diff --git a/symposion/teams/views.py b/symposion/teams/views.py
index 3dcb5946fb61f6ded14ef43d1253714baed665b8..a2d719d0f2a1335d50f81bc6ce38f78bc7df873c 100644
--- a/symposion/teams/views.py
+++ b/symposion/teams/views.py
@@ -1,9 +1,35 @@
 from django.http import Http404
-from django.shortcuts import render, get_object_or_404
+from django.shortcuts import render, redirect, get_object_or_404
 
 from django.contrib.auth.decorators import login_required
 
-from symposion.teams.models import Team
+from symposion.teams.models import Team, Membership
+
+
+## perm checks
+#
+# @@@ these can be moved
+
+def can_join(team, user):
+    state = team.get_state_for_user(user)
+
+    if team.access == "open" and state is None:
+        return True
+    elif team.access == "invitation" and state is "invited":
+        return True
+    else:
+        return False
+
+
+def can_leave(team, user):
+    state = team.get_state_for_user(user)
+    if state == "member":  # managers can't leave at the moment
+        return True
+    else:
+        return False
+
+
+## views
 
 
 @login_required
@@ -16,4 +42,39 @@ def team_detail(request, slug):
     return render(request, "teams/team_detail.html", {
         "team": team,
         "state": state,
+        "can_join": can_join(team, request.user),
+        "can_leave": can_leave(team, request.user),
     })
+
+
+@login_required
+def team_join(request, slug):
+    team = get_object_or_404(Team, slug=slug)
+    state = team.get_state_for_user(request.user)
+    if team.access == "invitation" and state is None:
+        raise Http404()
+    
+    if can_join(team, request.user) and request.method == "POST":
+        membership, created = Membership.objects.get_or_create(team=team, user=request.user)
+        membership.state = "member"
+        membership.save()
+        # contrib.message
+        return redirect("team_detail", slug=slug)
+    else:
+        return redirect("team_detail", slug=slug)
+
+
+@login_required
+def team_leave(request, slug):
+    team = get_object_or_404(Team, slug=slug)
+    state = team.get_state_for_user(request.user)
+    if team.access == "invitation" and state is None:
+        raise Http404()
+    
+    if can_leave(team, request.user) and request.method == "POST":
+        membership = Membership.objects.get(team=team, user=request.user)
+        membership.delete()
+        # contrib.message
+        return redirect("dashboard")
+    else:
+        return redirect("team_detail", slug=slug)