Merge pull request 'feature/1183-signup-personal-default' (#1187) from feature/1183-signup-personal-default into dev

Reviewed-on: baron/baron-sso#1187
2026-06-16 18:39:35 +09:00
parent 82d908828f 5f153bc370
commit 0ff8cfd1d9
15 changed files with 201 additions and 175 deletions
--- a/adminfront/src/components/layout/AppLayout.tsx
+++ b/adminfront/src/components/layout/AppLayout.tsx
@@ -270,8 +270,7 @@ function AppLayout() {
      if (item.to === "/permissions-direct") return false;
      if (item.to === "/tenants") return permissions.tenants;
      if (item.to === orgfrontUrl) return permissions.org_chart;
-      if (item.to === "/worksmobile")
-        return permissions.worksmobile && showWorksmobile;
+      if (item.to === "/worksmobile") return permissions.worksmobile;
      if (item.to === "/system/ory-ssot") return permissions.ory_ssot;
      if (item.to === "/system/data-integrity")
        return permissions.data_integrity;
--- a/adminfront/src/features/coverage/adminTenantTabs.test.tsx
+++ b/adminfront/src/features/coverage/adminTenantTabs.test.tsx
@@ -61,7 +61,7 @@ const users = [
    id: "user-owner",
    name: "Owner User",
    email: "owner@example.com",
-    role: "tenant_admin",
+    role: "super_admin",
    status: "active",
  },
  {
--- a/adminfront/src/features/tenants/hooks/useTenantPermission.ts
+++ b/adminfront/src/features/tenants/hooks/useTenantPermission.ts
@@ -13,7 +13,9 @@ export type TenantPermissionKey =
  | "view_organization"
  | "manage_organization"
  | "view_schema"
-  | "manage_schema";
+  | "manage_schema"
+  | "view_worksmobile"
+  | "manage_worksmobile";

 export function useTenantPermission(tenantId: string) {
  const { data: profile } = useQuery({
--- a/adminfront/src/features/tenants/routes/TenantFineGrainedPermissionsPage.tsx
+++ b/adminfront/src/features/tenants/routes/TenantFineGrainedPermissionsPage.tsx
@@ -645,7 +645,9 @@ export function TenantFineGrainedPermissionsPage() {
                                        {menu.label}
                                      </span>
                                      {(menu.relation === "ory_ssot" ||
-                                        menu.relation === "data_integrity") && (
+                                        menu.relation === "data_integrity" ||
+                                        menu.relation ===
+                                          "permissions_direct") && (
                                        <Badge
                                          variant="secondary"
                                          className="text-[10px] py-0.5 px-1.5 font-semibold text-destructive bg-destructive/10 border-destructive/20"
@@ -667,7 +669,8 @@ export function TenantFineGrainedPermissionsPage() {
                                  value={permissionValue}
                                  disabled={
                                    menu.relation === "ory_ssot" ||
-                                    menu.relation === "data_integrity"
+                                    menu.relation === "data_integrity" ||
+                                    menu.relation === "permissions_direct"
                                  }
                                  onChange={(e) => {
                                    const nextVal = e.target.value as
--- a/adminfront/src/features/tenants/routes/TenantFineGrainedPermissionsTab.tsx
+++ b/adminfront/src/features/tenants/routes/TenantFineGrainedPermissionsTab.tsx
@@ -31,13 +31,13 @@ import {
 import { toast } from "../../../components/ui/use-toast";
 import {
  addTenantRelation,
+  fetchMe,
  fetchTenantRelations,
  fetchUsers,
  removeTenantRelation,
  type TenantRelation,
 } from "../../../lib/adminApi";
 import { t } from "../../../lib/i18n";
-import { useTenantPermission } from "../hooks/useTenantPermission";

 interface TenantFineGrainedPermissionsTabProps {
  tenantIdProp?: string;
@@ -48,8 +48,11 @@ export function TenantFineGrainedPermissionsTab({
 }: TenantFineGrainedPermissionsTabProps = {}) {
  const { tenantId: tenantIdParam } = useParams<{ tenantId: string }>();
  const tenantId = tenantIdProp || tenantIdParam || "";
-  const { hasPermission } = useTenantPermission(tenantId);
-  const isWritable = hasPermission("manage_admins");
+  const { data: profile } = useQuery({
+    queryKey: ["me"],
+    queryFn: fetchMe,
+  });
+  const isWritable = profile?.role === "super_admin";
  const queryClient = useQueryClient();
  const [searchTerm, setSearchTerm] = useState("");
  const [isDialogOpen, setIsDialogOpen] = useState(false);
@@ -75,7 +78,13 @@ export function TenantFineGrainedPermissionsTab({
      > = {};
      for (const user of relationsQuery.data) {
        initialMap[user.userId] = {};
-        const tabs = ["profile", "permissions", "organization", "schema"];
+        const tabs = [
+          "profile",
+          "permissions",
+          "organization",
+          "schema",
+          "worksmobile",
+        ];
        for (const tab of tabs) {
          const isWrite = user.relations.includes(`${tab}_managers`);
          const isRead = user.relations.includes(`${tab}_viewers`);
@@ -204,7 +213,7 @@ export function TenantFineGrainedPermissionsTab({

  const handleRelationChange = async (
    userId: string,
-    tab: "profile" | "permissions" | "organization" | "schema",
+    tab: "profile" | "permissions" | "organization" | "schema" | "worksmobile",
    currentVal: "none" | "read" | "write",
    newVal: "none" | "read" | "write",
  ) => {
@@ -318,6 +327,14 @@ export function TenantFineGrainedPermissionsTab({
          </Button>
        </CardHeader>
        <CardContent className="pt-0">
+          {!isWritable && (
+            <div className="mb-4 p-3 bg-amber-50 dark:bg-amber-950/20 text-amber-800 dark:text-amber-200 border border-amber-200 dark:border-amber-800/30 rounded-lg text-sm font-medium">
+              {t(
+                "msg.admin.tenants.relations.super_admin_only_desc",
+                "이 화면의 권한 설정은 시스템 최고 관리자(super_admin)만 수정할 수 있습니다.",
+              )}
+            </div>
+          )}
          <div className="rounded-md border border-border overflow-hidden">
            <Table>
              <TableHeader className="bg-secondary/40">
@@ -337,6 +354,12 @@ export function TenantFineGrainedPermissionsTab({
                  <TableHead className="font-bold">
                    {t("ui.admin.tenants.detail.tab_schema", "사용자 스키마")}
                  </TableHead>
+                  <TableHead className="font-bold">
+                    {t(
+                      "ui.admin.tenants.detail.tab_worksmobile",
+                      "네이버웍스 연동",
+                    )}
+                  </TableHead>
                  <TableHead className="font-bold text-center w-20">
                    {t("ui.common.action", "작업")}
                  </TableHead>
@@ -346,7 +369,7 @@ export function TenantFineGrainedPermissionsTab({
                {relations.length === 0 ? (
                  <TableRow>
                    <TableCell
-                      colSpan={6}
+                      colSpan={7}
                      className="text-center py-12 text-muted-foreground"
                    >
                      {t(
@@ -387,6 +410,14 @@ export function TenantFineGrainedPermissionsTab({
                        ? "read"
                        : "none";

+                    const worksmobileVal = user.relations.includes(
+                      "worksmobile_managers",
+                    )
+                      ? "write"
+                      : user.relations.includes("worksmobile_viewers")
+                        ? "read"
+                        : "none";
+
                    const curProfileVal =
                      localTenantPermissions[user.userId]?.profile ??
                      profileVal;
@@ -398,6 +429,9 @@ export function TenantFineGrainedPermissionsTab({
                      organizationVal;
                    const curSchemaVal =
                      localTenantPermissions[user.userId]?.schema ?? schemaVal;
+                    const curWorksmobileVal =
+                      localTenantPermissions[user.userId]?.worksmobile ??
+                      worksmobileVal;

                    return (
                      <TableRow
@@ -562,6 +596,43 @@ export function TenantFineGrainedPermissionsTab({
                            </option>
                          </select>
                        </TableCell>
+                        <TableCell>
+                          <select
+                            className="flex h-9 w-full rounded-md border border-input bg-background px-3 py-1 text-sm shadow-sm transition-colors focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:cursor-not-allowed disabled:opacity-50"
+                            value={curWorksmobileVal}
+                            disabled={!isWritable}
+                            name={`tenant-fine-grained-worksmobile-${user.userId}`}
+                            onChange={(e) => {
+                              const nextVal = e.target.value as
+                                | "none"
+                                | "read"
+                                | "write";
+                              setLocalTenantPermissions((prev) => ({
+                                ...prev,
+                                [user.userId]: {
+                                  ...(prev[user.userId] ?? {}),
+                                  worksmobile: nextVal,
+                                },
+                              }));
+                              handleRelationChange(
+                                user.userId,
+                                "worksmobile",
+                                worksmobileVal,
+                                nextVal,
+                              );
+                            }}
+                          >
+                            <option value="none">
+                              {t("ui.common.none", "권한 없음")}
+                            </option>
+                            <option value="read">
+                              {t("ui.common.read", "조회 가능 (Read)")}
+                            </option>
+                            <option value="write">
+                              {t("ui.common.write", "수정 가능 (Write)")}
+                            </option>
+                          </select>
+                        </TableCell>
                        <TableCell className="text-center">
                          <Button
                            variant="ghost"
--- a/adminfront/src/lib/adminApi.ts
+++ b/adminfront/src/lib/adminApi.ts
@@ -45,6 +45,8 @@ export type TenantSummary = {
    manage_organization?: boolean;
    view_schema?: boolean;
    manage_schema?: boolean;
+    view_worksmobile?: boolean;
+    manage_worksmobile?: boolean;
  };
  createdAt: string;
  updatedAt: string;
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -712,69 +712,21 @@ func (h *AuthHandler) Signup(c *fiber.Ctx) error {
 	}

 	// 소속이 비어 있는 일반 가입자는 PERSONAL tenant를 자동 생성해 대표소속을 보장합니다.
-	tenantSlug := strings.TrimSpace(req.TenantSlug)
+	// 모든 온라인 가입자는 기본적으로 개인(Personal) 테넌트 소속으로 가입합니다.
+	// 기업/가족사 소속 연동은 별도 문의를 통해 처리되므로 온라인 가입 흐름에서는 제외합니다.
+	req.AffiliationType = "GENERAL"
+	slog.Info("[Signup] Forcing AffiliationType to GENERAL (Default personal tenant signup policy)", "email", req.Email)
+
 	var tenantID *string
-
-	parts := strings.Split(req.Email, "@")
-	if len(parts) != 2 {
-		return errorJSON(c, fiber.StatusBadRequest, "Invalid email format")
-	}
-	domainName := parts[1]
-
-	// Check if this domain belongs to a predefined family affiliate
-	isInternal, _ := h.isAffiliateTenant(c.Context(), domainName)
-
-	// [Strict Policy] Force AffiliationType based on predefined family slugs (User cannot choose)
-	if isInternal {
-		req.AffiliationType = "AFFILIATE"
-		slog.Info("[Signup] Forcing AffiliationType to AFFILIATE", "email", req.Email)
-	} else {
-		req.AffiliationType = "GENERAL"
-		slog.Info("[Signup] Forcing AffiliationType to GENERAL", "email", req.Email)
-	}
-
-	if tenantSlug != "" {
-		// [Security] Cross-check: If domain is NOT internal, they cannot provide a tenantSlug
-		if !isInternal {
-			slog.Warn("[Signup] Security violation: non-internal email providing tenantSlug", "email", req.Email)
-			return errorJSON(c, fiber.StatusForbidden, "Only affiliate members can join an organization.")
-		}
-
-		if !affiliateSlugs[strings.ToLower(tenantSlug)] {
-			return errorJSON(c, fiber.StatusForbidden, "The selected organization is not a valid family affiliate.")
-		}
-
-		tenant, err := h.TenantService.GetTenantBySlug(c.Context(), tenantSlug)
-		if err == nil && tenant != nil {
-			if tenant.Status == domain.TenantStatusActive {
-				slog.Info("[Signup] Assigning tenant by manual slug", "email", req.Email, "tenant", tenant.Slug)
-				tenantSlug = tenant.Slug
-				tenantID = &tenant.ID
-			} else {
-				return errorJSON(c, fiber.StatusForbidden, "The specified organization is not active.")
-			}
-		} else {
-			slog.Warn("[Signup] Attempted to join non-existent organization", "slug", tenantSlug, "email", req.Email)
-			return errorJSON(c, fiber.StatusNotFound, "The specified organization code was not found.")
-		}
-	} else {
-		// If it's a family affiliate domain, they MUST select one of the family companies
-		if isInternal {
-			return errorJSON(c, fiber.StatusBadRequest, "Please select your organization.")
-		}
-	}
-
-	if tenantID == nil && req.AffiliationType == "AFFILIATE" {
-		return errorJSON(c, fiber.StatusBadRequest, "We couldn't verify your organization affiliation. Please check your choice.")
-	}
-	if tenantID == nil && req.AffiliationType == "GENERAL" {
-		tenant, err := createPersonalTenantForUser(c.Context(), h.TenantService, req.Email)
+	tenant, err := h.TenantService.GetTenantBySlug(c.Context(), "personal")
+	if err != nil || tenant == nil {
+		// Fallback: 만약 시드된 personal 테넌트가 없을 경우 개인별 테넌트를 자동 생성합니다.
+		tenant, err = createPersonalTenantForUser(c.Context(), h.TenantService, req.Email)
 		if err != nil {
-			return errorJSON(c, fiber.StatusServiceUnavailable, "failed to create personal tenant")
+			return errorJSON(c, fiber.StatusServiceUnavailable, "failed to resolve personal tenant")
 		}
-		tenantSlug = tenant.Slug
-		tenantID = &tenant.ID
 	}
+	tenantID = &tenant.ID

 	// Normalize Phone (E.164 형태로 보관)
 	normalizedPhone := domain.NormalizePhoneNumber(req.Phone)
--- a/backend/internal/handler/auth_handler_signup_test.go
+++ b/backend/internal/handler/auth_handler_signup_test.go
@@ -116,22 +116,19 @@ func TestSignup_TenantSlugValidation(t *testing.T) {
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 	})

-	t.Run("Active Tenant Slug", func(t *testing.T) {
+	t.Run("Success creates Personal Tenant", func(t *testing.T) {
 		reqBody := domain.SignupRequest{
 			Email:         "user@hanmaceng.co.kr",
 			Password:      "StrongPass123!",
 			Name:          "Test User",
 			Phone:         "010-1234-5678",
 			TermsAccepted: true,
-			TenantSlug:    "hanmac",
 		}
 		body, _ := json.Marshal(reqBody)

-		validTenant := &domain.Tenant{ID: "t1", Slug: "hanmac", Status: domain.TenantStatusActive}
-		mockTenantSvc.On("GetTenantByDomain", mock.Anything, "hanmaceng.co.kr").Return(&domain.Tenant{Slug: "hanmac"}, nil).Once()
-		mockTenantSvc.On("ProvisionTenantByDomain", mock.Anything, "hanmaceng.co.kr").Return(validTenant, nil).Maybe()
-		mockTenantSvc.On("GetTenantBySlug", mock.Anything, "hanmac").Return(validTenant, nil).Once()
-		mockTenantSvc.On("GetTenant", mock.Anything, "t1").Return(validTenant, nil).Once()
+		validTenant := &domain.Tenant{ID: "personal-t1", Slug: "personal-slug", Status: domain.TenantStatusActive}
+		mockTenantSvc.On("GetTenantBySlug", mock.Anything, "personal").Return((*domain.Tenant)(nil), assert.AnError).Once()
+		mockTenantSvc.On("RegisterTenant", mock.Anything, "Personal - user@hanmaceng.co.kr", mock.Anything, domain.TenantTypePersonal, "Automatically provisioned personal tenant", []string(nil), (*string)(nil), "").Return(validTenant, nil).Once()
 		mockIdp.On("CreateUser", mock.Anything, mock.Anything).Return("user-id", nil).Once()
 		mockRedis.On("Delete", mock.Anything).Return(nil)

--- a/backend/internal/handler/tenant_assignment_policy.go
+++ b/backend/internal/handler/tenant_assignment_policy.go
@@ -135,6 +135,9 @@ func createPersonalTenantForUser(ctx context.Context, tenantService service.Tena
 		normalizedEmail = "user"
 	}
 	slug := "personal-" + strings.ReplaceAll(uuid.NewString(), "-", "")
+	if len(slug) > 32 {
+		slug = slug[:32]
+	}
 	tenant, err := tenantService.RegisterTenant(
 		ctx,
 		fmt.Sprintf("Personal - %s", normalizedEmail),
--- a/backend/internal/handler/tenant_assignment_policy_test.go
+++ b/backend/internal/handler/tenant_assignment_policy_test.go
@@ -0,0 +1,48 @@
+package handler
+
+import (
+	"baron-sso-backend/internal/domain"
+	"baron-sso-backend/internal/utils"
+	"context"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+)
+
+func TestCreatePersonalTenantForUser_SlugLength(t *testing.T) {
+	mockTenantService := &MockTenantService{}
+	ctx := context.Background()
+
+	var capturedSlug string
+	mockTenantService.On(
+		"RegisterTenant",
+		ctx,
+		"Personal - user@example.com",
+		mock.AnythingOfType("string"),
+		domain.TenantTypePersonal,
+		"Automatically provisioned personal tenant",
+		[]string(nil),
+		(*string)(nil),
+		"",
+	).Run(func(args mock.Arguments) {
+		capturedSlug = args.String(2)
+	}).Return(&domain.Tenant{
+		ID:   "personal-tenant-id",
+		Slug: "personal-slug",
+		Name: "Personal - user@example.com",
+	}, nil)
+
+	tenant, err := createPersonalTenantForUser(ctx, mockTenantService, "user@example.com")
+	assert.NoError(t, err)
+	assert.NotNil(t, tenant)
+
+	// Ensure the generated slug is strictly 32 characters or less
+	assert.LessOrEqual(t, len(capturedSlug), 32)
+	assert.True(t, strings.HasPrefix(capturedSlug, "personal-"))
+
+	// Ensure that the captured slug actually passes ValidateSlug!
+	valid, msg := utils.ValidateSlug(capturedSlug)
+	assert.True(t, valid, "Slug must be valid: "+msg)
+}
--- a/backend/internal/handler/tenant_handler.go
+++ b/backend/internal/handler/tenant_handler.go
@@ -97,6 +97,8 @@ type tenantPermissions struct {
 	ManageOrganization bool `json:"manage_organization"`
 	ViewSchema         bool `json:"view_schema"`
 	ManageSchema       bool `json:"manage_schema"`
+	ViewWorksmobile    bool `json:"view_worksmobile"`
+	ManageWorksmobile  bool `json:"manage_worksmobile"`
 }

 type tenantSummary struct {
@@ -1742,6 +1744,8 @@ func (h *TenantHandler) GetTenant(c *fiber.Ctx) error {
 				ManageOrganization: true,
 				ViewSchema:         true,
 				ManageSchema:       true,
+				ViewWorksmobile:    true,
+				ManageWorksmobile:  true,
 			}
 		} else {
 			// Query Keto in parallel for maximum performance
@@ -1751,13 +1755,14 @@ func (h *TenantHandler) GetTenant(c *fiber.Ctx) error {
 				allowed  bool
 				err      error
 			}
-			ch := make(chan checkResult, 11)
+			ch := make(chan checkResult, 13)
 			relations := []string{
 				"view", "manage", "manage_admins",
 				"view_profile", "manage_profile",
 				"view_permissions", "manage_permissions",
 				"view_organization", "manage_organization",
 				"view_schema", "manage_schema",
+				"view_worksmobile", "manage_worksmobile",
 			}
 			for _, rel := range relations {
 				go func(r string) {
@@ -1796,6 +1801,10 @@ func (h *TenantHandler) GetTenant(c *fiber.Ctx) error {
 					perms.ViewSchema = res.allowed
 				case "manage_schema":
 					perms.ManageSchema = res.allowed
+				case "view_worksmobile":
+					perms.ViewWorksmobile = res.allowed
+				case "manage_worksmobile":
+					perms.ManageWorksmobile = res.allowed
 				}
 			}
 			summary.UserPermissions = perms
--- a/locales/en.toml
+++ b/locales/en.toml
@@ -368,6 +368,7 @@ tree_hint = "Review parent-child relationships and subtree coverage in the hiera
 [msg.admin.tenants.relations]
 empty = "There are no users with designated fine-grained permissions. Please add a user to configure."
 remove_all_confirm = "Remove All Confirm"
+super_admin_only_desc = "The permission settings on this screen can only be modified by the system administrator (super_admin)."
 subtitle = "Isolate and assign fine-grained view and edit permissions for each tab on a per-user basis. Parent inherited permissions are automatically preserved."
 update_success = "Update Success"

--- a/locales/ko.toml
+++ b/locales/ko.toml
@@ -368,6 +368,7 @@ tree_hint = "계층 구조를 따라 부모-자식 관계와 하위 범위를
 [msg.admin.tenants.relations]
 empty = "세부 권한이 지정된 사용자가 없습니다. 사용자를 추가해 설정하세요."
 remove_all_confirm = "이 사용자의 모든 세부 권한을 삭제하시겠습니까?"
+super_admin_only_desc = "이 화면의 권한 설정은 시스템 최고 관리자(super_admin)만 수정할 수 있습니다."
 subtitle = "사용자별로 각 탭의 세부 조회 및 수정 권한을 격리하여 할당합니다. 상위 상속 권한은 자동으로 보존됩니다."
 update_success = "세부 권한이 성공적으로 변경되었습니다."

--- a/locales/template.toml
+++ b/locales/template.toml
@@ -368,6 +368,7 @@ tree_hint = ""
 [msg.admin.tenants.relations]
 empty = ""
 remove_all_confirm = ""
+super_admin_only_desc = ""
 subtitle = ""
 update_success = ""

--- a/userfront/lib/features/auth/presentation/signup_screen.dart
+++ b/userfront/lib/features/auth/presentation/signup_screen.dart
@@ -3,6 +3,7 @@ import 'dart:async';
 import 'package:flutter/material.dart';
 import 'package:flutter/services.dart';
 import 'package:go_router/go_router.dart';
+import 'package:url_launcher/url_launcher.dart';
 import 'package:userfront/i18n.dart';
 import '../../../core/i18n/locale_utils.dart';
 import '../../../core/services/auth_proxy_service.dart';
@@ -1739,105 +1740,49 @@ Matters not expressly provided in this Policy are governed by the Company's inte
                        ),
                      ),
                    ),
-                    const SizedBox(height: 18),
-                    _buildProfileFieldGroup(
-                      title: tr('ui.userfront.signup.profile.affiliation_type'),
-                      description: '소속 유형과 회사 정보를 입력합니다.',
-                      isDesktop: isDesktop,
-                      trailing: null,
+                    const SizedBox(height: 24),
+                    Container(
+                      padding: const EdgeInsets.all(16),
+                      decoration: BoxDecoration(
+                        color: _signupSurface,
+                        borderRadius: BorderRadius.circular(12),
+                        border: Border.all(color: _signupBorder),
+                      ),
                      child: Column(
                        crossAxisAlignment: CrossAxisAlignment.stretch,
                        children: [
-                          DropdownButtonFormField<String>(
-                            key: ValueKey(_affiliationType),
-                            initialValue: _affiliationType,
-                            decoration: InputDecoration(
-                              labelText: tr(
-                                'ui.userfront.signup.profile.affiliation_type',
+                          Row(
+                            children: [
+                              Icon(
+                                Icons.business,
+                                color: Theme.of(context).colorScheme.primary,
+                                size: 20,
                              ),
-                              border: const OutlineInputBorder(),
-                            ),
-                            items: [
-                              DropdownMenuItem(
-                                value: 'GENERAL',
-                                child: Text(tr('domain.affiliation.general')),
-                              ),
-                              DropdownMenuItem(
-                                value: 'AFFILIATE',
-                                child: Text(tr('domain.affiliation.affiliate')),
+                              const SizedBox(width: 8),
+                              Expanded(
+                                child: Text(
+                                  '기업/가족사 소속이신가요?',
+                                  style: TextStyle(
+                                    fontWeight: FontWeight.bold,
+                                    fontSize: 14,
+                                    color: _signupInk,
+                                  ),
+                                ),
                              ),
                            ],
-                            onChanged: _isAffiliateLocked
-                                ? null
-                                : (val) {
-                                    if (val == null) {
-                                      return;
-                                    }
-                                    setState(() {
-                                      _affiliationType = val;
-                                      if (_affiliationType == 'GENERAL') {
-                                        _companyCode = null;
-                                      }
-                                    });
-                                  },
                          ),
-                          AnimatedSize(
-                            duration: const Duration(milliseconds: 180),
-                            curve: Curves.easeOut,
-                            child: Column(
-                              crossAxisAlignment: CrossAxisAlignment.stretch,
-                              children: [
-                                if (_affiliationType == 'AFFILIATE') ...[
-                                  const SizedBox(height: 14),
-                                  DropdownButtonFormField<String>(
-                                    key: ValueKey(_companyCode ?? 'none'),
-                                    initialValue: _companyCode,
-                                    decoration: InputDecoration(
-                                      labelText: tr(
-                                        'ui.userfront.signup.profile.company',
-                                      ),
-                                      border: const OutlineInputBorder(),
-                                    ),
-                                    items: _tenants.map((t) {
-                                      return DropdownMenuItem<String>(
-                                        value: t['slug'],
-                                        child: Text(t['name'] ?? t['slug']),
-                                      );
-                                    }).toList(),
-                                    onChanged: (val) =>
-                                        setState(() => _companyCode = val),
-                                  ),
-                                ],
-                              ],
+                          const SizedBox(height: 8),
+                          Text(
+                            '기업 및 가족사 임직원은 연동 문의가 필요합니다.\n\n해당하시는 경우, 사내 관리자 또는 담당자(baroncs@baroncs.co.kr)에게 문의해 주시기 바랍니다.',
+                            style: TextStyle(
+                              fontSize: 12,
+                              height: 1.45,
+                              color: _signupInk.withValues(alpha: 0.7),
                            ),
                          ),
                        ],
                      ),
                    ),
-                    const SizedBox(height: 18),
-                    _buildProfileFieldGroup(
-                      title: _affiliationType == 'AFFILIATE'
-                          ? tr('ui.userfront.signup.profile.department')
-                          : tr(
-                              'ui.userfront.signup.profile.department_optional',
-                            ),
-                      description: _affiliationType == 'AFFILIATE'
-                          ? '가족사 사용자는 부서명을 입력해주세요.'
-                          : '선택 입력 항목입니다.',
-                      isDesktop: isDesktop,
-                      child: TextFormField(
-                        controller: _deptController,
-                        onChanged: (_) => setState(() {}),
-                        decoration: InputDecoration(
-                          labelText: _affiliationType == 'AFFILIATE'
-                              ? tr('ui.userfront.signup.profile.department')
-                              : tr(
-                                  'ui.userfront.signup.profile.department_optional',
-                                ),
-                          border: const OutlineInputBorder(),
-                        ),
-                      ),
-                    ),
                  ],
                ),
              ),
@@ -2313,15 +2258,7 @@ Matters not expressly provided in this Policy are governed by the Company's inte
      canGoNext = true;
    }
    if (_currentStep == 3) {
-      final nameOk = _nameController.text.trim().isNotEmpty;
-      if (_affiliationType == 'GENERAL') {
-        canGoNext = nameOk;
-      } else {
-        // AFFILIATE 필수: 이름 + 가족사 선택 + 부서명
-        final companyOk = _companyCode != null;
-        final deptOk = _deptController.text.trim().isNotEmpty;
-        canGoNext = nameOk && companyOk && deptOk;
-      }
+      canGoNext = _nameController.text.trim().isNotEmpty;
    }

    return Scaffold(