Team folders — viewing team files

Super_admin & admin see all users; owner sees self + team. Member switcher in toolbar. /creative-hub/:folderId?member=:memberId. RBAC via getVisibleSessionIds(db, callerId, callerRole).

Written By Salvatore Sinigaglia

Last updated About 5 hours ago

Super_admin & admin see all users; owner sees self + team. Member switcher in toolbar. /creative-hub/:folderId?member=:memberId. RBAC via getVisibleSessionIds(db, callerId, callerRole).

Team folders — viewing team files

Wevion's RBAC determines whose Creative Hub folders you can see. super_admin and admin see all users; owner sees self + their team members; every other role (e.g. mediabuyer) sees only their own. The toolbar Members switcher switches the view. URL pattern: /creative-hub/:folderId?member=:memberId. Backed by getVisibleSessionIds(db, callerId, callerRole) in creative-hub.helpers.ts.

Who is this for

PMs auditing team creative work. Admins onboarding new members. Anyone needing to see what a teammate uploaded or generated.

Who can see what

RoleSees (via getVisibleSessionIds)
super_adminAll users' Creative Hub folders + files
adminAll users' Creative Hub folders + files
ownerOwn folder + their team members' folders
managerOwn folder only
mediabuyerOwn folder only
financeOwn folder only
viewerOwn folder only

There is no canViewTeam flag in the code — visibility is decided directly by role inside getVisibleSessionIds(db, callerId, callerRole). The Members switcher appears for roles that can see more than their own folder (super_admin / admin / owner).

How to switch view

If your role can see other users' folders:

  1. Top toolbar shows Members dropdown
  2. Pick a teammate from the list
  3. View flips to that member's root folder
  4. URL becomes /creative-hub/:rootFolderId?member=:memberId

You see the teammate's folders and files as they exist. Read-only by default (no edits to their files); your own action menus appear for files you co-own.

How RBAC is enforced

In code (apps/backend/src/services/creative-hub/creative-hub.helpers.ts):

  1. getVisibleSessionIds(db, callerId, callerRole) returns the list of session IDs whose Creative Hub the current user can access
    • super_admin / admin: returns all user session IDs
    • owner: returns [callerId] + the ids of users where owner_id = callerId (their team members)
    • all other roles (mediabuyer, manager, finance, viewer): returns [callerId] only
  2. The listing endpoints filter to these visible session IDs

Result: data isolation by default; broad access only for super_admin / admin (all) and owner (their team).

Shared work without team switcher

If your role only sees your own folder but you need to share specific work with a teammate:

  • Internally: use team-folder workflow (admin sets up shared workspace folder all members write to). Often manual coordination.
  • Externally via Drive: share the folder using ch-105 (Drive permissions) — works for any user role.

The Members switcher is for visibility by roles that can see others (super_admin / admin / owner), not for daily collaboration. For daily collab, use shared team folders.

Use cases

PM weekly review

PM (owner role) clicks through each of their team members' folders weekly: spot-check new uploads, AI-generated experiments, identify creative blockers.

Audit of departing employee

Before offboarding: super_admin views the departing member's folders, transfers or archives important assets.

Onboarding a new hire

Onboard a mediabuyer: super_admin browses team folders to find example campaigns + creative patterns to share with the new hire.

Compliance check

Owner periodically reviews team creative folders to ensure brand compliance + flag any non-approved assets.

Limits + caveats

  • No edit on teammate's files (read-only when viewing another user's folder unless you co-own the file)
  • Switching is per-page-load — refreshing returns to own root unless the URL has the ?member= param
  • Viewing a teammate's folder is not audit-logged — there is no creative_team_folder_view (or any creative_*) audit action in the code

Common issues

  • "Members switcher missing": your role only sees your own folder (not super_admin / admin / owner). This is by design.
  • "Teammate folder appears empty": they haven't uploaded yet, OR their ensureUserFolder() hasn't fired yet (no upload has triggered root creation).
  • "Can't open teammate's file": Wevion RBAC allows view, but Drive permission may not — direct Drive open requires explicit Drive share (see ch-105).
  • "View not switching": stale URL param; click another teammate then click back, OR clear URL ?member= param and re-pick.

FAQ

Who can see other teammates' Creative Hub folders?

In Wevion, super_admin and admin see every user's Creative Hub folders and files; an owner sees their own plus their team members' folders; every other role (manager, mediabuyer, finance, viewer) sees only their own. There is no canViewTeam flag — the role decides visibility directly in getVisibleSessionIds, and the Members switcher shows for roles that can see more than their own folder.

How do I view a teammate's files?

If your role can see other users (super_admin, admin, or owner), a Members dropdown appears in the Creative Hub toolbar. Pick a teammate and the view flips to their root folder, with the URL becoming /creative-hub/:rootFolderId?member=:memberId. You see their folders and files read-only by default — your action menus only appear for files you co-own.

Why is the Members switcher missing for me?

This is by design in Wevion — the Members switcher only appears for roles that can see beyond their own folder (super_admin, admin, or owner). Other roles see only their own folder. If your role can't see others but you need to share specific work, use a shared team folder or share externally via Google Drive permissions.

Can I edit a teammate's files when viewing their folder?

No — when you view another user's Creative Hub folders, access is read-only by default unless you're an explicit co-owner. The Members switcher is meant for visibility, not daily collaboration. For everyday shared work, use a shared team folder or Drive-level sharing.

Is viewing a teammate's folder logged?

No — there is no creative_team_folder_view (or any creative_*) audit action in the code, so viewing a teammate's folder is not written to the audit log. Data isolation is still the default: getVisibleSessionIds(db, callerId, callerRole) returns only your own session for most roles, all users for super_admin / admin, and self + team for owner.

FAQ

Who can see other teammates' Creative Hub folders?

In Wevion, super_admin and admin see every user's Creative Hub folders and files; an owner sees their own plus their team members' folders; every other role (manager, mediabuyer, finance, viewer) sees only their own. There is no canViewTeam flag — the role decides visibility directly in getVisibleSessionIds, and the Members switcher shows for roles that can see more than their own folder.

How do I view a teammate's files?

If your role can see other users (super_admin, admin, or owner), a Members dropdown appears in the Creative Hub toolbar. Pick a teammate and the view flips to their root folder, with the URL becoming /creative-hub/:rootFolderId?member=:memberId. You see their folders and files read-only by default — your action menus only appear for files you co-own.

Why is the Members switcher missing for me?

This is by design in Wevion — the Members switcher only appears for roles that can see beyond their own folder (super_admin, admin, or owner). Other roles see only their own folder. If your role can't see others but you need to share specific work, use a shared team folder or share externally via Google Drive permissions.

Can I edit a teammate's files when viewing their folder?

No — when you view another user's Creative Hub folders, access is read-only by default unless you're an explicit co-owner. The Members switcher is meant for visibility, not daily collaboration. For everyday shared work, use a shared team folder or Drive-level sharing.

Is viewing a teammate's folder logged?

No — there is no creativeteamfolderview (or any creative*) audit action in the code, so viewing a teammate's folder is not written to the audit log. Data isolation is still the default: getVisibleSessionIds(db, callerId, callerRole) returns only your own session for most roles, all users for super_admin / admin, and self + team for owner.

Last updated: 2026-05-17