSlugs[team.ParentTeamID.Int64]

+		}

+		out = append(out, teamListItem{

+			ID:           team.ID,

+			Slug:         string(team.Slug),

+			DisplayName:  teamDisplayName(team),

+			Description:  team.Description,

+			Privacy:      string(team.Privacy),

+			ParentSlug:   parentSlug,

+			Path:         h.teamPath(org, team),

+			MemberCount:  c.MemberCount,

+			RepoCount:    c.RepoCount,

+			ChildCount:   c.ChildCount,

+			IsSecret:     team.Privacy == orgsdb.TeamPrivacySecret,

+			HasParent:    team.ParentTeamID.Valid,

+			CreatedLabel: team.CreatedAt.Time.Format("Jan 2, 2006"),

+		})

+	}

+	return out

+}

+func teamParentSlugs(teams []orgsdb.Team) map[int64]string {

+	if len(teams) == 0 {

+		return nil

+	}

+	byID := make(map[int64]string, len(teams))

+	for _, team := range teams {

+		byID[team.ID] = string(team.Slug)

+	}

+	return byID

+}

+

+func teamDisplayName(team orgsdb.Team) string {

+	if strings.TrimSpace(team.DisplayName) != "" {

+		return team.DisplayName

+	}

+	return string(team.Slug)

+}

+

+func teamPrivacyCounts(items []teamListItem) (visibleCount, secretCount int) {

+	for _, item := range items {

+		if item.IsSecret {

+			secretCount++

+		} else {

+			visibleCount++

+		}

+	}

+	return visibleCount, secretCount

+}

+

+func filterTeamListItems(items []teamListItem, query, privacy string) []teamListItem {

+	query = strings.ToLower(strings.TrimSpace(query))

+	privacy = strings.ToLower(strings.TrimSpace(privacy))

+	if query == "" && privacy == "" {

+		return items

+	}

+	out := make([]teamListItem, 0, len(items))

+	for _, item := range items {

+		if privacy == "visible" && item.IsSecret {

+			continue

+		}

+		if privacy == "secret" && !item.IsSecret {

+			continue

+		}

+		if query != "" {

+			haystack := strings.ToLower(item.Slug + " " + item.DisplayName + " " + item.Description)

+			if !strings.Contains(haystack, query) {

+				continue

+			}

+		}

+		out = append(out, item)

+	}

+	return out

+}

+

+func (h *Handlers) teamRepoCandidates(ctx context.Context, orgID, teamID int64) []teamRepoCandidate {

+	rows, err := h.d.Pool.Query(ctx, `

+		SELECT r.id, r.name, r.visibility::text

+		  FROM repos r

+		  LEFT JOIN team_repo_access a

+		    ON a.repo_id = r.id AND a.team_id = $2

+		 WHERE r.owner_org_id = $1

+		   AND r.deleted_at IS NULL

+		   AND a.repo_id IS NULL

+		 ORDER BY lower(r.name)

+		 LIMIT 100`, orgID, teamID)

+	if err != nil {

+		h.d.Logger.WarnContext(ctx, "teams: repo candidates", "org_id", orgID, "team_id", teamID, "error", err)

+		return nil

+	}

+	defer rows.Close()

+	out := []teamRepoCandidate{}

+	for rows.Next() {

+		var item teamRepoCandidate

+		if err := rows.Scan(&item.ID, &item.Name, &item.Visibility); err == nil {

+			out = append(out, item)

+		}

+	}

+	return out

+}

+

+func (h *Handlers) repoIDFromTeamForm(r *http.Request, orgID int64) (int64, error) {

+	if raw := strings.TrimSpace(r.PostFormValue("repo_id")); raw != "" {

+		return strconv.ParseInt(raw, 10, 64)

+	}

+	repoName := strings.TrimSpace(r.PostFormValue("repo_name"))

+	if repoName == "" {

+		return 0, strconv.ErrSyntax

+	}

+	var id int64

+	err := h.d.Pool.QueryRow(

+		r.Context(),

+		`SELECT id FROM repos WHERE owner_org_id = $1 AND name = $2 AND deleted_at IS NULL`,

+		orgID, repoName,

+	).Scan(&id)

+	return id, err

+}

+

+func (h *Handlers) repoBelongsToOrg(ctx context.Context, orgID, repoID int64) bool {

+	var exists bool

+	err := h.d.Pool.QueryRow(ctx,

+		`SELECT EXISTS(SELECT 1 FROM repos WHERE id = $1 AND owner_org_id = $2 AND deleted_at IS NULL)`,

+		repoID, orgID,

+	).Scan(&exists)

+	return err == nil && exists

+}

+

+func (h *Handlers) teamPath(org orgsdb.Org, team orgsdb.Team) string {

+	return "/" + string(org.Slug) + "/teams/" + string(team.Slug)

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package orgs_test

+

+import (

+	"context"

+	"io"

+	"log/slog"

+	"net/http"

+	"net/http/httptest"

+	"strings"

+	"testing"

+	"testing/fstest"

+

+	"github.com/go-chi/chi/v5"

+	"github.com/jackc/pgx/v5/pgxpool"

+

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"

+	orgsh "github.com/tenseleyFlow/shithub/internal/web/handlers/orgs"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+	"github.com/tenseleyFlow/shithub/internal/web/render"

+)

+

+func TestTeamsListRequiresOrgMemberAndFiltersSecretTeams(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	ownerID := insertOrgAvatarUser(t, pool, "owner")

+	memberID := insertOrgAvatarUser(t, pool, "member")

+	outsiderID := insertOrgAvatarUser(t, pool, "outsider")

+	orgID := insertOrgAvatarOrg(t, pool, ownerID, "acme")

+	if _, err := pool.Exec(ctx, `INSERT INTO org_members (org_id, user_id, role) VALUES ($1, $2, 'member')`, orgID, memberID); err != nil {

+		t.Fatalf("insert org member: %v", err)

+	}

+	visibleTeamID := insertTeamForTest(t, pool, orgID, "engineering", "Engineering", "visible")

+	insertTeamForTest(t, pool, orgID, "security", "Security", "secret")

+	if _, err := pool.Exec(ctx, `INSERT INTO team_members (team_id, user_id, role) VALUES ($1, $2, 'member')`, visibleTeamID, memberID); err != nil {

+		t.Fatalf("insert team member: %v", err)

+	}

+

+	memberBody, memberStatus, _ := performTeamsListRequest(t, pool, middleware.CurrentUser{ID: memberID, Username: "member"}, "/acme/teams")

+	if memberStatus != http.StatusOK {

+		t.Fatalf("member status=%d body=%s", memberStatus, memberBody)

+	}

+	if !strings.Contains(memberBody, "TEAM=engineering:Engineering:1:0") {

+		t.Fatalf("expected visible team with counts, got %s", memberBody)

+	}

+	if strings.Contains(memberBody, "security") {

+		t.Fatalf("secret team leaked to non-team member: %s", memberBody)

+	}

+

+	outsiderBody, outsiderStatus, _ := performTeamsListRequest(t, pool, middleware.CurrentUser{ID: outsiderID, Username: "outsider"}, "/acme/teams")

+	if outsiderStatus != http.StatusNotFound {

+		t.Fatalf("outsider status=%d body=%s", outsiderStatus, outsiderBody)

+	}

+

+	_, anonymousStatus, anonymousLocation := performTeamsListRequest(t, pool, middleware.CurrentUser{}, "/acme/teams")

+	if anonymousStatus != http.StatusSeeOther {

+		t.Fatalf("anonymous status=%d", anonymousStatus)

+	}

+	if !strings.HasPrefix(anonymousLocation, "/login?next=") {

+		t.Fatalf("anonymous redirect=%q", anonymousLocation)

+	}

+}

+

+func performTeamsListRequest(t *testing.T, pool *pgxpool.Pool, viewer middleware.CurrentUser, target string) (string, int, string) {

+	t.Helper()

+	rr, err := render.New(fstest.MapFS{

+		"_layout.html":         {Data: []byte(`{{ define "layout" }}<html><body>{{ template "page" . }}</body></html>{{ end }}`)},

+		"orgs/_org_nav.html":   {Data: []byte(`{{ define "org-nav" }}NAV={{ .ActiveOrgTab }}:{{ .TeamCount }}{{ end }}`)},

+		"orgs/teams_list.html": {Data: []byte(`{{ define "page" }}{{ template "org-nav" . }} TOTAL={{ .TeamTotalCount }}{{ range .Teams }} TEAM={{ .Slug }}:{{ .DisplayName }}:{{ .MemberCount }}:{{ .RepoCount }}{{ end }}{{ end }}`)},

+		"orgs/team_view.html":  {Data: []byte(`{{ define "page" }}TEAM{{ end }}`)},

+		"orgs/people.html":     {Data: []byte(`{{ define "page" }}PEOPLE{{ end }}`)},

+		"errors/403.html":      {Data: []byte(`{{ define "page" }}403{{ end }}`)},

+		"errors/404.html":      {Data: []byte(`{{ define "page" }}404{{ end }}`)},

+		"errors/500.html":      {Data: []byte(`{{ define "page" }}500{{ end }}`)},

+	}, render.Options{})

+	if err != nil {

+		t.Fatalf("render.New: %v", err)

+	}

+	h, err := orgsh.New(orgsh.Deps{

+		Logger: slog.New(slog.NewTextHandler(io.Discard, nil)),

+		Render: rr,

+		Pool:   pool,

+	})

+	if err != nil {

+		t.Fatalf("orgsh.New: %v", err)

+	}

+	r := chi.NewRouter()

+	r.Use(func(next http.Handler) http.Handler {

+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

+			next.ServeHTTP(w, r.WithContext(middleware.WithCurrentUserForTest(r.Context(), viewer)))

+		})

+	})

+	h.MountOrgRoutes(r)

+

+	req := httptest.NewRequest(http.MethodGet, target, nil)

+	rec := httptest.NewRecorder()

+	r.ServeHTTP(rec, req)

+	return rec.Body.String(), rec.Code, rec.Header().Get("Location")

+}

+

+func insertTeamForTest(t *testing.T, db orgsdb.DBTX, orgID int64, slug, displayName, privacy string) int64 {

+	t.Helper()

+	var id int64

+	if err := db.QueryRow(context.Background(),

+		`INSERT INTO teams (org_id, slug, display_name, privacy)

+		 VALUES ($1, $2, $3, $4)

+		 RETURNING id`,

+		orgID, slug, displayName, privacy,

+	).Scan(&id); err != nil {

+		t.Fatalf("insert team: %v", err)

+	}

+	return id

+}

+	teamCount := int64(0)

+	if isMember || viewer.IsSiteAdmin {

+		_ = h.d.Pool.QueryRow(ctx, `SELECT count(*) FROM teams WHERE org_id = $1`, org.ID).Scan(&teamCount)

+	}

+		"TeamCount":        teamCount,

+		"ActiveOrgTab":     "overview",

+

+.shithub-org-profile-head {

+  max-width: 1280px;

+  margin: 0 auto;

+  padding: 1.5rem 1rem 0;

+}

+.shithub-org-teams-head {

+  padding-bottom: 0.25rem;

+}

+.shithub-org-teams-title,

+.shithub-org-team-title-row {

+  display: flex;

+  align-items: center;

+  gap: 0.85rem;

+}

+.shithub-org-teams-title h1,

+.shithub-org-team-title-row h1 {

+  margin: 0;

+  font-size: 1.5rem;

+  line-height: 1.25;

+}

+.shithub-org-teams-avatar,

+.shithub-org-team-avatar {

+  flex: 0 0 auto;

+  width: 48px;

+  height: 48px;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  background: var(--canvas-subtle);

+}

+.shithub-org-team-avatar {

+  display: inline-flex;

+  align-items: center;

+  justify-content: center;

+  color: var(--fg-muted);

+}

+.shithub-org-teams-layout,

+.shithub-org-team-view-layout {

+  max-width: 1280px;

+  margin: 0 auto;

+  display: grid;

+  gap: 2rem;

+  padding: 1.5rem 1rem 2.5rem;

+}

+.shithub-org-teams-layout {

+  grid-template-columns: minmax(0, 1fr) minmax(260px, 0.34fr);

+}

+.shithub-org-team-view-layout {

+  grid-template-columns: minmax(0, 1fr) 296px;

+}

+.shithub-org-teams-main,

+.shithub-org-team-view-main {

+  min-width: 0;

+}

+.shithub-org-team-toolbar {

+  display: flex;

+  justify-content: space-between;

+  gap: 1rem;

+  align-items: flex-start;

+  margin-bottom: 1rem;

+}

+.shithub-org-team-toolbar h2,

+.shithub-org-team-panel h2,

+.shithub-org-team-manage-box h2 {

+  margin: 0;

+  font-size: 1rem;

+  font-weight: 600;

+}

+.shithub-org-team-toolbar p,

+.shithub-org-team-panel-head p,

+.shithub-org-team-manage-box p {

+  margin: 0.3rem 0 0;

+  color: var(--fg-muted);

+  font-size: 0.875rem;

+}

+.shithub-org-team-create {

+  position: relative;

+  flex: 0 0 auto;

+}

+.shithub-org-team-create summary {

+  list-style: none;

+}

+.shithub-org-team-create summary::-webkit-details-marker {

+  display: none;

+}

+.shithub-org-team-create[open] summary {

+  border-bottom-left-radius: 0;

+  border-bottom-right-radius: 0;

+}

+.shithub-org-team-create-form {

+  position: absolute;

+  right: 0;

+  z-index: 30;

+  width: min(360px, calc(100vw - 2rem));

+  display: grid;

+  gap: 0.75rem;

+  padding: 1rem;

+  border: 1px solid var(--border-default);

+  border-radius: 6px 0 6px 6px;

+  background: var(--canvas-default);

+  box-shadow: 0 16px 48px rgba(1, 4, 9, 0.32);

+}

+.shithub-org-team-create-form label,

+.shithub-org-team-manage-box label {

+  display: grid;

+  gap: 0.35rem;

+  color: var(--fg-default);

+  font-size: 0.875rem;

+  font-weight: 600;

+}

+.shithub-org-team-create-form input,

+.shithub-org-team-create-form select,

+.shithub-org-team-manage-box input,

+.shithub-org-team-manage-box select {

+  width: 100%;

+  min-height: 34px;

+  padding: 0.35rem 0.6rem;

+  border-radius: 6px;

+}

+.shithub-org-team-filters {

+  display: grid;

+  grid-template-columns: minmax(0, 1fr) auto;

+  gap: 0.5rem;

+  margin-bottom: 0.75rem;

+}

+.shithub-org-team-search {

+  position: relative;

+  display: block;

+}

+.shithub-org-team-search svg {

+  position: absolute;

+  top: 50%;

+  left: 0.7rem;

+  transform: translateY(-50%);

+  color: var(--fg-muted);

+  pointer-events: none;

+}

+.shithub-org-team-search input {

+  width: 100%;

+  min-height: 34px;

+  padding: 0.35rem 0.7rem 0.35rem 2rem;

+  border-radius: 6px;

+}

+.shithub-org-team-filter-tabs,

+.shithub-org-team-tabs {

+  display: flex;

+  gap: 0.25rem;

+  border-bottom: 1px solid var(--border-default);

+  margin-bottom: 0;

+  overflow-x: auto;

+}

+.shithub-org-team-filter-tabs a,

+.shithub-org-team-tabs a {

+  display: inline-flex;

+  align-items: center;

+  gap: 0.35rem;

+  padding: 0.65rem 0.75rem;

+  border-bottom: 2px solid transparent;

+  color: var(--fg-default);

+  font-size: 0.875rem;

+  white-space: nowrap;

+}

+.shithub-org-team-filter-tabs a:hover,

+.shithub-org-team-tabs a:hover {

+  background: var(--canvas-subtle);

+  border-radius: 6px 6px 0 0;

+  text-decoration: none;

+}

+.shithub-org-team-filter-tabs a.is-selected,

+.shithub-org-team-tabs a.is-selected {

+  border-bottom-color: #fd8c73;

+  font-weight: 600;

+}

+.shithub-org-team-filter-tabs span,

+.shithub-org-team-tabs span {

+  padding: 0.05rem 0.45rem;

+  border-radius: 999px;

+  background: var(--canvas-subtle);

+  color: var(--fg-muted);

+  font-size: 0.75rem;

+  font-weight: 500;

+}

+.shithub-org-team-list,

+.shithub-org-team-member-list,

+.shithub-org-team-repo-list {

+  list-style: none;

+  padding: 0;

+  margin: 0;

+  border: 1px solid var(--border-default);

+  border-top: 0;

+  border-radius: 0 0 6px 6px;

+  overflow: hidden;

+  background: var(--canvas-default);

+}

+.shithub-org-team-list-compact {

+  border-top: 1px solid var(--border-default);

+  border-radius: 6px;

+}

+.shithub-org-team-row,

+.shithub-org-team-member-row,

+.shithub-org-team-repo-row {

+  display: grid;

+  gap: 1rem;

+  align-items: center;

+  padding: 1rem;

+  border-top: 1px solid var(--border-default);

+}

+.shithub-org-team-row:first-child,

+.shithub-org-team-member-row:first-child,

+.shithub-org-team-repo-row:first-child {

+  border-top: 0;

+}

+.shithub-org-team-row {

+  grid-template-columns: 40px minmax(0, 1fr);

+}

+.shithub-org-team-row-icon,

+.shithub-org-team-repo-icon {

+  display: inline-flex;

+  align-items: center;

+  justify-content: center;

+  width: 40px;

+  height: 40px;

+  border: 1px solid var(--border-default);

+  border-radius: 6px;

+  background: var(--canvas-subtle);

+  color: var(--fg-muted);

+}

+.shithub-org-team-row-title {

+  display: flex;

+  align-items: center;

+  gap: 0.45rem;

+  flex-wrap: wrap;

+  font-weight: 600;

+}

+.shithub-org-team-row-main p {

+  margin: 0.35rem 0 0;

+  color: var(--fg-muted);

+  font-size: 0.875rem;

+}

+.shithub-org-team-row-meta {

+  display: flex;

+  flex-wrap: wrap;

+  gap: 0.45rem 1rem;

+  margin-top: 0.65rem;

+  color: var(--fg-muted);

+  font-size: 0.8rem;

+}

+.shithub-org-team-row-meta span,

+.shithub-org-team-repo-main {

+  display: inline-flex;

+  align-items: center;

+  gap: 0.35rem;

+}

+.shithub-org-team-view-head {

+  padding-bottom: 0.25rem;

+}

+.shithub-org-team-breadcrumb {

+  display: flex;

+  gap: 0.4rem;

+  align-items: center;

+  margin-bottom: 0.75rem;

+  color: var(--fg-muted);

+  font-size: 0.875rem;

+}

+.shithub-org-team-title-row {

+  flex-wrap: wrap;

+}

+.shithub-org-team-description {

+  max-width: 760px;

+  margin: 0.85rem 0 0;

+}

+.shithub-org-team-tabs {

+  margin-bottom: 0;

+}

+.shithub-org-team-panel {

+  margin-top: 1.5rem;

+}

+.shithub-org-team-panel-head {

+  margin-bottom: 0.75rem;

+}

+.shithub-org-team-member-row {

+  grid-template-columns: 40px minmax(0, 1fr) auto;

+}

+.shithub-org-team-member-row img {

+  width: 40px;

+  height: 40px;

+  border-radius: 50%;

+  border: 1px solid var(--border-muted);

+}

+.shithub-org-team-member-row p,

+.shithub-org-team-repo-row p {

+  margin: 0.25rem 0 0;

+  color: var(--fg-muted);

+  font-size: 0.8rem;

+}

+.shithub-org-team-repo-row {

+  grid-template-columns: minmax(0, 1fr) auto;

+}

+.shithub-org-team-repo-main {

+  min-width: 0;

+}

+.shithub-org-team-repo-main > div {

+  min-width: 0;

+}

+.shithub-org-team-manage {

+  min-width: 0;

+}

+.shithub-org-team-manage-box {

+  padding: 1rem 0;

+  border-top: 1px solid var(--border-default);

+}

+.shithub-org-team-manage-box:first-child {

+  padding-top: 0;

+  border-top: 0;

+}

+.shithub-org-team-manage-box form {

+  display: grid;

+  gap: 0.75rem;

+  margin-top: 0.75rem;

+}

+

+@media (max-width: 900px) {

+  .shithub-org-teams-layout,

+  .shithub-org-team-view-layout {

+    grid-template-columns: 1fr;

+  }

+  .shithub-org-team-create-form {

+    position: static;

+    margin-top: 0.5rem;

+    width: 100%;

+    border-radius: 6px;

+  }

+}

+

+@media (max-width: 640px) {

+  .shithub-org-team-toolbar,

+  .shithub-org-team-filters {

+    grid-template-columns: 1fr;

+  }

+  .shithub-org-team-toolbar {

+    display: grid;

+  }

+  .shithub-org-team-member-row,

+  .shithub-org-team-repo-row {

+    grid-template-columns: 1fr;

+  }

+  .shithub-org-team-member-row img {

+    display: none;

+  }

+}

+{{ define "org-nav" -}}

+<nav class="shithub-org-nav" aria-label="Organization">

+  <a href="/{{ .Org.Slug }}" class="shithub-org-nav-item{{ if eq .ActiveOrgTab "overview" }} is-active{{ end }}">{{ octicon "home" }} Overview</a>

+  <a href="/{{ .Org.Slug }}#org-repositories" class="shithub-org-nav-item{{ if eq .ActiveOrgTab "repositories" }} is-active{{ end }}">{{ octicon "repo" }} Repositories <span class="shithub-tab-count">{{ .RepoCount }}</span></a>

+  <span class="shithub-org-nav-item is-disabled" aria-disabled="true">{{ octicon "table" }} Projects</span>

+  <span class="shithub-org-nav-item is-disabled" aria-disabled="true">{{ octicon "package" }} Packages</span>

+  <a href="/{{ .Org.Slug }}/teams" class="shithub-org-nav-item{{ if eq .ActiveOrgTab "teams" }} is-active{{ end }}">{{ octicon "people" }} Teams <span class="shithub-tab-count">{{ .TeamCount }}</span></a>

+  <a href="/{{ .Org.Slug }}/people" class="shithub-org-nav-item{{ if eq .ActiveOrgTab "people" }} is-active{{ end }}">{{ octicon "person" }} People <span class="shithub-tab-count">{{ .MemberCount }}</span></a>

+  <span class="shithub-org-nav-item is-disabled" aria-disabled="true">{{ octicon "shield-check" }} Security and quality</span>

+  <span class="shithub-org-nav-item is-disabled" aria-disabled="true">{{ octicon "pulse" }} Insights</span>

+  {{ if .IsOwner }}<a href="/organizations/{{ .Org.Slug }}/settings/profile" class="shithub-org-nav-item{{ if eq .ActiveOrgTab "settings" }} is-active{{ end }}">{{ octicon "gear" }} Settings</a>{{ end }}

+</nav>

+{{- end }}

+<section class="shithub-org-profile shithub-org-people">

+  {{ template "org-nav" . }}

+  {{ template "org-nav" . }}

+<section class="shithub-org-profile shithub-org-team">

+  <header class="shithub-org-profile-head shithub-org-team-view-head">

+    <div class="shithub-org-team-breadcrumb">

+      <a href="/{{ .Org.Slug }}">{{ if .Org.DisplayName }}{{ .Org.DisplayName }}{{ else }}{{ .Org.Slug }}{{ end }}</a>

+      <span>/</span>

+      <a href="/{{ .Org.Slug }}/teams">Teams</a>

+    </div>

+    <div class="shithub-org-team-title-row">

+      <div class="shithub-org-team-avatar" aria-hidden="true">{{ octicon "people" }}</div>

+      <div>

+        <h1>{{ .TeamDisplayName }}</h1>

+        <p class="shithub-meta">@{{ .Org.Slug }}/{{ .Team.Slug }}</p>

+      </div>

+      <span class="shithub-pill{{ if .TeamIsSecret }} shithub-pill-private{{ end }}">{{ if .TeamIsSecret }}{{ octicon "lock" }} Secret{{ else }}{{ octicon "eye" }} Visible{{ end }}</span>

+    </div>

+    {{ if .Team.Description }}<p class="shithub-org-team-description">{{ .Team.Description }}</p>{{ else }}<p class="shithub-org-team-description shithub-muted">No description provided.</p>{{ end }}

+  {{ template "org-nav" . }}

+  <div class="shithub-org-team-view-layout">

+    <main class="shithub-org-team-view-main">

+      <nav class="shithub-org-team-tabs" aria-label="Team">

+        <a href="#members" class="is-selected">{{ octicon "person" }} Members <span>{{ len .Members }}</span></a>

+        <a href="#repositories">{{ octicon "repo" }} Repositories <span>{{ len .Repos }}</span></a>

+        <a href="#child-teams">{{ octicon "people" }} Child teams <span>{{ len .ChildTeams }}</span></a>

+      </nav>

+      <section id="members" class="shithub-org-team-panel">

+        <div class="shithub-org-team-panel-head">

+          <div>

+            <h2>Members</h2>

+            <p>{{ len .Members }} member{{ if ne (len .Members) 1 }}s{{ end }} belong directly to this team.</p>

+          </div>

+        </div>

+        {{ if .Members }}

+        <ol class="shithub-org-team-member-list">

+          {{ range .Members }}

+          <li class="shithub-org-team-member-row">

+            <img src="/avatars/{{ .Username }}" alt="" width="40" height="40">

+            <div>

+              <a href="/{{ .Username }}">{{ if .DisplayName }}{{ .DisplayName }}{{ else }}{{ .Username }}{{ end }}</a>

+              <p>@{{ .Username }} · {{ .Role }} · joined {{ relativeTime .AddedAt.Time }}</p>

+            </div>

+            {{ if $.IsOwner }}

+            <form method="POST" action="/{{ $.Org.Slug }}/teams/{{ $.Team.Slug }}/members">

+              <button type="submit" class="shithub-button shithub-button-danger">Remove</button>

+            {{ end }}

+          </li>

+        </ol>

+        {{ else }}

+        <div class="shithub-org-empty"><h3>No team members yet.</h3></div>

+      </section>

+      <section id="repositories" class="shithub-org-team-panel">

+        <div class="shithub-org-team-panel-head">

+          <div>

+            <h2>Repositories</h2>

+            <p>Repository access granted directly to this team.</p>

+          </div>

+        </div>

+        {{ if .Repos }}

+        <ol class="shithub-org-team-repo-list">

+          {{ range .Repos }}

+          <li class="shithub-org-team-repo-row">

+            <div class="shithub-org-team-repo-main">

+              <span class="shithub-org-team-repo-icon">{{ octicon "repo" }}</span>

+              <div>

+                <a href="/{{ $.Org.Slug }}/{{ .RepoName }}">{{ $.Org.Slug }}/{{ .RepoName }}</a>

+                {{ if eq .Visibility "private" }}<span class="shithub-pill shithub-pill-private">Private</span>{{ else }}<span class="shithub-pill">Public</span>{{ end }}

+                <p>{{ .Role }} access · granted {{ relativeTime .AddedAt.Time }}</p>

+              </div>

+            </div>

+            {{ if $.IsOwner }}

+            <form method="POST" action="/{{ $.Org.Slug }}/teams/{{ $.Team.Slug }}/repos">

+              <button type="submit" class="shithub-button shithub-button-danger">Remove</button>

+            {{ end }}

+          </li>

+        </ol>

+        {{ else }}

+        <div class="shithub-org-empty"><h3>No repositories yet.</h3></div>

+      </section>

+

+      <section id="child-teams" class="shithub-org-team-panel">

+        <div class="shithub-org-team-panel-head">

+          <div>

+            <h2>Child teams</h2>

+            <p>Child teams inherit repository permissions from this team.</p>

+          </div>

+        </div>

+        {{ if .ChildTeams }}

+        <ol class="shithub-org-team-list shithub-org-team-list-compact">

+          {{ range .ChildTeams }}

+          <li class="shithub-org-team-row">

+            <div class="shithub-org-team-row-icon" aria-hidden="true">{{ octicon "people" }}</div>

+            <div class="shithub-org-team-row-main">

+              <div class="shithub-org-team-row-title">

+                <a href="{{ .Path }}">{{ .DisplayName }}</a>

+                <span class="shithub-meta">@{{ $.Org.Slug }}/{{ .Slug }}</span>

+              </div>

+              <div class="shithub-org-team-row-meta">

+                <span>{{ octicon "person" }} {{ .MemberCount }} member{{ if ne .MemberCount 1 }}s{{ end }}</span>

+                <span>{{ octicon "repo" }} {{ .RepoCount }} repositor{{ if eq .RepoCount 1 }}y{{ else }}ies{{ end }}</span>

+              </div>

+            </div>

+          </li>

+          {{ end }}

+        </ol>

+        {{ else }}

+        <div class="shithub-org-empty"><h3>No child teams.</h3></div>

+        {{ end }}

+      </section>

+    </main>

+

+    <aside class="shithub-org-team-manage" aria-label="Team management">

+      {{ if .IsOwner }}

+      <section class="shithub-org-team-manage-box">

+        <h2>Add member</h2>

+        <form method="POST" action="/{{ .Org.Slug }}/teams/{{ .Team.Slug }}/members">

+          <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+          <label><span>Username</span><input type="text" name="username" required placeholder="@username"></label>

+          <label><span>Role</span>

+            <select name="role">

+              <option value="member" selected>Member</option>

+              <option value="maintainer">Maintainer</option>

+            </select>

+          </label>

+          <button type="submit" class="shithub-button shithub-button-primary">Add member</button>

+        </form>

+      </section>

+

+      <section class="shithub-org-team-manage-box">

+        <h2>Add repository</h2>

+        {{ if .RepoCandidates }}

+        <form method="POST" action="/{{ .Org.Slug }}/teams/{{ .Team.Slug }}/repos">

+          <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+          <label><span>Repository</span>

+            <select name="repo_id" required>

+              <option value="">Select repository</option>

+              {{ range .RepoCandidates }}<option value="{{ .ID }}">{{ $.Org.Slug }}/{{ .Name }} ({{ .Visibility }})</option>{{ end }}

+            </select>

+          </label>

+          <label><span>Role</span>

+            <select name="role">

+              <option value="read">Read</option>

+              <option value="triage">Triage</option>

+              <option value="write" selected>Write</option>

+              <option value="maintain">Maintain</option>

+              <option value="admin">Admin</option>

+            </select>

+          </label>

+          <button type="submit" class="shithub-button shithub-button-primary">Add repository</button>

+        </form>

+        {{ else }}

+        <p class="shithub-muted">Every organization repository is already linked to this team.</p>

+        {{ end }}

+      </section>

+      {{ end }}

+

+      <section class="shithub-org-team-manage-box">

+        <h2>Team visibility</h2>

+        <p>{{ if .TeamIsSecret }}Secret teams are visible to team members and organization owners.{{ else }}Visible teams can be found and mentioned by organization members.{{ end }}</p>

+      </section>

+    </aside>

+  </div>

+<section class="shithub-org-profile shithub-org-teams">

+  <header class="shithub-org-profile-head shithub-org-teams-head">

+    <div class="shithub-org-teams-title">

+      <img class="shithub-org-teams-avatar" src="{{ .AvatarURL }}" alt="" width="48" height="48">

+      <div>

+        <h1>{{ if .Org.DisplayName }}{{ .Org.DisplayName }}{{ else }}{{ .Org.Slug }}{{ end }}</h1>

+        <p class="shithub-meta">@{{ .Org.Slug }}</p>

+      </div>

+    </div>

+  {{ template "org-nav" . }}

+  <div class="shithub-org-teams-layout">

+    <main class="shithub-org-teams-main">

+      <div class="shithub-org-team-toolbar">

+        <div>

+          <h2>Teams</h2>

+          <p>Use teams to manage repository access and group organization members.</p>

+        </div>

+        {{ if .IsOwner }}

+        <details class="shithub-org-team-create">

+          <summary class="shithub-button shithub-button-primary">{{ octicon "people" }} New team</summary>

+          <form method="POST" action="/{{ .Org.Slug }}/teams" class="shithub-org-team-create-form">

+            <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+            <label><span>Team name</span><input type="text" name="display_name" placeholder="Engineering" autocomplete="off"></label>

+            <label><span>Team slug</span><input type="text" name="slug" required pattern="[a-z0-9](?:[a-z0-9._-]{0,48}[a-z0-9])?" placeholder="engineering" autocomplete="off"></label>

+            <label><span>Description</span><input type="text" name="description" placeholder="What is this team responsible for?"></label>

+            <label><span>Privacy</span>

+              <select name="privacy">

+                <option value="visible">Visible</option>

+                <option value="secret">Secret</option>

+              </select>

+            </label>

+            <button type="submit" class="shithub-button shithub-button-primary">Create team</button>

+          </form>

+        </details>

+        {{ end }}

+      </div>

+

+      <form method="GET" action="/{{ .Org.Slug }}/teams" class="shithub-org-team-filters" role="search">

+        <label class="shithub-org-team-search">

+          {{ octicon "search" }}

+          <input type="search" name="q" value="{{ .Query }}" placeholder="Find a team..." aria-label="Find a team">

+        </label>

+        {{ if .PrivacyFilter }}<input type="hidden" name="privacy" value="{{ .PrivacyFilter }}">{{ end }}

+        <button type="submit" class="shithub-button">Search</button>

+      </form>

+

+      <nav class="shithub-org-team-filter-tabs" aria-label="Team filters">

+        <a href="/{{ .Org.Slug }}/teams{{ if .Query }}?q={{ urlquery .Query }}{{ end }}" class="{{ if not .PrivacyFilter }}is-selected{{ end }}">All <span>{{ .TeamTotalCount }}</span></a>

+        <a href="/{{ .Org.Slug }}/teams?privacy=visible{{ if .Query }}&amp;q={{ urlquery .Query }}{{ end }}" class="{{ if eq .PrivacyFilter "visible" }}is-selected{{ end }}">Visible <span>{{ .VisibleCount }}</span></a>

+        <a href="/{{ .Org.Slug }}/teams?privacy=secret{{ if .Query }}&amp;q={{ urlquery .Query }}{{ end }}" class="{{ if eq .PrivacyFilter "secret" }}is-selected{{ end }}">Secret <span>{{ .SecretCount }}</span></a>

+      </nav>

+

+      {{ if .Teams }}

+      <ol class="shithub-org-team-list">

+        {{ range .Teams }}

+        <li class="shithub-org-team-row">

+          <div class="shithub-org-team-row-icon" aria-hidden="true">{{ octicon "people" }}</div>

+          <div class="shithub-org-team-row-main">

+            <div class="shithub-org-team-row-title">

+              <a href="{{ .Path }}">{{ .DisplayName }}</a>

+              <span class="shithub-meta">@{{ $.Org.Slug }}/{{ .Slug }}</span>

+              {{ if .IsSecret }}<span class="shithub-pill shithub-pill-private">{{ octicon "lock" }} Secret</span>{{ else }}<span class="shithub-pill">{{ octicon "eye" }} Visible</span>{{ end }}

+            </div>

+            {{ if .Description }}<p>{{ .Description }}</p>{{ else }}<p class="shithub-muted">No description provided.</p>{{ end }}

+            <div class="shithub-org-team-row-meta">

+              <span>{{ octicon "person" }} {{ .MemberCount }} member{{ if ne .MemberCount 1 }}s{{ end }}</span>

+              <span>{{ octicon "repo" }} {{ .RepoCount }} repositor{{ if eq .RepoCount 1 }}y{{ else }}ies{{ end }}</span>

+              {{ if .ChildCount }}<span>{{ octicon "people" }} {{ .ChildCount }} child team{{ if ne .ChildCount 1 }}s{{ end }}</span>{{ end }}

+              {{ if .HasParent }}<span>{{ octicon "git-branch" }} Child of <a href="/{{ $.Org.Slug }}/teams/{{ .ParentSlug }}">{{ .ParentSlug }}</a></span>{{ end }}

+            </div>

+          </div>

+        </li>

+        {{ end }}

+      </ol>

+      {{ else }}

+      <div class="shithub-org-empty">

+        <h3>No teams found.</h3>

+        <p>Teams matching the current filters will appear here.</p>

+      </div>

+    </main>

+

+    <aside class="shithub-org-sidebar" aria-label="Teams sidebar">

+      <section class="shithub-org-sidebox">

+        <h2>About teams</h2>

+        <p>Visible teams can be found by organization members. Secret teams are limited to team members and owners.</p>

+      </section>

+      <section class="shithub-org-sidebox">

+        <h2>Organization access</h2>

+        <p><strong>{{ .MemberCount }}</strong> member{{ if ne .MemberCount 1 }}s{{ end }} across <strong>{{ .TeamCount }}</strong> team{{ if ne .TeamCount 1 }}s{{ end }}.</p>

+      </section>

+    </aside>

+  </div>

+      <p class="shithub-hint">Teams from <a href="/{{ .Owner }}/teams">{{ .Owner }}</a> with access to this repo.</p>

+            <td><a href="/{{ $.Owner }}/teams/{{ .TeamSlug }}">{{ .TeamDisplayName }}</a> <span class="shithub-fg-muted">@{{ .TeamSlug }}</span></td>